webMethods.io MFT enables you to create a Virtual File System (VFS) to provide an abstract view of resources in your remote FTP and SFTP servers. This capability enables users and client applications to access a variety of file structures in a uniform way.
webMethods.io MFT offers a default virtual folder backed by cloud storage. The location information for this folder is inaccessible, but you can create subfolders within it and configure new virtual folders pointing to these subfolders. Grant users access to these virtual folders.
To add virtual folders under the default virtual folder location
Go to Virtual folders, and choose the virtual folder named default on the Virtual folders page.
On the right panel, select Create folder and click 
.
In the Add folder dialog box, type a unique name for the subfolder and click Add.
Note: You cannot delete subfolders on webMethods.io MFT. Only users with the Delete folder permission can delete the subfolders, if they are connected through listeners.
To configure folders with a default virtual folder location
Go to Virtual folders and click .
In the Add virtual folder dialog box, type a unique name for the virtual folder and click Add.
On the right panel, expand Location and select Configure with default virtual folder location.
Click Browse. Select the path to a subfolder under the default virtual folder created previously and click Save.
Note: You cannot reconfigure folders that are set with a default virtual folder location to use a remote location.
Create a Virtual File System (VFS) by creating one or more virtual folders, in a manner in which you typically arrange in a file system hierarchy. Although the information might be stored across remote file systems, a virual folder makes it appear as a cohesive data collection in the VFS.
To create a virtual folder
Go to Virtual folders and click 
.
In the Add virtual folder dialog box, type a unique name for the virtual folder and click Add.
The new virtual folder appears in the folders list.
To modify a virtual folder
Go to Virtual folders, and click on a virtual folder that you want to edit and modify the required configuration settings for the virtual folder.
Click Save.
To search for a virtual folder
Go to Virtual folders and specify all or one of the following search criteria:
| Field | Description |
|---|---|
| Partner | Select one of the following:
|
| User | Select one of the following:
|
| Folder name | Type the name of the specific virtual folder you want to view. |
Click Apply for the changes to take effect and click Reset to clear the values. The virtual folders list is populated with the virtual folders matching the search criteria.
To configure additional settings
Go to Virtual folders, and on the Folders tile, click on a virtual folder.
Type a different virtual folder name and select one of the partner options:
| Option | Description |
|---|---|
| No Partner | Select this option if you do not want to associate the virtual folder with a partner or the enterprise. |
| Enterprise | Select this option if you want to associate the virtual folder with the enterprise. Type a new enterprise name and click Create. |
| Partner | Select this option if you want to associate the virtual folder with a partner. Either select a partner from the list or type a new partner name. Click Create to associate the virtual folder with a partner. |
Configure the location in one of the following ways:
| Option | Description |
|---|---|
| Configure a remote location | Select this option to specify a file path in a remote server along with a protocol (transport mechanism) from the list, and type the file path location. For example, FTP://host:port/DestinationFolder/. Type a username and password for the remote server. See Supported protocols and Supported storage types for more information. |
| Configure a default virtual folder location | Select this and click Browse to configure the path of the folder that you created under the default virtual folder. See Adding subfolders under the default virtual folder location for more information. |
Add a user to the virtual folder and configure the permissions with the username.
The user can now view, download, upload, delete, create a folder, delete folder, or rename the folder.
Define specific file-based encryption and decryption PGP keys for a virtual folder.
When encryption and decryption keys are configured at multiple levels such as user, listener, and virtual folder, webMethods.io MFT enforces the following order of listener preference:
For example, if user A accesses port 10 and uploads a file in VFS TestFolder123, then webMethods.io MFT checks if the encryption or decryption key is available for user A. If no key is available at the virtual folder level, then webMethods.io MFT checks for the user settings for the key. If no key is present at the user settings level, then webMethods.io MFT checks the server level settings for the key. If no key is present at the server level settings, then files are not encrypted or decrypted during upload or download.
Note: webMethods.io MFT does not use these keys when a virtual folder is configured in a post-processing or scheduled action. If you want to configure the encryption and decryption keys in an action, create an encryption or decryption task.
Click Save.
| Field | Description |
|---|---|
| Keystore Alias (Applicable only for FTPES and FTPS) | Type the certificate alias. This key is used for certificate based login. |
| Connection Pool Size | Limit the number of connections created using a particular VFS. The default value is unlimited, which does not restrict the number of connections created using a particular VFS. |
| High availability download recovery | Select the option to allow webMethods.io MFT to resume a download that was not completed previously. |
| High availability upload recovery | Select the option to allow webMethods.io MFT to resume an upload that was not completed previously. |
| Passive | Select the option to enable webMethods.io MFT to connect to a remote server using the passive mode. webMethods.io MFT uses the active mode by default. |
| Force CWD to exact directory | Select the option if you are connected to a FTP server that allows file operations only on the current directory. Enabling this option forces a change to the target directory before executing the file operations. |
| Field | Description |
|---|---|
| Keystore Alias (Applicable only for HTTPS) | Type the certificate alias. This key is used for certificate based login. |
| High availability download recovery | Select the option to allow webMethods.io MFT to resume a download that was not completed previously. |
| High availability upload recovery | Select the option to allow webMethods.io MFT to resume an upload that was not completed previously. |
| Field | Description |
|---|---|
| Key Alias | Type the certificate alias. This key is used for certificate based login. |
| Preferred cipher | Configure the preferred cipher from the list of supported ciphers. |
| Excluded cipher | If you want to remove a cipher from the supported cipher list, then configure it in the Excluded cipher field. |
| SSH Fingerprint | Click the button to retrieve the host key fingerprint from the remote SFTP server. Remove the SSH fingerprint, if you do not want host key fingerprint verification for the virtual folder. |
| Two-factor authentication | Select this option to use both password and public key authentication to connect to the remote SFTP server configured for this VFS. |
| Connection Pool Size | Limit the number of connections created using a particular VFS. The default value is unlimited, which does not restrict the number of connections created using a particular VFS. |
| High availability download recovery | Select the option to allow webMethods.io MFT to resume a download that was not completed previously. |
| High availability upload recovery | Select the option to allow webMethods.io MFT to resume an upload that was not completed previously. |
| Field | Description |
|---|---|
| SMB Version | Select the SMB version from the list.
|
| Dfs enabled | This is applicable only for SMB v2 option. Select Dfs enabled, if the remote SMB server is configured with a Distributed File System (DFS). |
| High availability download recovery | Select the option to allow webMethods.io MFT to resume a download that was not completed previously. |
| High availability upload recovery | Select the option to allow webMethods.io MFT to resume an upload that was not completed previously. |
| Field | Description |
|---|---|
| Key Alias | Type the certificate alias. This key is used for certificate based login. |
| High availability download recovery | Select the option to allow webMethods.io MFT to resume a download that was not completed previously. |
| High availability upload recovery | Select the option to allow webMethods.io MFT to resume an upload that was not completed previously. |
To configure the VFS with Amazon-S3
Specify the following information and click Save.
| Field | Description |
|---|---|
| Bucket name | Specify the Amazon-S3 bucket name. |
| Folder path | Specify the folder path for the bucket. If you do not specify the folder path, then the root of the bucket is considered by default. |
| Region name | Choose the AWS (Amazon Web Services) region from the list. This is the location where your Amazon-S3 bucket resides. |
| Access key ID | Specify the Access key ID to access the Amazon-S3 bucket. |
| Secret access key | Specify the secret key which corresponds to the Access Key ID that has the access to Amazon-S3 bucket. |
Note:
- For more information about Amazon-S3 service, refer Amazon documentation.
- When you provide a non-existent folder path in a VFS pointing to S3, the folder automatically gets created during file operations.
To configure the VFS with Hosted-S3
Specify the following information and click Save.
| Field | Description |
|---|---|
| Bucket name | Specify the Hosted-S3 bucket name. |
| Folder path | Specify the folder path for the bucket. If you do not specify the folder path, then the root of the bucket is considered by default. |
| Access key ID | Specify the Access key ID to access the Hosted-S3 bucket. |
| Secret access key | Specify the Secret access key which corresponds to the Access key ID that has the access to Hosted-S3 bucket. |
| Endpoint | Specify the Endpoint to access the Hosted-S3 bucket. |
| URL Style | Choose one of the following addressing models: For example, https://s3-hosted.example.com/bucket-name/ For example, https://bucket-name.s3-hosted.example.com/ |
If you want to configure the VFS with Azure storage type, then select the AZURE-FILE or AZURE-BLOB from the list.
Note: webMethods.io MFT currently supports only AZURE-FILE shares and AZURE-BLOB containers.
To configure the VFS with AZURE-FILE
Specify the authentication information that must be sent to Azure storage type for authorizing access to specific resources. AZURE-FILE share supports Shared Key and Shared Access Signature (SAS) authentication types.
Choose one of the following ways to provide the authentication information:
| Option | Description |
|---|---|
| Shared Key | The shared key type passes a header with each request that is signed using the respective storage account access key. Specify the values for the following fields:
|
| Shared access signature (SAS) | The Shared Access Signature (SAS) type provides secure delegated access to resources in the storage account without compromising the security of the data. Additionally, control what resources the client may access, what permissions they have on those resources, and how long the SAS is valid, among other parameters.
|
| High availability download recovery | Select the option to allow webMethods.io MFT to resume a download that was not completed previously. |
Specify the location where the folder for the AZURE-FILE share resides.
Note: AZURE-FILE share supports headers for customization, security, caching, modification checks, and efficient transfers.
To configure the VFS with AZURE-BLOB
Specify the authentication information that must be sent to the Azure storage for authorizing the access to resources. The AZURE-BLOB supports Shared Key, Shared Access Signature (SAS), and Anonymous public access authentication types.
Choose one of the following ways to provide the authentication information:
| Option | Description |
|---|---|
| Shared Key | The shared key type passes a header with each request that is signed using the respective Storage Account Access Key. Specify the values for the following fields:
|
| Shared Access Signature (SAS) | The Shared Access Signature (SAS) type provides secure delegated access to resources in your storage account without compromising the security of the data. Additionally, control what resources the client may access, what permissions they have on those resources, and how long the SAS is valid, among other parameters.
|
| Anonymous public read access | The anonymous public read access type provides you with read access within a publicly accessible container without authorizing the request. Specify the values for the following fields:
|
| High availability download recovery | Select the option to allow webMethods.io MFT to resume a download that was not completed previously. |
Select a storage sub-type. The below mentioned are the two types of storage sub-types:
Specify the Azure container folder path for the Location field.
Specify the advance configuration options as follows:
to add the Header key and Header value information, respectively. Note: AZURE-BLOB now supports creating and renaming of folders and files upto 256 MB.
webMethods.io MFT supports GCP storage buckets using Google Cloud Service Account.
To configure the VFS with Google Cloud Platform
Specify the following information and click Save.
| Field | Description |
|---|---|
| Service account private key | Specify the encoded private key (a JSON file) for a service account. This key is used to authenticate the service account and authorize it to access GCP resources.
|
| Bucket name | Specify the GCP bucket name. |
| Folder path | Specify the folder path for the bucket. If you do not specify the folder path, then the root of the bucket is considered by default. |
| High availability download recovery | Select the option to allow webMethods.io MFT to resume a download that was not completed previously. |
Note:
- Hosted-S3 and Google Cloud Platform configurations are available only on the Virtual folders tab. This cannot be configured while creating actions.
- When you provide a non-existent folder path in a VFS pointing to GCP, the folder automatically gets created during file operations.
webMethods.io MFT supports antivirus scanning of inbound files by using an open source antivirus scanner ClamAV, which supports Internet Content Adaptation Protocol (ICAP). Antivirus scanning is limited to the scanning of inbound files, and does not support scanning of the internal webMethods.io MFT Server environment, outbound files or incoming files from default or child of default directory.
ClamAV virus signatures are updated every day by Software AG. ClamAV is exposed to the ActiveTransfer Server using an ICAP Server.
Antivirus scanning is enabled by default. You can disable the antivirus scanning if you absolutely trust the entity that is sending the files to the VFS. However, Software AG does not recommend disabling the antivirus scanning.
Note:
- Virus scanning may have some impact on webMethods.io MFT performance, since all files being transferred are scanned.
To disable webMethods.io MFT antivirus scanning of inbound files:
Log in to your tenant.
Go to Virtual folders > Folders section.
Click on the folder that does not require antivirus scanning.
Click Disabled under Antivirus Scanning. Click Save.
Important:
- webMethods.io MFT maintains a scan buffer size of 2 MB for antivirus scanning.
- Files less than 2 MB in size are maintained in the Java Virtual Machine (JVM) and forwarded to the destination after scanning.
- Files larger than 2 MB in size are scanned in 2 MB sections and forwarded to the destination, section by section. The file is completely written to the destination only when the entire file is scanned. You may experience a slow upload or session might go on hold in these scenarios, until the file is completely scanned and uploaded. It is recommended that you use a larger client timeout for such scenarios.
- webMethods.io MFT stops taking virus scanning requests if the collective sum of all 2 MB buffers exceeds 1 GB per instance.
No files are uploaded without an antivirus scan if the VFS is configured with scanning. If the ICAP server detects any virus in the file data sent for scanning, the ICAP server reports it to ActiveTransfer Server. You receive a reply that a virus is found and the connection is terminated. The ActiveTransfer Server then stops the file upload, deletes the file data from the JVM, and triggers deletion of the partial file data in ActiveTransfer Server.