Central Governance 1.1.3 Users Guide Save PDF Selected topic Selected topic and subtopics All content Transfer CFT partner template When a flow using Transfer CFTs is deployed, Central Governance deploys on each Transfer CFT the definition of the partners defined in the flow. There are three Transfer CFT partner objects involved: CFTPART, CFTTCP, and and CFTSSL (when using mutual authentication). When flows use mutual authentication, two Transfer CFT PKI objects are created on each Transfer CFT: PKICER and PKIENTITY. (A PKI entity is created for each new CFTSSL, where the entity includes the root certificate aliases used in flows. The entity alias is included in the ROOTCID field in the CFTSSL object.) For each CFTPART, Central Governance sets values for the fields ID, NRPART, NRPASSW, NSPART, NSPASSW, PROT, SAP, and SSL (SSL if mutual authentication is used). The NSPASSW/NRPASSW is either generated or configured in the Transfer CFT static configuration. For each CFTTCP, Central Governance sets values for the fields ID, CLASS, HOST, CNXIN, CNXOUT, CNXINOUT. For each CFTSSL, Central Governance sets values for the fields ID, DIRECT, VERSION, KEYTEXT, CIPHLIST, USERCID, VERIFY, ROOTCID (includes alias of PKI certificate or/and PKI entity) and ORIGIN. All other CFTTCP, CFTPART, and CFTSSL fields use the default values. You can overwrite the following fields by editing the com.axway.cmp.cgcft-default.cfg file at <install directory\runtime\com.axway.nodes.ume_<UUID>\conf. Changing this file does not require restarting Central Governance. Changes apply only to flows defined after the file is edited. You can overwrite the following fields with values from the partner template configuration file. Note After creating a partner template, values from it are pushed only to flows created between new partners that did not previously exist. Note If you accidentally remove a template value (for example, cft.partner.cnxin= ) leaving it empty, this breaks the partner template and you must restart Central Governance to recover the functionality. Transfer CFT field Corresponding property in Central Governance configuration file Central Governance value Default Central Governance value if not set CFTPART - ID Name of the Transfer CFT partner. %HOSTNAME% (product host as it appears in the product list) Note Flows with relays that have store and forward enabled and acknowledgments disabled are not supported when using the cft.partner.id=%HOSTNAME% in a partner template. STRING max_length=32 CFTTCP – CNXIN, CNXOUT, CNXINOUT cft.partner.cnxin cft.partner.cnxout cft.partner.cnxinout 0..1000 CFTTCP – RETRYW, RETRYM, RETRYN cft.partner.retryw cft.partner.retryn cft.partner.retrym 0..32767 RETRYW = '1', RETRYM ='30', RETRYN ='20' CFTPART - COMMENT cft.partner.comment STRING or {%application.<comment1>%} Where application.<comment1> refers to an application custom attribute. See Note. If multiple applications are defined for the same Transfer CFT, the application custom attribute from the application used in the most recently deployed flow is used. STRING max_length=80 CFTPART - GROUP cft.partner.group STRING or {%application.<group1>%} Where application.<group1> refers to an application custom attribute. See Note. If multiple applications are defined for the same Transfer CFT, the application custom attribute from the application used in the most recently deployed flow is used. STRING max_length=32 CFTSSH - HMAC cft.ssh.hmac List of accepted HMAC (keyed-hash message authentication code). Possible values are: HMAC-SHA2-512,HMAC-SHA2-256,HMAC-SHA1, NONE None The default Central Governance value is used if any property or value is missing. *A PKI entity is created for each new CFTSSL, where the entity includes the root certificate aliases used in flows. The entity alias is included in the ROOTCID field in the CFTSSL object. Note For more information, see Application custom attributes and Use custom attributes. Related topics Transfer CFT flow concepts Transfer CFT as relay in PeSIT flows Transfer CFT flow transfer modes Flow conversion, validation Transfer CFT store and forward Transfer CFT broadcast and collect Transfer CFT bandwidth allocation Transfer CFT track a copied file Central Governance | Document Directory Related Links
Transfer CFT partner template When a flow using Transfer CFTs is deployed, Central Governance deploys on each Transfer CFT the definition of the partners defined in the flow. There are three Transfer CFT partner objects involved: CFTPART, CFTTCP, and and CFTSSL (when using mutual authentication). When flows use mutual authentication, two Transfer CFT PKI objects are created on each Transfer CFT: PKICER and PKIENTITY. (A PKI entity is created for each new CFTSSL, where the entity includes the root certificate aliases used in flows. The entity alias is included in the ROOTCID field in the CFTSSL object.) For each CFTPART, Central Governance sets values for the fields ID, NRPART, NRPASSW, NSPART, NSPASSW, PROT, SAP, and SSL (SSL if mutual authentication is used). The NSPASSW/NRPASSW is either generated or configured in the Transfer CFT static configuration. For each CFTTCP, Central Governance sets values for the fields ID, CLASS, HOST, CNXIN, CNXOUT, CNXINOUT. For each CFTSSL, Central Governance sets values for the fields ID, DIRECT, VERSION, KEYTEXT, CIPHLIST, USERCID, VERIFY, ROOTCID (includes alias of PKI certificate or/and PKI entity) and ORIGIN. All other CFTTCP, CFTPART, and CFTSSL fields use the default values. You can overwrite the following fields by editing the com.axway.cmp.cgcft-default.cfg file at <install directory\runtime\com.axway.nodes.ume_<UUID>\conf. Changing this file does not require restarting Central Governance. Changes apply only to flows defined after the file is edited. You can overwrite the following fields with values from the partner template configuration file. Note After creating a partner template, values from it are pushed only to flows created between new partners that did not previously exist. Note If you accidentally remove a template value (for example, cft.partner.cnxin= ) leaving it empty, this breaks the partner template and you must restart Central Governance to recover the functionality. Transfer CFT field Corresponding property in Central Governance configuration file Central Governance value Default Central Governance value if not set CFTPART - ID Name of the Transfer CFT partner. %HOSTNAME% (product host as it appears in the product list) Note Flows with relays that have store and forward enabled and acknowledgments disabled are not supported when using the cft.partner.id=%HOSTNAME% in a partner template. STRING max_length=32 CFTTCP – CNXIN, CNXOUT, CNXINOUT cft.partner.cnxin cft.partner.cnxout cft.partner.cnxinout 0..1000 CFTTCP – RETRYW, RETRYM, RETRYN cft.partner.retryw cft.partner.retryn cft.partner.retrym 0..32767 RETRYW = '1', RETRYM ='30', RETRYN ='20' CFTPART - COMMENT cft.partner.comment STRING or {%application.<comment1>%} Where application.<comment1> refers to an application custom attribute. See Note. If multiple applications are defined for the same Transfer CFT, the application custom attribute from the application used in the most recently deployed flow is used. STRING max_length=80 CFTPART - GROUP cft.partner.group STRING or {%application.<group1>%} Where application.<group1> refers to an application custom attribute. See Note. If multiple applications are defined for the same Transfer CFT, the application custom attribute from the application used in the most recently deployed flow is used. STRING max_length=32 CFTSSH - HMAC cft.ssh.hmac List of accepted HMAC (keyed-hash message authentication code). Possible values are: HMAC-SHA2-512,HMAC-SHA2-256,HMAC-SHA1, NONE None The default Central Governance value is used if any property or value is missing. *A PKI entity is created for each new CFTSSL, where the entity includes the root certificate aliases used in flows. The entity alias is included in the ROOTCID field in the CFTSSL object. Note For more information, see Application custom attributes and Use custom attributes. Related topics Transfer CFT flow concepts Transfer CFT as relay in PeSIT flows Transfer CFT flow transfer modes Flow conversion, validation Transfer CFT store and forward Transfer CFT broadcast and collect Transfer CFT bandwidth allocation Transfer CFT track a copied file Central Governance | Document Directory