SecureTransport Edge

SecureTransport Edge is the gateway required in the perimeter network (also called demilitarized zone or DMZ) in a typical multilayer security architecture deployment. You can use SecureTransport Edge to implement secure interactions between client systems in a public or other external network and SecureTransport Servers in your internal secure network.

SecureTransport Edge serves as a protocol converter in such a deployment. It treats a wide range of file transfer protocols as presentation layer services and each protocol server translates its protocol onto the streaming protocol used to communicate with the Transaction Manager (TM) server on the SecureTransport Server. The TM Server connects to the protocol servers on the configured SecureTransport Edge servers to establish the connections for the streaming protocol, so no process on a SecureTransport Edge ever makes a connection from the DMZ into the internal secure network. A flexible network zone configuration supports connection to the protocol servers on specific SecureTransport Edge servers for different protocols and file transfers. For more information see Communication across Transaction Manager, protocol, and proxy servers.

SecureTransport Edge serves all the protocols supported by SecureTransport. When an external partner client program or file transfer server initiates a connection to one of the protocol servers hosted on SecureTransport Edge, it terminates the inbound connection from the client, collects the client’s credentials, and establishes an authenticated encrypted connection to the TM. SecureTransport Edge sends the credentials to the TM as a service request. The TM attempts to authenticate the account using the configured method and returns the result to SecureTransport Edge. If the account is authenticated, SecureTransport Edge establishes the connection.

For a file transfer, SecureTransport Edge uses the streaming protocol to check the access control rules on SecureTransport Server to authorize the transfer. SecureTransport Edge converts the network messages between the client protocol and the SecureTransport streaming protocol, decrypting and encrypting the data as needed. The data is streamed between the external-facing protocol server and the Transaction Manager, the streaming protocol server, running on the SecureTransport Server. No transferred file data is stored in the SecureTransport Edge file system in the perimeter network.

When SecureTransport Server connects to a partner server in the external network to check for files or to transfer a file, it can use the SOCKS5 circuit-level proxy component of SecureTransport Edge to broker the connection through the perimeter network to the external network. Thus, the authentication credentials exist only in the internal secure network and are encrypted until they are presented to the external server. (SecureTransport Server can also use an HTTP proxy.)

SecureTransport Edge is available as software on Windows and UNIX platforms. You can deploy it with stand-alone or clustered SecureTransport Servers. You can deploy two or more SecureTransport Edge systems in support of a SecureTransport Server cluster and synchronize configuration changes dynamically. Each SecureTransport Edge stores its configuration in a local embedded MySQL database. For more information see SecureTransport Edge synchronization.

In addition to being offered as a software version, the SecureTransport Edge is available as an appliance. The Axway SecureTransport Appliance offers the SecureTransport file transfer solution using the Axway appliance platform, which is an easily deployable hardened Linux server. This self-contained appliance version of SecureTransport greatly simplifies the implementation and management of a secure file transfer infrastructure. SecureTransport appliances provide enterprises with enhanced security, high performance, and lower acquisition, deployment, and ownership costs.

Related Links