PeSIT transfer sites

Unlike transfer sites for other transfer protocols, a PeSIT transfer site is also used for transfers initiated by the external PeSIT partner (considered client-initiated by SecureTransport). Only the Site Name is required in that case to define the partnership, so a PeSIT transfer site needs only a Site Name if it is not used for transfers initiated by the SecureTransport server on which it is defined.

For a PeSIT transfer site, the Site Name designates the destination for an incoming routed transfer. For more information, see Select a default PeSIT transfer site for routing.

The following table describes the PeSIT protocol options for a transfer site.

Field Description
Remote Partner Settings
Host The host name or IP address of the remote server to connect to for file transfers. You cannot enter spaces-only values in this field. For more information, see Spaces in required fields.
Port The port on the remote server to be used for file transfers. You cannot enter spaces-only values in this field. For more information, see Spaces in required fields.
Alternative addresses

This set of options allow you to add, delete and set a priority order of alternative endpoints. These endpoints act as backup alternatives to the configured Server-Port Site Settings and are particularly useful in cases of transfer failures. Specifying alternative endpoints as backup servers provides a way to temporarily reroute pending transfers and minimize the risk of transfer failure. As with the Server-Port site settings, the connection to each alternative endpoint is defined by its host name (or IP address) and port number.

  • To add an alternative server endpoint, click New Address. The Alternative Addresses table expands with a new row, that allows you to enter a hostname (or IP address), a port number and save these changes.
  • To delete an alternative server endpoint, select the corresponding check-box on the same row and click Delete.
  • To reorder the list of alternative endpoints, click Reorder. A new option (upward and downward arrow) appears next to each entry. You must hover with the mouse pointer over this newly appeared option and the mouse pointer will assume the "move" shape: a four-directional arrow pointer. This indicates which alternative endpoint is on focus. You can now drag & drop it up and down to the order number you want it at. Perform this action with other alternative endpoints until the list is ordered according to your needs. When you are done, click Save Order to keep the newly changed order.
Note Visibility of this option is controlled with the value set for the TransferSite.AlternativeAddresses.retryPolicy configuration option. It allows you to set a "retry policy" with a list of alternative endpoints (presented in IP address: Port number pairs or hostname) you define on this screen. But before you are able to do so, you must go to Operations > Server Configuration and set the policy type using either of the following values:
  • AllHostsOnEachRetry – with this policy SecureTransport iterates through each endpoint, one by one, starting with the first in the list. If connection not successful, SecureTransport will continue trying each endpoint one after another until the maximum number of retries is reached. You can set the maximum retry value by editing the EventQueue.maxRetryCount configuration option.
  • OneHostOnEachRetry – with this policy SecureTransport tries to connect to the first endpoint in the list. If connection not successful, SecureTransport will continue trying that endpoint until the maximum number of retries is reached; and then will move to the next one in the list. Following that same pattern, SecureTransport will try each endpoint until success; or until end of list. You can set the maximum retry value by editing the EventQueue.maxRetryCount configuration option.
  • Disabled (default) – this is the default value that keeps the table with endpoints entirely hidden from view.
Network Zone

The network zone that defines the proxies to use for transfers through this site.

  • Select none to connect directly to the remote partner server.
  • Select any to allow SecureTransport to select the proxy connection using a network zone that enables an SOCKS5 proxy.
  • Select Default to use the default network zone proxy configuration. If no default is network zone is defined, transfers from this transfer site fail.
  • Select a specific network zone to use the proxy configuration defined for that zone.

For more information, see Specify TM Server communication ports and IP address for protocol servers on SecureTransport Edge.

Transfer Settings when the Show Advanced Settings option is not selected.

Please note that the following options are moved under the Network Settings when you select the Show Advanced Settings option.

Use TLS/SSL Requires the use of TLS or SSL for communication with the partner server.
Verify partner's certificate

Verify the TSL/SSL certificate of the partner site.

This field is displayed when the Use TLS/SSL option is selected.

When selected, SecureTransport verifies whether the server certificate of the partner is chained to a trusted root using the algorithm specified in AgentServers.Ssl.trustAlgorithm server configuration parameter and the certificates imported in the Trusted CAs store.

Enable FIPS Transfer

Restrict PeSIT to use only FIPS 140-2 Level 1 certified cryptographic libraries. This field is displayed when the Use TLS/SSL option is selected.

When you enable FIPS transfer mode, the panel expands with an additional field that lets you specify the desired set of cipher suites to be used in FIPS mode for server-initiated transfers through this site. By default, this set is populated with the cipher suites as defined in the Pesit.FIPS.SIT.Ciphers configuration option.

You can add or remove cipher suites. The supported FIPS cipher suites from which you can select when adding a new one are listed in FIPS transfer mode. Note that both the sender and the recipient must use supported FIPS ciphers suites. Otherwise, the transfer will fail.

Enable SSL Legacy Mode Requires the use of SSL Legacy mode for communication with the partner server. This field is displayed when the Use TLS/SSL option is selected.
Enable Transfer CFT compatible SSL Mode

Use a version of SSL that is compatible with Axway Transfer CFT. Legacy Transfer CFT are versions prior to 2.7.1 SP3 or 3.0.1

This field is displayed when the Use TLS/SSL option is selected.

Login certificate The local certificate to use when connecting to the partner site.
Partner certificate The login certificate to use when authenticating the remote site.

Advanced Settings

Scroll down to the bottom of the screen and click the Show Advanced Settings to expand the screen with additional options.

Field Description
Pre-connection settings

These fields are displayed when you first select the Show Advanced Settings option and then select the Configure Pre-Connection.

PeSIT pre-connection settings allow you to map a server ID and password (Server Settings) to the corresponding client-side partner ID and password (Partner Settings).

PeSIT pre-connection acts as a mechanism for additional verification prior to establishing a PeSIT connection.

By default, the Configure Pre-Connection checkbox is not selected. If you leave it this way, the following rules apply, depending on the SecureTransport role in Pre-Connection phase: 

  • SecureTransport as ServerSecureTransport does not validate the received Partner ID and Partner Password.
  • SecureTransport as ClientSecureTransport sends to the target PeSIT Server the Account name as a Partner ID and the Connection Partner Password (if specified) as Partner Password.

When you select the Configure Pre-Connection checkbox you must add either Server or Partner Settings, or both. In all cases, the Id field is required and the Password field is optional. With the input of Server or Partner Settings, the following rules apply, depending on the SecureTransport role in the Pre-Connection phase: 

  • SecureTransport as ServerSecureTransport validates the received Partner ID and Partner Password against the configured Server ID and Server Password.
  • SecureTransport as ClientSecureTransport sends the configured Partner ID and Partner Password to the target PeSIT Server.

Server Settings

These options are part of the Pre-Connection settings.

Server Id The ID against which the Server validates the received Partner ID during Pre-Connection phase. It can contain any symbols (up to 8 characters). Leading or trailing spaces will be trimmed.

Password

(optional)

The password against which the Server validates the received Partner password during Pre-Connection phase. It can contain any symbols (up to 8 characters). White spaces are not allowed. Leading or trailing spaces will be trimmed.
Re-enter Password Retype the password you configure for pre-connection to your PeSIT server.

Partner Settings

These options are part of the Pre-Connection settings.
Partner Id The ID that the PeSIT client sends during Pre-Connection phase. It can contain any symbols (up to 8 characters). Leading or trailing spaces will be trimmed.

Password

(optional)

The password that the PeSIT client sends during Pre-Connection phase. It can contain any any symbols (up to 8 characters). White spaces are not allowed. Leading or trailing spaces will be trimmed.
Re-enter Password Retype the password you configure for pre-connection to your PeSIT transfer site.

Connection

Settings

These fields are displayed when the Show Advanced Settings option is selected.

Server Password Setting

To use a server password, select Use Password and type the same password in both fields. The password is required when a remote partner connects to this Server and password authentication is used. Valid passwords are string values consisting of one to eight characters.

These field is displayed only when the Show Advanced Settings option is selected.

Partner Password Settings

To use a partner password, select Use Password and type the password in the field provided. The password is required when this Server connects to a remote partner. Valid passwords are string values consisting of one to eight characters.

These field is displayed only when the Show Advanced Settings option is selected.

Transfer Settings

These fields are displayed when the Show Advanced Settings option is selected.

Compression

Enables horizontal online compression, vertical online compression, or both for transfers initiated by the SecureTransport Server. If the partner PeSIT server does not supports the selected compression, no compression is used for these transfers.

SecureTransport support all types of compression for transfers initiated by the partner PeSIT server.

Resync Allowed Enables dynamics resynchronization of exchanges during transfer, without interrupting the data exchange phase.
Checkpoint Interval

The maximum number of bytes in KB (equals 1024 bytes) that the sender may transmit between two consecutive checkpoints. Checkpoints are used to restart the transfer when required.

A value of zero indicates no checkpoints. A value of 65535 indicates an undefined interval.

Checkpoint Window

The greatest difference allowed between the number of the last checkpoint transmitted and the number of the last checkpoint acknowledged. When this number of checkpoints are not acknowledged, the sender suspends data transmission until it receives a checkpoint acknowledgment.

A value of zero indicates that no acknowledgments are required.

Connection Timeout

When SecureTransport acts as a client, the value of this field specifies the amount of time (in seconds) that SecureTransport will wait for an acknowledgment for a transfer.

Default value: the value specified in the Pesit.Client.Inactivity.Timeout configuration option.

Accepted values: positive integers.

If specified, the Connection Timeout value overwrites the Pesit.Client.Inactivity.Timeout value.

PeSIT Buffer size The size of the internal buffer for this transfer site in bytes. Valid values are 512 to 65535. A larger buffer improves performance. Specifies the maximum size of a PeSIT data element (PI 25). Should be greater than 800 bytes and less than 65535.
User Message Send

A string sent as PI 99 when the SecureTransport Server initiates a file transfer to the partner PeSIT server. The field may contain expressions. The tool tip lists valid expressions. If SecureTransport received the file using PeSIT, it retained the values of all the PeSIT PI codes as metadata and the PeSIT expression language variables contain those values. See also Expression Language, especially PeSIT variables.

The string that results from the evaluation of the expression must be at most 512 characters long.

User Message Receive

A string included in messages sent when the SecureTransport Server initiates a file transfer from the partner PeSIT server. The field may contain expressions.

The string that results from the evaluation of the expression must be at most 512 characters long.

Store and Forward Mode

Select the Store and Forward mode: START_NEW or PRESERVE.

Note The Store and Forward mode selected here can be overwritten from the Send To Partner step settings.
Originator
  • In case of SecureTransport initiating a new Store and Forward transfer, this property specifies the originator (PI61) of the transfer.
  • Note The originator specified in the PeSIT transfer site can be overwritten from the Advanced Routing Send To Partner step setting Originator.
  • In case no value is specified in both this filed and the Advanced Routing Send To Partner step setting Originator, PI61 is blank.
  • When the PRESERVE store and forward mode is selected, this field is disabled as PI preserves the PI61 value.

Final Destination
  • In case of SecureTransport initiating a new Store and Forward transfer, this property specifies the final destination (PI62) of the transfer.
  • Note The final destination specified in the PeSIT transfer site can be overwritten from the Advanced Routing Send To Partner step setting Final Destination.
  • In case no value is specified in both this field and the Advanced Routing Send To Partner step setting Final Destination, PI62 is blank.
  • When the PRESERVE store and forward mode is selected, this field is disabled as PI preserves the PI62 value.
Network Settings

These fields are displayed when the Show Advanced Settings option is selected.

Simultaneous

transfers

The maximum number of simultaneous transfers from this transfer site to remote PeSIT systems. A value of zero means no limit.
Parallel TCP connections The number of TCP connections to make for parallel TCP (pTCP) to accelerate transfers.
Parallel TCP package size The pTCP packet size in bytes.
Socket Send / Receive Buffer Size The size of the pTCP buffers in bytes. Specifies the TCP Socket maximum send and receive buffer size in bytes. This setting corresponds to SO_SNDBUF and SO_RCVBUF socket parameters.
pTCP connection retry count

The number of attempts SecureTransport makes for each TCP connection for pTCP.

When the value of the Host field is the address of load balancer for a remote PeSIT cluster, set this field to connections * (nodes - 1), where:

  • connections is the value of the Parallel TCP Connections field
  • nodes is the number of nodes in the remote PeSIT cluster

SecureTransport reties the connections until all connections are with the same PeSIT remote server.

It specifies the maximum times the SecureTransport will attempt to re-establish a connection with the remote server in case of "Unknown session" error.

This is useful in cases where the remote partner is a PeSIT cluster, the address in the transfer site represents the load balancer in front of the PeSIT cluster and the individual nodes behind the Load Balancer are not accessible.

In such environment, all connections have to arrive on the same partner node.

Depending on the load balancing configuration different number of retries or no retries (sticky session LB configuration) might be required.

Advanced SSL Settings

Scroll down to the bottom of the screen and click the Show Advanced SSL Settings to expand the screen with additional options.

The following table provides brief description on the Advanced SSL Settings:

Field Description
Show Advanced SSL Settings
Cipher suites

The set of cipher suites available with the current PeSIT transfer site for secure SIT connection. By default this set is populated with the cipher suites as defined in the Pesit.SIT.Ciphers configuration option.

To reset to default values, click the button next to the tooltip.

Enabled SSL protocols

The available SSL protocols for secure SIT connection with the current PeSIT transfer sites. By default this list is populated with the SSL protocols as defined in the Pesit.SIT.EnabledProtocols configuration option.

To reset to default values, click the button next to the tooltip.

The following sectiion provides how-to instructions for selecting a default PeSIT transfer site for routing:

Select a default PeSIT transfer site for routing

SecureTransport implements PeSIT routing as an intermediate partner by sending a received file to a PeSIT transfer site specified as the destination of the PeSIT transfer.

SecureTransport matches the specified destination to the names of the transfer sites for the account that receives the file. If a transfer site name matches, SecureTransport transfers the file to that site. No subscription is required. If no transfer site name matches and a default PeSIT transfer site is defined, SecureTransport transfers the file to that site.

If there is no default site, SecureTransport checks the Routing Mode value for the account. If it is Reject, the transfer is rejected before it starts. If it is Accept, the transfer is performed and the file is retained locally. If it is Ignore, a transfer that cannot be routed is ignored

When SecureTransport routes a transferred file to a final PeSIT destination, SecureTransport includes PI 61 and PI 62.

  1. Select Accounts > User Accounts. The User Accounts page is displayed.
  2. Click the name of the account for which you want to set the default transfer site.
  3. Click the Transfer Site tab.
  4. Select the check box next to the name of the PeSIT transfer site to make the default.
  5. Click Set PeSIT Default.
  6. The default is indicated in the transfer site list.

Related topics:

Related Links