Partner fields

The following are the fields for adding or editing partners in the Central Governance user interface. If you edit an existing partner definition that is used in a flow, a message displays when you click Save indicating the impact on the flow.

See Manage partners for actions you can perform and the possible impact on existing flows.

General information

Only the partner name field is required in the general information section for a partner. All other fields — tags, description, address, phone, email — are optional.

Server communication profiles

A server communication profile contains the technical details for a client to connect to the partner's server via a specified protocol. A partner can have multiple communication profiles. Minimally, a partner must have at least one profile to transfer files as defined in flows configured in Central Governance and deployed to products.

A communication profile requires a unique name. This is the name you can select when defining a protocol in a flow. Optionally, you can specify tags and a description.

The user interface warns if you try to add a duplicate profile name. Names are unique by the objects related to them. For example, a name for a partner profile must be unique for a specific partner. But the same name could be used for another partner.

The following describes the fields by protocol. To add multiple profiles, click Add communication profile.

PeSIT

Network protocol

Indicates the network protocol to use. Only TCP is available with SFTP.

  • TCP - The Transmission Control Protocol (TCP), one of the core protocols of the Internet protocol suite (IP), is often called TCP/IP. TCP provides reliable, ordered and error-checked delivery of a stream of octets between programs running on computers connected to a local area network, intranet or the public Internet. It resides at the transport layer.
  • pTCP - The parallel Transmission Control Protocol (pTCP) is an end-to-end transport layer protocol that supports striped connections.
  • UDT - The UDP-based Data Transfer Protocol (UDT) is a high performance data transfer protocol designed for transferring large volumetric data sets over high-speed wide-area networks.

Host

URL of the PeSIT server. You can specify multiple hosts separated by commas.

Note   If you define multiple hosts in a partner sever communication profile for a SecureTransport flow, only the first IP address (host) in the list is deployed on the SecureTransport.

Port

Port on which the server listens for connection requests.

PeSIT login

User name for connecting to the server.

Password and confirm password

Password for connecting to the server.

Enable SSL/TLS

Indicates whether the connection is secured via SSL or TLS.

Preconnection id

The preconnection identifier to use when the partner interacts with a SecureTransport.

Preconnection password

The password associated with the partner's Preconnection id.

Client authentication required

If SSL/TLS is enabled, indicates whether to use the client's public key certificate to authenticate the client to the server.

Yes means the server and the client must be authenticated.

No means only the server must be authenticated.

Optional means the server and the client must be authenticated but both SSL and non-SSL connections are enabled. If the client requests SSL but the client certificate verification fails, the client is allowed to log in with a user name and password.

Server authentication

If SSL/TLS is enabled, upload a file containing the server's public key certificate or reuse an existing certificate. For a new certificate, get the certificate file from the server administrator. Supported file types are DER, CER, CRT and P7B.

For a new certificate, specify an alias for it. This enables you to use the same certificate in multiple profiles. The certificate alias must be unique at the product configuration level.

Enable FIPS transfer mode

When SSL/TLS is enabled, indicates whether Federal Information Processing Standards (FIPS) is enabled for transfers. When enabled, the sender and the receiver must use FIPS-compliant ciphers and ciphers suites. Transfers fail if the sender and receiver do not provide them.

SFTP

Host

The IP address or fully qualified domain name of the server. You can specify multiple hosts separated by commas.

Port

Port on which the server listens for connection requests.

Client authentication

Indicates the method for authenticating clients to the server.

  • Password - The user name and password for connecting to the server is used to authenticate the client.
  • Public key - The client's public key is used to authenticate to the server.
  • Password or public key - The public key or password can be used by clients to authenticate to the server.

Server verification

Indicates if verification is necessary:

  • Yes (default): A stored public key or a fingerprint is required.
  • No: Neither a stored public key nor a fingerprint is required.

Stored public key

Upload a file containing the public key or select an existing key.

For a new key, specify an alias for it. This enables you to use the same certificate in multiple profiles. The alias must be unique at the product configuration level.

The user interface warns if you try to add a duplicate alias. Aliases are unique by the objects related to them. For example, an alias for a partner certificate must be unique for a specific partner, but the same alias could be used for another partner.

Fingerprint

You can use a fingerprint to authenticate a partner instead of a partner public key. This option is available when Client authentication is set to either Public key or Public Key or Password.

The fingerprint is deployed in the SecureTransport client communication profile that communicates with the partner, in the SSH Transfer site.

Supported fingerprint algorithms are MD5, SHA-1 and SHA-256. The fingerprint value must start with the hashing algorithm name: 'hashing_algorithm':'certificate_ssh_fingerprint_hash'

Examples

    MD5:d5:a8:0d:b8:f5:27:3e:89:3c:f3:10:25:3f:57:1f:4d

    SHA-1:fe:6e:92:db:3e:f1:98:f2:95:98:b7:a4:2a:a2:96:b6:f3:a8:3e:b4

    SHA256:ab:54:d5:2c:27:30:a1:be:f9:49:62:85:45:6c:af:c0:5b:7c:2a:59:ea:ee:f8:06:6c:50:65:07:42:c8:7a:14

    SHA256:q1TVLCcwob75SWKFRWyvwFt8Klnq7vgGbFBlB0LIehQ=

See also, SFTP client communication profile

Enable FIPS transfer mode

When SSL/TLS is enabled, indicates whether Federal Information Processing Standards (FIPS) is enabled for transfers. When enabled, the sender and the receiver must use FIPS-compliant ciphers and ciphers suites. Transfers fail if the sender and receiver do not provide them.

FTP

Host

The IP address or fully qualified domain name of the server. You can specify multiple hosts separated by commas.

Port

Port on which the server listens for connection requests.

Connection mode

Indicates whether the connection mode is active, passive or both. The server initiates the session in active mode, while the client initiates in passive mode. Both means the server or client can initiate the session.

Port range

If the connection mode is passive or both, specify the range of ports for the server to listen for connections.

Enable SSL/TLS

Indicates whether the connection is secured via SSL or TLS.

Client authentication required

If SSL/TLS is enabled, indicates whether to use the client's public key certificate to authenticate the client to the server.

Yes means the server and the client must be authenticated.

No means only the server must be authenticated.

Optional means the server and the client must be authenticated but both SSL and non-SSL connections are enabled. If the client requests SSL but the client certificate verification fails, the client is allowed to log in with a user name and password.

Security mode

Indicates whether the security mode is explicit or implicit.

FTP supports two methods to accomplish security through a sequence of commands passed between two computers. The sequence is initiated with explicit (active) or implicit (passive) security.

  • Explicit: The initial connection is unencrypted. To establish the secure link, explicit security requires the FTP client to issue a specific command to the FTP server after establishing a connection. The default FTP server port is used.
  • Implicit: Implicit security begins with a secure connection as soon as the FTP client connects to an FTP server. The FTP server defines a specific port for the client to be used for secure connections.
  • Both: Incoming connections can be handled in explicit or implicit mode.

Server authentication

If SSL/TLS is enabled, upload a file containing the server's public key certificate or reuse an existing certificate. For a new certificate, get the certificate file from the server administrator. Supported file types are DER, CER, CRT and P7B.

For a new certificate, specify an alias for it. This enables you to use the same certificate in multiple profiles.

The user interface warns if you try to add a duplicate alias. Aliases are unique by the objects related to them. For example, an alias for a partner certificate must be unique for a specific partner. But the same alias could be used for another partner.

Enable FIPS transfer mode

When SSL/TLS is enabled, indicates whether Federal Information Processing Standards (FIPS) is enabled for transfers. When enabled, the sender and the receiver must use FIPS-compliant ciphers and ciphers suites. Transfers fail if the sender and receiver do not provide them.

HTTP

Server address format

Specify the server with a URL or a host-name pair.

URLs

If the URL format is selected, enter one or more URLs separated by commas. The expected pattern for a URL is: http://{host}:{port}

Host

If the host-port format is selected, enter one or more computer names separated by commas.

Port

If the host-port format is selected, enter the port that the specified server or servers listen for connections. You can enter only one port number.

HTTP methods

Select one or more methods for transferring data:

PUT requests the enclosed entity be stored under the supplied URI. If it refers to an existing resource, the URI is changed. If the URI does not point to an existing resource, the server can create the resource with that URI.

POST requests the server accept the entity enclosed in the request as a new subordinate of the web resource identified by the URI. The data POSTed might be, for example, an annotation for existing resources.

GET requests a representation of the specified resource. Requests using GET should only retrieve data and should have no other effect.

Profile is non-generic HTTP

Yes use to define an HTTP server communication profile that can only be used when the partner is SecureTransport.

No use to define a generic HTTP server communication profile.

Enable form-based authentication

Yes enables form-based authentication for the generic HTTP protocol. This enables the connector to use form-based authentication to connect to the external partner.

No disables form-based authentication for generic HTTP.

URL path

The URL path to the server that provides the form for authentication. This field is mandatory when using form-based authentication.

Method

The HTTP method to be used when uploading files to a remote server. This field is mandatory when using form-based authentication.

Headers

The HTTP headers that are added in the request for upload. The format is header1=value1#!#CVD#!#header2=value2#!#CVD#!#

Where #!#CVD#!# is used as a separator between the header and the value pair.

This field is mandatory when using form-based authentication.

Enable SSL/TLS

Indicates whether the connection is secured via SSL or TLS.

Client authentication required

If SSL/TLS is enabled, indicates whether to use the client's public key certificate to authenticate the client to the server.

Yes means the server and the client must be authenticated.

No means only the server must be authenticated.

Optional means the server and the client must be authenticated but both SSL and non-SSL connections are enabled. If the client requests SSL but the client certificate verification fails, the client is allowed to log in with a user name and password.

Server authentication

If SSL/TLS is enabled, upload a file containing the server's public key certificate or reuse an existing certificate. For a new certificate, get the certificate file from the server administrator. Supported file types are DER, CER, CRT and P7B.

For a new certificate, specify an alias for it. This enables you to use the same certificate in multiple profiles.

The user interface warns if you try to add a duplicate alias. Aliases are unique by the objects related to them. For example, an alias for a partner certificate must be unique for a specific partner. But the same alias could be used for another partner.

Enable FIPS transfer mode

When SSL/TLS is enabled, indicates whether Federal Information Processing Standards (FIPS) is enabled for transfers. When enabled, the sender and the receiver must use FIPS-compliant ciphers and ciphers suites. Transfers fail if the sender and receiver do not provide them.

Related topics

Partners

Manage partners

 

Central Governance | Document Directory

Related Links