OFTP (embedded) fields

An embedded OFTP V1 or V2 server is available after a community adds a delivery exchange that uses an embedded ODETTE File Transfer Protocol server. You can change the server’s settings and advanced options.

To change settings:

  1. Select System management > Manage embedded servers.
  2. Alternatively, you can click Trading configuration on the toolbar, click on the Communities page, and then click the link near the bottom of the page named Change an embedded transport server.
  3. From the list of embedded servers, click the name of an OFTP server to open the modification page.
  4. Click Save changes when you are done.

The following are the maintenance fields for an embedded OFTP transport server. The fields for OFTP V1 and V2 are the same.

Settings tab (without TLS)

  • Server name – The name for the embedded OFTP server. This can be any name you want.
  • Host – The fully qualified domain name of the computer on which the embedded server runs. Interchange detects this setting; you cannot change it.
  • Port – The TCP port on which the server listens for connection requests. This field does not apply to OFTP V1 X.25.

Settings tab (with TLS)

  • Server name – The name for the embedded OFTP server. This can be any name you want.
  • Host – The fully qualified domain name of the computer on which the embedded server runs. Interchange detects this setting; you cannot change it.
  • Port – The TCP port on which the server listens for connection requests. This field does not apply to OFTP V1 X.25.
  • This server requires client authentication – Select this to use the partner’s certificate to authenticate the partner when the partner connects to the server.
  • Add a TLS server certificate or TLS server certificate – For optional TLS, the server requires a TLS certificate. If the server has a certificate, the name of the certificate is displayed. If the server does not have a certificate, you are prompted to provide one.
  • If you use a self-signed certificate, it displays on the trusted root certificates tab. A self-signed certificate is a root certificate. For a server certificate issued by a certificate authority, you may also have to use the trusted root certificates tab to import a CA-issued root certificate for the server certificate

DMZ ports tab

Note   This tab displays in the user interface only if your software license enables Secure Relay DMZ nodes. The tab only applies to servers used for trading and not integration.
  • Enable DMZ port forwarding – Select this check box if you want the external firewall or load balancer to send inbound connections to Secure Relay DMZ nodes rather than directly to embedded servers in the protected network.
  • In the simplest case there is one DMZ port with the same value as the corresponding embedded server port in the protected network. If you add a machine to your cluster and return to the DMZ ports tab, another DMZ port automatically is added in sequence. This happens because every machine in the cluster that can host the embedded server must be assigned a unique corresponding port in the DMZ.
  • Click the port field to display a list of ports already in use.
  • Enable security termination in DMZ – Select this check box to have various security functions performed in the DMZ. If connections are via SSL, the secure connection is terminated at the router agent in the DMZ. For delivery exchanges that require a user name and password to connect (for example, FTP, SFTP, WebDAV), the router agent authenticates the user.
  • Enable IP address checking in DMZ – Select this check box to have Interchange check partners’ IP addresses against a whitelist of authorized IP addresses. Connections from unknown IP addresses are not allowed.
  • Match IP address against partner definition – When IP address checking is enabled, select this check box to have the router agent check whether the partner is registered to the IP address. If not selected, the agent only checks the user’s credentials. (This control is not available to all types of servers.)
  • Zone – If you want to receive messages through a Secure Relay DMZ zone, select a zone. This drop-down field is available only if zones have been set up.

See Port forwarding details for more information.

Advanced tab

  • Minimum threads – The least number of threads Interchange must dedicate to the server.
  • Maximum threads – The most threads Interchange can dedicate to the server.
  • Read timeout (seconds) – How many seconds of inactivity to allow before Interchange terminates the connection.

Related topics

Related Links