Configuring IBM webMethods Managed File Transfer Settings

Configure listener preferences, audit settings, and general settings.

Features in IBM webMethods Managed File Transfer Settings

Throttling

Throttling provides the capability to manage the rate of file transfers. It allows you to set the limits on bandwidth usage to prevent the utilization of the entire network capacity for file transfers. Throttling allows you to control:

Restrictions for Files

Restrict particular operations for files that match a specified pattern. Set the following server restrictions:

SSL Ciphers

Ciphers are algorithms that encrypt or decrypt data. Specify the SSL ciphers that IBM webMethods Managed File Transfer applies to all SSL listeners associated with a server instance.

File-based Encryption and Decryption

File-based encryption and decryption enables you to encrypt files before you store them on your drive. Encrypted files are decrypted when they are transferred back using the same key that was used to encrypt them. IBM webMethods Managed File Transfer encrypts and decrypts files instream rather than after the file is fully transferred.

When encryption and decryption keys are configured at multiple levels (user, server, and folder), IBM webMethods Managed File Transfer enforces the following order of preference:

  1. Users

  2. Folders

  3. Servers

For example, if user A accesses port 10 and uploads a file in VFS TestFolder123, then IBM webMethods Managed File Transfer checks if the encryption or decryption key is available for user A. If no key is available at the virtual folder level, then IBM webMethods Managed File Transfer checks for the user settings for the key. If no key is present at the user settings level, then IBM webMethods Managed File Transfer checks the server level settings for the key. If no key is present at the server level settings, then files are not encrypted or decrypted during upload or download.

Hammering

Hammering is a term used to describe a type of network activity in which a client repeatedly attempts to access a server or perform certain actions against the server’s configuration, often in a way that exceeds normal or expected usage patterns.

Use the hammering configurations to do the following:

Note
Both Allow and Deny configurations are possible, but contradictory configurations can result in unpredictable behavior. For example, if the same IP address range is configured as both Allow and Deny, the runtime behavior of the application will be unpredictable.

After a client triggers the hammering setting by performing actions that match the pre-set configurations, the IP address is not immediately banned. Instead, a background process checks for hammering on the server from any specific IP address every few seconds. If the process detects hammering from a particular IP address, that address is banned for the duration that is configured.

Email notification for in-progress actions

When IBM webMethods Managed File Transfer or an associated cloud pod goes through an unexpected restart or a planned maintenance, the in-progress scheduled actions or post-processing actions can sometimes get terminated without a graceful completion, resulting in the execution status to persist in an In-progress state indefinitely. The administrator does not get notified of this failure, which can eventually cause business loss if left uncorrected.

Email notification for in-progress actions functionality facilitates your cloud administrator to receive email notifications whenever an in-progress action is interrupted.

Go to General settings > Miscellaneous settings to access this functionality.

For more information, see Miscellaneous settings.

Listener Preferences

Configure global settings for all listeners. These settings are applicable for all listeners associated with IBM webMethods Managed File Transfer.

  1. Go to Settings > Listener preferences.

  2. Select the IBM webMethods Managed File Transfer instance from the Instance list and specify the following settings:

    Throttling options

    Field Description
    Maximum simultaneous user connections Type the maximum number of client connections allowed for the server at any given time.
    Maximum outgoing speed (Kb/sec) Type the maximum allowable speed in kilobytes per second for outbound transfers across all listeners.
    Maximum incoming speed (Kb/sec) Type the maximum allowable speed in kilobytes per second for inbound transfers across all listeners.
    Active time window Select the days of a week you want the server to be available to the user.
    File name filters Configure the file name filters to allow or deny commands (upload, download, list, rename) for files that match a specified pattern. For example, restrict a user from uploading files that end with “.exe”.
    • When you configure the file name filters for Listener Preferences and Users, the User file name filter configuration overrides the Listener Preferences configuration.
    • The file name filter is applied on the filename received by the server. For example, if a .pdf file is uploaded after changing the file extension to .txt, then IBM webMethods Managed File Transfer considers it as a .txt file when applying the filters.
    Patterns Click to add one or more patterns to restrict a particular operation for certain files, and specify the following details:

    • Command. Select a operation to restrict ( List, Upload, Download or Rename) from the list.
    • Filter type. Select a filter type (Starts with, Ends with, or Contains) from the list.
    • File name. Type a portion of the file name that the Filter type criterion should evaluate (for example, “exe”).

    Note
    Wildcard characters and regular expressions are not supported. That is, you cannot use characters such as * or % to represent any sequence of characters.
    Block paths matching these patterns Click to restrict access to specific folders and subfolders in the file system, and specify the following:

    • Pattern. Type the file system path you want to block. Regular expressions or wildcards characters are permitted.

    Tip
    Precede a pattern with a tilde character (~) to apply the pattern for all occurrences. For example, to deny user access to the folder /system/bin type: ~/system/bin/*

    Hammering options

    Field Description
    Ban IP address after unsuccessful attempts Ban a user’s IP address after a certain number of connection, password, or command execution attempts. Select the values for Connection, Password, and Command rows to configure the following settings:
    • Maximum attempts. Type the maximum number of allowed attempts.
    • Max attempts within. (sec) Type the duration in seconds.
    • Ban duration. (min) Type the number of minutes to ban the IP address.
    Ban the IP addresses of users after the first incorrect password Ban the IP address associated with a specific user after the user’s first incorrect password attempt. Click and type the user name for whom you want to ban the IP address.
    Ban specified IP addresses Do one of the following after adding the IP addresses associated with users after the first incorrect password attempt:
    • Select Permanently to ban the user’s IP address permanently.
    • Select Ban duration and type the number of minutes for which the user’s IP address should be banned.
    Cache invalid usernames for (sec) Type the number of seconds to hold the name of invalid users in the cache temporarily.
    The temporary caching of invalid usernames is useful for blocking robots that make repeated attempts to discover valid user credentials. When a robot scans IBM webMethods Managed File Transfer during the user validation process, this option blocks subsequent login attempts made using an invalid user name for the specified number of seconds. If the username is valid, IBM webMethods Managed File Transfer ignores this setting.
    Slow down hack attempt scans Select this option to incrementally slow down responses to a client that appears to be a robot scanning for writable directories on your server by establishing an FTP connection.
    This setting doubles the response time of the server for each subsequent response to the client, thereby rendering such robots less effective. Selecting this option does not result in any extra load on the CPU.
    Send email notification when IP is banned Select this option to receive notifications on e-mail when an IP address is banned. Type the e-mail address in the following field.
    IP restrictions Click to add one or more IP addresses for which IBM webMethods Managed File Transfer can accept or deny connection requests and specify the following details:
    • Select Allow or Deny from the list.
    • Type the IP address range in the From and To boxes.

    File-based encryption options

    Field Description
    Activate Select this option to activate the file-based encryption.
    Public PGP key alias Type or browse the certificate alias for the public PGP key.

    File-based decryption options

    Field Description
    Activate Select this option to activate the file-based decryption.
    Private PGP key alias Type or browse the certificate alias for the private PGP key.

    Protocol options

    Field Description
    Welcome message Type a welcome message for display in the client console (for example, IBM webMethods Managed File Transfer web client, FileZilla client, and so on) when a user logs in.
    Download in binary Select this option to download files only in binary mode. This prevents IBM webMethods Managed File Transfer from altering the line endings of the ASCII text files even if the FTP client requests it.
    Upload in binary Select this option to upload files only in binary mode.
    Allow extended passive and port commands Select this option to allow extended passive and port commands such as, Extended Passive Mode (EPSV) and Extended Data Port (EPRT). This ensures compatibility between the client and server.

    Note
    Before you enable this option, ensure that your client supports these commands.
    Disable MTDM notifications Select this option to prevent users from modifying the timestamps of when a file was uploaded.
    Delete partial uploads Select this option to delete any incomplete file uploads.
    ZIP compression level Set the ZIP compression level according to your needs for file size and data transfer speed. Select one of the following options:
    • None. No compression. Results in the largest file size of the three options, with the longest transfer time.
    • Fast. Fastest compression. Performs little compression, but compression time is the fastest of the three options.
    • Best. Maximum compression. Provides the smallest file size possible after compression, with the shortest transfer time, but requires more time to perform the compression compared to the other two options.
    • Click Save to update the server instance with the global settings.

    Audit Settings

    Configure logs to be recorded for all or specific assets through audit settings.

    To configure audit settings

    1. Go to Settings > Audit Settings.​

    2. Select the Enable audit logs option, and select either all or specific assets for which you want logs to be recorded. You must select at least one asset if you enable this option. Audit logs are disabled by default.

    3. Click Save.

    The logs for the selected assets are audited and appear in the Audit log page.

    General Settings

    Configuring IBM webMethods Managed File Transfer to Send Emails

    Configure IBM webMethods Managed File Transfer to send emails in the following scenarios:

    To configure the default email settings in the user interface

    1. Go to Settings > General Settings.

    2. In User email settings, select the Activate email alerts for user creation/update option.

    3. Specify the details in User email settings. The following table lists the supported email fields:

      Field Description
      From Send email on behalf of the user.
      Subject Subject of the email.
      Template for user email Email template for the user creation alert.
      Configure the following server variables in your user email template:
      • {firstName}: First name of the user.
      • {lastName}: Last name of the user.
      • {username}: User ID for the user.
      • {password}: Password for the user.
      • {serverList}: Listener URLs for the user.
      Template for password email Email template for the password creation alert.
      Configure the following server variables in your password email template:
      • {firstName}: First name of the user.
      • {lastName}: Last name of the user.
      • {password}: Password for the user.
      Template for password reset Email template for the password reset alert.
      Configure the following server variables in your password reset email template:
      • {firstName}: First name of the user.
      • {lastName}: Last name of the user.
      • {passwordResetLink}: Link for resetting the password.
      • {expiryTimeStamp}: Time of expiry for the password reset link.
    4. Click Save.

    Note
    The following two email alerts will be sent to the user when the user password is changed:
    • Email with the user ID and server details.
    • Email with the new password details.

    To disable the automatic email alerts when you create a new user or update a user password

    1. Go to Settings > General Settings.

    2. In User email settings, clear the Activate email alerts for user creation/update checkbox.

    3. Click Ok.

    Note
    You must be an administrator to disable the email alerts.

    Password Settings

    To configure the password complexity of partner users.

    1. Go to Settings > General settings > Password settings, where the following aspects can be set:

      • Minimum number of lower-case letters
      • Minimum number of upper-case letters
      • Minimum number of special characters
      • Minimum number of numeric characters
      • Minimum length of the password
    2. Click Save.

    These aspects are applied to all the instances and the restrictions apply to the following scenarios:

    Miscellaneous Settings

    To configure time zone for date and time variables

    1. Go to Settings > General settings > Miscellaneous settings.

    2. Select a time zone from the drop-down list.

    3. Click Save.

    IBM webMethods Managed File Transfer applies the selected time zone to the date and time variables wherever applicable.

    To configure email notification for in-progress actions

    1. Go to Settings > General settings > Miscellaneous settings.

    2. In the Email notification settings for in-progress actions section, provide email recipients as comma separated values and an email subject for the email to be sent to your administrator.

    3. Click Save.

    Your cloud administrator will now receive email notifications whenever an in-progress action is interrupted.

    White Labeling

    IBM webMethods Managed File Transfer webClient facilitates safe and secure file transfers with HTTPS protocol, and is accessible through the public domain.

    Customize your IBM webMethods Managed File Transfer webClient theme as per your company branding, boost your brand visibility, and strengthen customer loyalty using While Labeling.

    This feature facilitates you to configure your customized login and landing page header logo, title bar icon and copyright content. When you share the webClient URL with your customers, your company details and branding appear on the web page.

    Customizing the login page

    To customize the Login page

    1. Log in to your tenant.

    2. Go to Settings > White Labeling.

    3. Click Custom to customize the following:

      • Login page details such as company logo and copyright information.
      • Landing page logo including the default and custom brand colors.
      • Title bar favicon and header.

    4. On the Login page,

      • Click to upload new logo, browse through your local file system and upload the file.

        The preview automatically appears on the right side.

        Select Apply logo to landing page if the same look-and-feel has to be applied to the landing page.

        Logo resolution is limited to 800x200 pixels. The supported file types are: JPEG, JPG, and PNG. File size is limited to 200 KB.

      • Provide Copyright content. Click Next to access Landing page settings.

        Copyright content is limited to 1000 characters. The following HTML tag specific symbols are not supported:

        ', ", &, <, >

    5. On the Landing page, select the following:

      • Click to upload new logo button and browse through your local file system to update the landing page logo.

        When your users login to the webClient, the first page they arrive at is the landing page.

        Logo resolution is limited to 800x200 pixels. The supported file types are: JPEG, JPG, and PNG. File size is limited to 200 KB.

      • Select a custom color scheme for the header logo from the available options, and click Next.

    6. Title header and favicon: Provide a page title and title icon. Click Save.

      This page allows your users to update the title header and the favicon. Favicon resolution is limited to 150x150 pixels. The supported file type is ICO. File size is limited to 200 KB. Title header is limited to 60 characters and does not support these characters:

      ', ", &, <, >

    7. Click Save.

      These changes take effect immediately for the users accessing the webClient.

    Azure Active Directory

    You can configure Integration Server based Common Directory Services (CDS) in IBM webMethods Managed File Transfer. Apart from CDS, IBM webMethods Managed File Transfer also supports Azure Active Directory (AD) as an external directory service using Microsoft graph library.

    Before you Begin

    Basic Flow

    To enable Azure AD user management:

    1. Go to Azure console and register IBM webMethods Managed File Transfer as an application. Copy the following information provided by Azure console during the registration process:

      • Tenant ID
      • Client ID
      • Client secret
      • Configuration URL
    2. Log in to your tenant.

    3. Go to Settings > User directory. Click Active under Azure active directory, paste the details copied from Azure console in the relevant fields. Click Test Connection, verify the connection and click Save.

    Next Steps