Transfer CFT configuration in Central Governance and CFTUTIL

The following tables describe the Transfer CFT fields that can be configured in the Central Governance user interface and the corresponding Transfer CFT CFTUTIL parameters. Default Central Governance values are underlined.

See Transfer CFT command list and syntax in the Transfer CFT user guide for a list of Transfer CFT commands, syntax and parameters.

Name Unique identifier for the new definition.

Network

CG field CG values CFTUTIL parameter Description
Interface Any | Any IPv4 | Any IPv6 | Address CFTNET - HOST = INADDR_ANY | IN6ADDR_ANY | IN4ADDR_ANY | string

Networking IP address of the local resource (an entity through which connections can be established).

Note Address is not available when creating a policy.

Network > network protocols

CG field CG values CFTUTIL parameter Description
Use <network protocol> TCP | pTCP | UDT CFTPARM - NET (network)

Creates a network protocol section in Central Governance, and in Transfer CFT creates a CFTNET object with TYPE=TCP and:

  • ID=<name of the network protocol:TCP, pTCP, or UDT>1
  • CLASS= =<Next available class number within the defined CFTNETs on the Transfer CFT>

When you set the network protocol to YES and activate it, the CFTNET object is referenced in the list of active networks for the current CFTPARM, and it is taken into account during transfer execution.

Note UDT and pTCP are not supported on Transfer CFTs running on z/OS or IBM i computers.
Status Active | Inactive N/A

Indicates if the corresponding network protocol is active.

Interface out N/A CFTNET - SRCHOST

Interface on which outgoing calls occur. Enter a string of up to 64 characters.

Ports out

TCP only

0-65535 (5000-65535)

pTCP/UDT

5000-65535 (5000-65535)

CFTNET - SRCPORTS = (6000-6009,6010-6019,6020-6030)

Defines the outgoing port ranges. Enter a list of ports containing up to 16 ranges, or, alternatively, you can leave this field empty (for an ephemeral port).

Note If you specify a port lower than 1024, a message displays reminding you that operating systems may have reserved ports in the range from 0 to 1024; additionally, some ports in this range could already be in use.
Number of connections 1-2000 (128) CFTNET - MAXCNX The maximum number of simultaneous connections that Transfer CFT accepts to establish on a given network resource.

Network > protocols

The following fields display when you select Add PeSIT or Add SFTP. Creating a protocol automatically creates a server communication profile of the same type.

CG field CG values CFTUTIL parameter Description
Name PeSIT | SFTP CFTPARM - PROT ('prot' list)

When you add a protocol in Central Governance, a PROT object of type PeSIT or SFTP is created on Transfer CFT with:

ID=<name>

NET=<ID_CFTNET>

Status Active | Inactive NA

Indicates if the protocol and corresponding communication profiles are active.

When you make the protocol Active, the CFPROT object is referenced in the list of active protocols of the current CFTPARM and it is taken into account during transfers execution.

Note You cannot activate a protocol that is linked to an inactive network protocol. To activate, first activate the related network protocol.
Mode

BOTH | Client | Server

 

CG 

Transfer CFT

BOTH

SRIN = BOTH, SROUT=BOTH

Client

SRIN = NONE, SROUT=BOTH
Server SRIN = BOTH, SROUT=NONE

The protocol type is applied to the selected option. You cannot modify the type once set.

  • Both - A bidirectional protocol definition, meaning you can use it as a client or server
  • Client - A requester (no defined port)
  • Server - A passive server (port required)
Note   Select the type Both if you plan to use acknowledgments.
Type N/A N/A Non-editable field that is set to the value of the protocol type you selected.
Port 1-65535 CFTPROT SAP Define the port number for this protocol.
Network protocol TCP | pTCP | UDT The type of CFTNET associated with the defined protocol

The associated network protocol.

Displayed options depend on the protocols that you selected in the Network protocol section.

PeSIT security fields
Enable security No | Yes CFTPROT - SSL When enabled (set to Yes), the following field displays.
Server authentication Use existing private certificate / Upload new private certificate N/A

Options include:

  • Use existing private certificate: Select the certificate alias from a list of known certificates usable for the server. The security profile is then displayed and cannot be modified.
  • Upload new private certificate: Use the Browse button to navigate to the Private certificate, where the supported file format is P12 (PKCS#12).
Select private certificate No default N/A

Select the p12 certificate from the drop-down list.

Private certificate No default N/A
  • The supported file format is P12 (PKCS#12) with a 29 characters maximum length.
  • SSL security profile SSL_DEFAULT CFTPROT SSL (ID)
  • Enter a unique name as the security profile (CFTSSL); use a name that is not already in use and contains no more than 29 characters.
  • SSL parameter No default CFTSSL PARM

    Free-form parameter associated with the security profile.

    Note If you register a Transfer CFT that has two instances of an CFTSSL (one with DIRECT=server and one with DIRECT=client), and where the PARM values are different, the protocol or configuration will not function correctly.
    CA certificate alias No default ROOTCID Only applicable when using RACF.
    SFTP security fields
    Server authentication Use existing private key | Upload new private key N/A

    Options include:

    • Use existing private key: Select the key alias from a list of known keys for the server.
    • Upload new private key: Use the Browse button to navigate to the Private certificate, where the supported file format is P8 (PKCS#8).
    File password No default N/A Enter the password for the PKCS#8 certificate that you upload.
    Key alias Name of the uploaded file   Optionally you can modify the private key alias.
    SSH security profile N/A CFTSSH (ID)

    Enter a unique name as the security profile (CFTSSH); use a name that is not already in use and contains no more than 29 characters.

    Network > communication profile > add server communication profile

    CG field CG values CFTUTIL parameter Description
    Name   CFTSSH - DIRECT = SERVER Enter a name for the communication profile.
    Status Non-editable field. N/A

    Non-editable field. The value is inherited from the associated protocol.

    Protocol name The first protocol in the protocols list by default. CFTPARM - PROT ('prot' list)

    When you add a protocol in Central Governance, a PROT object is created on Transfer CFT with:

    ID=<ID_CFTNET>+<if No security:1;2>

    NET=<ID_CFTNET>

    Protocol type Non-editable field. CFTPROT - TYPE Inherited and non-editable protocol, which is used for this communication profile.
    Public host Product hostname by default. CFTTCP - HOST Fully qualified domain name or IP address of Transfer CFT accessed by internal or external network. By default uses the product hostname.
    Public port Protocol port by default. CFTPART - SAP Server communication profile port. Range of values: 1025-65535.
    Network protocol Non-editable field. CFTPARM - NET (network)

    The value is inherited from the protocol.

    Incoming connections 2 CFTTCP - CNXIN Defines the maximum number of sessions for incoming connections.
    Outgoing connections 2 CFTTCP - CNXOUT Defines the maximum number of sessions for outgoing connections.
    Total connections 4 CFTTCP - CNXINOUT Defines the maximum number of communication sessions.

    Note: Upgrading to SP14 may impact the cft.partner.retry parameters in the template file if set to 0. If so, please check in the communication profiles and reset as needed.

    Time between two retries 1 CFTTCP – RETRYW The interval in minutes between two reconnection attempts.
    Maximum number of retries 30 CFTTCP – RETRYM Maximum number of retries.
    Number of retries 20 CFTTCP – RETRYN

    Number of retries prior to increasing the time interval.

    PeSIT fields
    Login Auto-generated  and uses the product name by default. CFTPART - NRPART Enter a value having a maximum of 24 characters, corresponding to the protocol as defined in the Protocol type field.
    Password Auto-generated by default. CFTPART - NRPASSW Maximum of 8 characters.
    Enable security The value is inherited from the associated protocol. CFTPART - SSL

    The value is inherited from the associated protocol. When enabled, you can use the Display button to view certificate details.

    SFTP fields
    Client authentication    

    Options:

    • Password or public key
    • Public key
    • Password
    Server authentication Non-editable field. N/A Non-editable field. The value is inherited from the associated protocol.

    Network > communication profile > add client communication profile

    CG field CG values CFTUTIL parameter Description
    Name   CFTSSH - DIRECT = CLIENT Enter a name for the communication profile.
    Status Active | Inactive N/A

    Non-editable field. The value is inherited from the associated protocol.

    Protocol name Drop-down list of available protocols. CFTPARM - PROT ('prot' list)

    Select from the available protocols (you cannot define a new protocol in a communication profile).

    Protocol type Non-editable field. CFTPROT - TYPE

    The value is inherited from the protocol.

    Network protocol Non-editable field. CFTPARM - NET The value is inherited from the network protocol definition.
    Incoming connections 2 CFTTCP - CNXIN Defines the maximum number of sessions for incoming connections.
    Outgoing connections 2 CFTTCP - CNXOUT Defines the maximum number of sessions for outgoing connections.
    Total connections 4 CFTTCP - CNXINOUT Defines the maximum number of communication sessions.
    Time between two retries 1 CFTTCP – RETRYW The interval in minutes between two reconnection attempts.
    Maximum number of retries 30 CFTTCP – RETRYM Maximum number of retries.
    Number of retries 20 CFTTCP – RETRYN Number of retries prior to increasing the time interval.
    PeSIT fields
    Login Auto-generated  and uses the product name by default. CFTPART - NSPART Enter a value having a maximum of 24 characters, corresponding to the protocol as defined in the Protocol type field.
    Password Auto-generated by default. CFTPART - NSPASSW Maximum of 8 characters.
    Enable security

    Non-editable field when disabled for the selected protocol.

    CFTSSL - ID

    The value is inherited from the associated protocol. When enabled, you can use the Display button to view certificate details.

    SFTP fields
    Client authentication  

    SSH 

    DIRECT=CLIENT CLIPRIVKEY

    When SSL/TLS is enabled, the following editable fields display:

    • Use existing private key: Select the certificate alias from a list of known certificates in the Select private certificate field.
    • Upload new private key: Use the Browse button to navigate to the key, where the supported file format is P8 (PKCS#8). You must then complete the Security profile field.
    Login  

    CFTPART

    NSPART

    Enter a value of up to 24 characters, which may contain alphanumeric and !$%()+-./:;=?@ []^_{|}~ characters.
    Client authentication   N/A
    • Upload new private key: Use the Browse button to navigate to the key, where the supported file format is P8 (PKCS#8).
    • Use existing key
    Password  

    CFTPART 

    NSPASSW

    Enter a value of up to 24 characters, which may contain alphanumeric characters and include !$%()+-./:;=?@ []^_{|}~
    Confirm password   " " Re-enter the password.

    Network > general

    CG field CG values CFTUTIL parameter Description
    Maximum file access tasks

    For versions 3.4 and higher:

    • UNIX: 1-64 (16)
    • Windows: 1-64 (1)
    • HP NonStop: 1-64 (64)
    • z/OS (MVS): 1-400 (400)
    • IBM i (OS/400): 1-64 (16)

    For versions 3.3.2 and lower:

    • UNIX: 1-64
    • Windows: 1-64
    • HP NonStop: 1-64
    • z/OS (MVS): 1-400
    • IBM i (OS/400): 1-32

    The default values are the same for all versions.

    CFTPARM, MAXTASK

    The maximum number of file access tasks that handle simultaneous transfers. The value must be lower or equal to the Maximum simultaneous transfers value.

    See Note*

    Maximum transfers for a task

    For versions 3.4 and higher:

    • Windows: 1-1000 (128)
    • UNIX: 1-64 (16)
    • HP NonStop: 1- 64 (64)
    • z/OS (MVS): 1-64 (14)
    • IBM i (OS/400): 1-64 (16)

    For versions 3.3.2 and lower:

    • Windows: 1-999
    • UNIX: 1-64
    • HP NonStop: 1- 64
    • z/OS: 1-14
    • IBM i: 1-32

    The default values are the same for all versions.

    CFTPARM, TRANTASK

    The maximum number of parallel transfers that a task can handle before starting another file access task.

     

    The MAXTASK multiplied by TRANTASK should be less than or equal to MAXTRANS.

    See Note*

    Inactivity timeout

    z/OS only

    1- 1441 (1441) CFTPARM, WAITTASK

    Interval in minutes before an inactive task is closed.

    Displays only on z/OS systems, and is enabled only if User for file access is set to Transfer CFT system account.

    See Note*

    Maximum simultaneous transfers

    For version 3.4 and higher:

    • Windows: 2-1000 (128)
    • Unix: 2-1000 (256)
    • IBM i (OS/400): 2-1000(256)
    • HP NonStop: 2-1000 (1000)
    • z/OS: 2-1000 (1000)

    For version 3.3.2 and lower:

    • Windows: 2-1000
    • Unix: 2-1000
    • IBM i: 2-990
    • HP NonStop: 2-1000
    • z/OS: 2-990 (990)

    Default values are the same for all versions except as noted.

    CFTPARM - MAXTRANS

    The maximum number of simultaneous connections that Transfer CFT accepts to establish for a network resource.

    See Note*

    Disconnect timeout 0-3600 (60) CFTPROT - DISCTR, DISCTC The wait timeout in seconds for either a response to the protocol connection request or to the partner in the connection before disconnecting.
    Attempts to restart transfer 0-32767 (5) CFTPROT - RESTART The maximum number of times that Transfer CFT attempts to restart a transfer.
    IPv6 mode Client | Server | Both | None UCONF - ipv6.disable_connect, ipv6.disable_listen IPv6 resolution for host names when Transfer CFT is acting as a client, a server, both, or none.
    Max number of SSL tasks 0-64 (8) CFTPARM - SSLMTASK The maximum number of SSL tasks that can execute simultaneously.
    Max number of transfers per SSL task

    Windows: 1 - 1000 (3)

    All other systems: 1 - 63 (3)

    CFTPARM - SSLTTASK The maximum number of simultaneous network sessions guaranteed by an SSL task (default = 3). Above this number, a new task is created, if necessary.
    SSL task inactivity timeout 1 - 1441 (1441) CFTPARM - SSLWTASK Set the inactivity time, in minutes, of the SSL task. Beyond this value, the task is shut down.
    Note *After upgrading Central Governance to SP1 or higher, the pin/lock option changes from only Maximum simultaneous transfers to also include Maximum file access tasks, Maximum number of transfers per task, and Inactivity timeout. This means that if you have a policy pinned to this field, upgrading forces the default values to be pushed to the 3 new fields.

    Network > general > keep alive between transfers

    CG field CG values CFTUTIL parameter Description
    Client 0-3600 (10) CFTPROT - DISCTD The time to keep the session active between transfer activity on the client.
    Server 0-3600 (60) CFTPROT - DISCTS The time to keep the session active between transfer activity on the server.

    Network > pTCP

    CG field CG values CFTUTIL parameter Description
    Number of parallel connections 1-1024 (10) UCONF - acceleration.ptcp.<netid>.nb_connections The maximum number of striped connections.
    Packet size (3000) UCONF - acceleration.ptcp.<netid>.packet_size pTCP packet size in bytes.
    Buffer size (10) UCONF - acceleration.ptcp.<netid>.buffer_size Internal acceleration buffer size in MB.

    Network > UDT

    CG field CG values CFTUTIL parameter Description
    Buffer size (10) UCONF - acceleration.udt.<netid>.buffer_size Internal acceleration buffer size in MB.

    Network > PeSIT tuning > transmission

    CG field CG values CFTUTIL parameter Description
    Compression Yes | No

    CFTPROT - SCOMP, RCOMP

    Yes - 15

    No - 0

    Use compression on file transfers.

    Note If you defined compression on Transfer CFT prior to registering with Central Governance, the default value of "No [compression]" overwrites any preexisting definition when you register. That is, compression is disabled when Transfer CFT registers with Central Governance. To enable, you must set compression from the Central Governance UI.
    Inactivity timeout 0-3600 (260) CFTPROT - rto Network monitoring timeout in seconds, excluding the protocol connection/disconnection/break phase. 0 means infinite.

    Network > PeSIT tuning > synchronization

    CG field CG values CFTUTIL parameter Description
    Acknowledgment window size 0-16 (3) CFTPROT - SCHKW, RCHKW The window size setting the number of sync points that can occur.
    Data transferred between sync points 0-32767 (32767) CFTPROT - SPACING, RPACING The number of KB transferred between sync points.

    PeSIT password

    CG field CG values CFTUTIL parameter Description
    PeSIT password String of max 8c

    CFTPART – NSPASSW

    (CFTPART – NRPASSW)

    Indicates the PeSIT password for the local partner. If the current Transfer CFT sends files or receives files from another Transfer CFT, the latter will contain this value in the CFTPART – NRPASSW parameter for the partner that corresponds to the current Transfer CFT.

    Bandwidth allocation

    CG field CG values CFTUTIL parameter Description
    Enable Yes | No UCONF - cft.server.bandwidth.enable Manage data rates and the network bandwidth used for incoming and outgoing data in your flows.
    Global data rate Unlimited | Limited UCONF - cft.server.bandwidth.cos.0.max_rate_in, cft.server.bandwidth.cos.0.max_rate_out Specifies limits on the rates of incoming and outgoing data. Allows setting, in kilobytes per second, the maximum for the rates of incoming and outgoing data.
    Maximum incoming (global data rates is limited) UCONF - cft.server.bandwidth.cos.0.max_rate_in The maximum limit for incoming data transfer rates.
    Maximum outgoing (global data rates is limited) UCONF - cft.server.bandwidth.cos.0.max_rate_out The maximum limit for outgoing data transfer rates.

    Bandwidth allocation > priority

    Bandwidth allocation per priority level.

    CG field CG values CFTUTIL parameter
    High 80%

    UCONF -

    cft.server.bandwidth.cos.1.weight_in

    cft.server.bandwidth.cos.1.weight_out

    Medium 15%

    UCONF -

    cft.server.bandwidth.cos.2.weight_in

    cft.server.bandwidth.cos.2.weight_out

    Low 5%

    UCONF -

    cft.server.bandwidth.cos.3.weight_in

    cft.server.bandwidth.cos.3.weight_out

    Transfer processing

    CG field CG values CFTUTIL parameter Description
    User for file access Transfer CFT system account | USERID variable CFTPARM - USERCTRL = NO | YES

    Specifies the account that is used to read/write files transferred.

    User for script execution Transfer CFT system account | USERID variable UCONF - cft.server.exec_as_user = NO | YES

    Specifies the account that is used to execute scripts.

    This parameter is not supported on Transfer CFTs running on IBM i computers.

    For an unknown flow Use the system default | Reject request UCONF - cft.default_idf.enable = YES | NO The action to take if the flow is unknown.
    Transmit files individually Always | When necessary UCONF - cft.server.force_heterogeneous_mode = YES | NO Whether the transmission of a group of files is done by individual file, or grouped when possible.
    When requesting all files Stop on error | Continue CFTPARM - RCVALLER = STOP (Stop on error) | CONTINUE (Continue) The action to take if any of the transfers fail.
    On error when transferring multiple files Continue transfer | Abort transfer CFTPARM - SNDINDFILEERR = CONTINUE | ABORT Defines the policy for a group-of-files type of transfer if there is an error.
    • Continue transfer (default): Keep the existing behavior, which creates as many transfer requests as there are lines in the input file.
    • Abort transfer: If the input is not a file, this gives the current transfer aborts and no other child requests are created.

    Transfer processing > When file exists

    Configure post-transfer file renaming on the receiver side of a flow.

    CG field UCONF parameter Description
    Retry frequency

    cft.server.transfer.rrename.retry_delay

    Delay in seconds between two retries for renaming. If the file is not successfully renamed after the first retry_delay, the time doubles for the next retry period. For example, if the file is not renamed after 60 seconds (when using the default value), the next retry occurs in 120 seconds, and so on.

    Maximum number of retries cft.server.transfer.rrename.max_retries

    Maximum number of retries.

    Transfer processing > default scripts > source | target

    Acknowledgment is only for source.

    CG field CFTUTIL parameter Description
    Post-processing CFTPARM – EXECSF | EXECRF The file to execute after the file is sent | received.
    Acknowledgment CFTPARM - EXECSFA The file to execute after an acknowledgment is received for a sent file.
    Error CFTPARM – EXECSE | EXECRE The file to execute after an error occurs during a file transfer
    Exit task CFTEXIT- EXIT Defines the exit task script to execute.

    Transfer request mode > asynchronous

    CG field CG values CFTUTIL parameter Description
    Time between scans 1-6 (60)

    CFTCOM

    - TYPE = FILE

    - WSCAN

    Interval in seconds to scan the transfer request communication file.

    Transfer request mode > synchronous

    CG field CG values CFTUTIL parameter Description
    Enable Yes | No CFTCOM - TYPE = TCPIP Add a communication media of type synchronous.
    Host string, max 64, 127.0.0.1 by default CFTCOM - HOST The host receiving commands. If HOST is updated at deployment, ADDRLIST is set to the empty value.
    Port 1025-65535 (1765) CFTCOM - PORT The port to receive commands on.
    Maximum connections 1-1024 (256) UCONF - cft.server.cftcoms.max_connection Number of connections for the media communication.
    Secured connections Enable | Disable CFTCOM - PROTOCOL = XHTTP (Disable) | XHTTPS (Enable) Use security for the request/reply protocol on the network.
    Session timeout 0-86400 seconds or 0-1440 minutes (60 seconds) CFTCOM - DISCTS Interval in seconds or minutes the Transfer CFT waits before closing an idle connection.

    Transfer list

    CG field CG values CFTUTIL parameter Description
    Number of entries in memory 1-32000 (1000) UCONF - cft.server.catalog.cache_size The maximum number of entries in the memory buffer.
    Update during transfer Enabled | Disabled CFTCAT - UPDAT = 0 (Disabled)| 1..32767 (Enabled) Update the transfer list while a transfer is occurring
    (Update during transfer is Enabled) 1-32000 (1) sync points between updates CFTCAT - UPDAT The number of synchronization points that occur during a transfer before updating the transfer list.
    Synchronize list file when written Yes | No UCONF - cft.server.catalog.sync.enable Force the transfer list file to synchronize when Transfer CFT processes write to it.

    Transfer list > entry retention

    CG field CG values CFTUTIL parameter Description
    Purge Periodic | Daily purge | Manual UCONF - cft.purge.periodicity

    Periodically remove older entries in the transfer list.

    Purge is periodic 1-999 (1) days between purges UCONF - cft.purge.periodicity Time interval in days (x or xD), in hours (xH) or in minutes (xM) between two automatic purges of entries in the transfers catalog.
    Purge is daily 00:00:01 - 23.59.59

    CFTCAT > TIMEP

    User-defined daily purge time.

    Any time value other than 00:00:00 (reserved value) in the format {HHMMSS}.

    Purge is manual   UCONF - cft.purge.periodicity,value=0

    The transfer list will grow indefinitely if manual purge is selected and start-up purge is disabled.

    TIMEP is set to 00:00:00 if the Purge is manual.

    Purge at startup Yes | No UCONF - cft.purge.enable_on_start Defines if the system should purge the transfer list at start up.
    Purge increment 10 (minimum 10) UCONF - cft.purge.quantity Defines how many transfers to delete from the transfer list file per step.
    Keep aborted transfers Yes | No CFTCAT - RKERROR (keep | delete) Automatically delete aborted transfers without waiting for a purge.

    Transfer list > entry retention > retention period

    The period is expressed in number of days, hours or minutes.

    CG field CG values CFTUTIL parameter Description
    Completed incoming transfers 1-999 (10 UCONF -cft.purge.rx cft.purge.rt Period after which the entries of incoming transfers that were successfully executed are purged.
    Incomplete incoming transfers 1-999 (10 UCONF - cft.purge.rh, cft.purge.ry Period after which the entries of uncompleted incoming transfers are purged.
    Completed outgoing transfers 1-999 (10 UCONF - cft.purge.sx cft.purge.st Period after which the entries of outgoing transfers that were successfully executed are purged.
    Incomplete outgoing transfers 1-999 (10 UCONF - cft.purge.sh, cft.purge.sy Period after which the entries of uncompleted outgoing transfers are purged.

    CRONJOBs

    CG field CG value CFTUTIL parameter Description
    Name string, max 32, empty by default CFTCRON, id  
    Status Active / Inactive CFTCRON, state To activate CRONJOB, State should be ACTIVE. To disable a CRONJOB, State should be NOACTIVE.
    Description string, max 80, empty by default CFTCRON, comment Free comment. This comment is displayed and can be used to indicate a specific item of information (e.g. customer name, etc.)
    Filename string, max 512, empty by default CFTCRON, exec Upload / Specify the script to be executed.
    Schedule string, max 512, empty by default CFTCRON, time CRONJOB schedule syntax
    User ID string, max 32, empty by default CFTCRON, userid The user for this job procedure.
    Additional Information string, max 512, empty by default CFTCRON, parm The PARM to be used in the job execution.

    Cipher

    CG field CG values CFTUTIL parameter Description
    Minimum TLS version SSL v3.0 | TLS v1.0 | TLS v1.1 | TLS v1.2 cft.ssl.version_min The minimum version of TLS to be used by Transfer CFT in secured flows.
    TLS cipher suites

    (49200) TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

    (49199) TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

    (49192) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

    (49191) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

    (157) TLS_RSA_WITH_AES_256_GCM_SHA384

    (156) TLS_RSA_WITH_AES_128_GCM_SHA256 (61) TLS_RSA_WITH_AES_256_CBC_SHA256

    (60) TLS_RSA_WITH_AES_128_CBC_SHA256

    (53) TLS_RSA_WITH_AES_256_CBC_SHA

    (47) TLS_RSA_WITH_AES_128_CBC_SHA

    CFTSSL - CIPHLIST List of TLS cipher suites to be used by Transfer CFT in secured flows.

    Access and security > access management

    CG field CG values CFTUTIL parameter Description
    Access type None | Transfer CFT internal | PassPort | SAML am.type = none (None) | internal (Transfer CFT internal) | passport (Central Governance) | SAML Type of access management to use in Transfer CFT.
    Create process as user Yes | No copilot.misc.createprocessasuser Specifies whether Transfer CFT Copilot user must have system rights.
    REST API authentication Auto | System | XFBADM copilot.restapi.authentication

    Determines the REST API authentication type:

    • AUTO (default): Set according to am.type.
    • SYSTEM: Force the value to system.
    • XFBADM (Unix only): Force the value to xfbadm.

    Access type set to Central Governance

    CG field CG values CFTUTIL parameter Description
    Organization <any organization from Central Governance> am.passport.cg.organization Central Governance organization with users who can operate Transfer CFT.
    Superusers   am.passport.superuser List of users separated by comma with unlimited privileges on Transfer CFT.
    Check permission for transfer execution Yes | No am.passport.userctrl.check_permissions_on_transfer_execution Check whether the user has permissions to execute transfers.

    Access type set to Transfer CFT internal

    CG field CG values CFTUTIL parameter Description
    Group database SYSTEM | XFBADM am.internal.group_database

    Type of database where group members are defined. On Windows, only SYSTEM group database is supported.

    This parameter is not supported on Transfer CFTs running on z/OS and IBM i computers.

    Admin   am.internal.role.admin List of groups mapped to the administrator role.
    Application   am.internal.role.application List of groups mapped to the application role.
    Designer   am.internal.role.designer List of groups mapped to the designer role.
    Helpdesk   am.internal.role.helpdesk List of groups mapped to the helpdesk role.
    Partner manager   am.internal.role.partnermanager List of groups mapped to the partner manager role.

    Access type set to SAML

    CG field CG values CFTUTIL parameter Description
           
           
           

    Access and security > security > FIPS

    CG field CG values CFTUTIL parameter Description
    Enable Yes | No cft.fips.enable_compliance Activate FIPS security.

    Visibility

    CG field CG values CFTUTIL parameter
    Enable Yes | No UCONF - sentinel.xfb.enable

    Visibility > servers

    CG field CG values CFTUTIL parameter Description
    Enable SSL/TLS Yes | No sentinel.xfb.use_ssl = yes | no

    Specify if the connection to the monitoring server is secured.

    Certificate

    (Enable SSL/TLS is set to Yes, and Main server or Backup server is External)

    <browse certificate>   Specify the trusted certificate for the External Visibility server. The certificate is imported in the PKI database.

    Certificate alias

    (Enable SSL/TLS is set to Yes, and Main server or Backup server is External)

      sentinel.xfb.ca_cert_id Specify the trusted certificate alias as referred to in the PKI database. A “_<index>” is added at the end of the alias to avoid overlapping with existing certificates.
    Main server Internal | External

    sentinel.trkipaddr = <Sentinel host>

    sentinel.trkipport =

    • If Enable SSL/TLS = Yes, sentinel.trkipport = <Sentinel SSL server port>
    • If Enable SSL/TLS = No, sentinel.trkipport = <Sentinel server port>
    Host (Main server is External) UCONF - sentinel.trkipaddr Host for the main Sentinel server.
    Port (Main server is External) 1-65535 (1305) UCONF - sentinel.trkipport Port for the main Sentinel server.
    Backup server External | None UCONF - sentinel.*
    Host (Backup server is External) UCONF - sentinel.trkipaddr_bkup Host for the backup Sentinel server.
    Port (Backup server is External) 1-65535 (1305) UCONF - sentinel.trkipport_bkup Port for the backup Sentinel server.

    Visibility > events

    CG field CG values CFTUTIL parameter Description
    Transfer steps reported All | First and last | None UCONF - sentinel.xfb.transfer = ALL (All) sentinel.xfb.transfer = SUMMARY (first and last) sentinel.xfb.transfer = NO (None) Level of detail for message content.
    Transfer status frequency (transfer steps reported is All) Every 60 seconds UCONF - sentinel.xfb.transfer_progress_period in seconds Specify how often the transfer status is updated in seconds or minutes.
    Minimum log level Error | Fatal | Warning | Info | No log events UCONF - sentinel.xfb.log = EF (Error) | F (Fatal) | WEF (Warning) | IWEF (Info) | empty (no logs) Minimum severity level of the messages to display.
    Buffer capacity 10000 UCONF - sentinel.xfb.buffer_size (in number of messages) Maximum number of messages in Sentinel buffer.
    When buffer is full Drop new messages | Shut down UCONF - sentinel.xfb.shut sentinel.xfb.shut = 0 => Drop new messages sentinel.xfb.shut = 95 => Shut down Discard messages that exceed the buffer capacity, or shut down Transfer CFT when the Sentinel buffer is full.

    Logging

    CG field CG values CFTUTIL parameter Description
    Entry size

    Linux, Windows, and z/OS: 70-1024 (160) bytes

    OS/400: 70-256 (160) bytes

    CFTLOG - length Size of each entry in the logging file in bytes.
    Timestamp precision 1 second | 10 ms | 100 ms UCONF - cft.cftlog.time_precision The preciseness of the time displayed in the log, in seconds, 10 milliseconds or 100 milliseconds.

    Logging > file rotation

    CG field CG values CFTUTIL parameter Description
    Number of files in rotation 1-999 (3) UCONF - cft.cftlog.backup_count Number of log files used in the rotation process. This parameter is not supported on Transfer CFTs running on z/OS computers.
    Daily rotation time 00:00:00 daily time CFTLOG - switch Time of day to rotate files.
    Rotate based on size Yes | No

    CFTLOG - maxrec =

    0 (No) |

    1..999999 KB (Yes)

    Rotate log files when they reach a specific size. This parameter is based on the maxrec parameter as described in the calculation below.

    (Rotate based on size is Yes) Every 1-999999 ( 1024) KB CFTLOG - maxrec (see above)

    The size when the file rotates.

    • MAXREC = "Rotate based on size" value * 1024 / "Entry size", where the "Entry Size" is the CFTLOG macro LENGTH parameter value.
    • If the value from the above calculation exceeds 999999 (due to the entry size), the maxrec value is retained and a message entered in the Central Governance log.
    Rotate on stop Yes | No UCONF: cft.cftlog.switch_on_stop Rotate files when Transfer CFT stops.

    Folder monitoring

    CG field CG value CFTFOLDER  UCONF Description
    Enable Yes | No Same as UCONF UCONF - folder_monitoring.enable = NO | YES Specifies whether folder monitoring is enabled. Selecting No disables the functionality, yet does not remove any existing folder definitions.
    Folder name string max 32, <empty>   UCONF - folder_monitoring.folders =1,2,…
    (each index corresponds to a Folder name in Central Governance)
    Specifies the name of each monitored folder as identified in Central Governance. For each folder name, an incremented index is added in the folders list. The index <i> is referred for all parameters under a given folder monitoring instance.
    Status Active | Inactive STATE   Indicates id folder monitoring is activated for the selected folder.
    Directory to scan String max 512, <empty> SCANDIR UCONF - folder_monitoring.folders.<i>.scan_dir

    Path to the top-level directory to monitor.

    The value can contain alphanumeric characters and may include !#%&()*+-./:;=?@ []^_{|}~

    Directory where files are tracked String max 512, <empty> WORKDIR UCONF - folder_monitoring.folders.<i>.work_dir

    Path to the top-level directory for transferred files.

    The value can contain alphanumeric characters and may include !#%&()*+-./:;=?@ []^_{|}~

      String max 512, <empty> ARCHIVEDIR   Path to the top-level directory for archiving files. The value can contain alphanumeric characters and may include !#%&()*+-./:;=?@ []^_{|}~
    Flow identifier First sub-folder | Second sub-folder | Custom ID folder_monitoring.folders.<i>.idf Identifier of the flow used in the transfer.
    Partner First sub-folder | Second sub-folder | Custom PART folder_monitoring.folders.<i>.part Partner who receives the file.
    Scan sub-directories Yes | No ENABLESUBDIR folder_monitoring.folders.<i>.enable_subdir Monitor the directory tree starting with the top-level directory.
    Use system event notifications Yes | No USEFSEVENTS   Enables the file system events monitoring service to detect newly available files.
    Number of files to scan Unlimited | Limited FILECOUNT folder_monitoring.folders.<i>.file_count Whether the transmission of a group of files is done by individual file or grouped when possible.
    Number of files to scan is limited 1 – 2147483647 (100) FILECOUNT folder_monitoring.folders.<i>.file_count Maximum number of files to scan for submission.
    Time between scans 1 - 3600 (60 seconds) INTERVAL folder_monitoring.folders.<i>.interval Seconds between scans.
    Time before scanned files are submitted 0 – 3600 (5 seconds) FILEIDLEDELAY folder_monitoring.folders.<i>.file_idle_delay Files that have not changed during this interval can be submitted.
    Method Move | File METHOD folder_monitoring.folders.<i>.method Specifies whether submitted files are moved or kept in the scan directory and tracked with a state file.
    Append timestamp to submitted files (Method is Move) Yes | No RENAMEMETHOD folder_monitoring.folders.<i>.renaming_method After the submission, the file is moved and renamed by appending the timestamp.
    Timestamp separators (Method is Move and Append is Yes) A period is the default value (.) RENAMESEPARATOR folder_monitoring.folders.<i>.renaming_separators Enter values, which can include the characters _-.()[]
    Resubmit changed files (Method is File) Yes | No RESUBMITCHANGED folder_monitoring.folders.<i>.resubmit_changed_file Specifies whether a file is submitted again if a change is detected.
    Filter type Wildmat | Wildcard | Regular expression FILTERTYPE

    folder_monitoring.folders.

    <logical_name>.filter_type

    Defines the pattern matching algorithm to use for file name filtering. Values:

    • WILDMAT: A well known public domain algorithm
    • Regular expression syntax
    Include file template String max 256, <empty> INCLUDEFILTER UCONF - folder_monitoring.folders.<i>.file_include_filter Only files matching this pattern are monitored.
    Exclude file template String max 256, <empty> EXCLUDEFILTER folder_monitoring.folders.<i>.file_exclude_filter Files matching this pattern are excluded.
    Minimum size Unlimited | Limited FILESIZEMIN folder_monitoring.folders.<i>.file_size_min
    • Unlimited: No minimum size limit for files to be submitted. -1 (Unlimited)
    • Limited: Minimum size of files that can be submitted. In the value field, you can enter an integer from 1 - 2147483647 (1024).
    Maximum size Unlimited | Limited FILESIZEMAX folder_monitoring.folders.<i>.file_size_max
    • Unlimited: No maximum size limit for files to be submitted. -1 (Unlimited)
    • Limited: Maximum size of files that can be submitted. In the value field, you can enter an integer from 1 - 2147483647 (1024).

     

    Central Governance | Document Directory

    Related Links