IBM webMethods Managed File Transfer enables you to create a Virtual File System (VFS) to provide an abstract view of resources in your remote FTP and SFTP servers. This capability enables users and client applications to access a variety of file structures in a uniform way.
IBM webMethods Managed File Transfer offers a default virtual folder backed by cloud storage. The location information for this folder is inaccessible, but you can create subfolders within it and configure new virtual folders pointing to these subfolders. Grant users access to these virtual folders.
Adding subfolders under the default virtual folder location
To add virtual folders under the default virtual folder location
Go to Virtual folders, and choose the virtual folder named default on the Virtual folders page.
On the right panel, select Create folder and click .
In the Add folder dialog box, type a unique name for the subfolder and click Add.
Note
You cannot delete subfolders on IBM webMethods Managed File Transfer. Only users with the Delete folder permission can delete the subfolders, if they are connected through listeners.
Configuring folders with a default virtual folder location
To configure folders with a default virtual folder location
Go to Virtual folders and click .
In the Add virtual folder dialog box, type a unique name for the virtual folder and click Add.
On the right panel, expand Location and select Configure with default virtual folder location.
Click Browse. Select the path to a subfolder under the default virtual folder created previously and click Save.
Note
You cannot reconfigure folders that are set with a default virtual folder location to use a remote location.
Adding a Virtual Folder
No subtopics in this section
Create a Virtual File System (VFS) by creating one or more virtual folders, in a manner in which you typically arrange in a file system hierarchy. Although the information might be stored across remote file systems, a virual folder makes it appear as a cohesive data collection in the VFS.
To create a virtual folder
Go to Virtual folders and click .
In the Add virtual folder dialog box, type a unique name for the virtual folder and click Add.
The new virtual folder appears in the folders list.
Modifying a Virtual Folder
No subtopics in this section
To modify a virtual folder
Go to Virtual folders, and click on a virtual folder that you want to edit and modify the required configuration settings for the virtual folder.
Click Save.
Searching for Virtual Folders
No subtopics in this section
To search for a virtual folder
Go to Virtual folders and specify all or one of the following search criteria:
Field
Description
Partner
Select one of the following:
All partners. Search for the virtual folders associated with all the partners in IBM webMethods Managed File Transfer.
Specific partner. Search for the virtual folders associated with a specific partner in IBM webMethods Managed File Transfer. Select this option, type the name of the partner, and click Ok.
User
Select one of the following:
All users. Search for the virtual folders associated with all the users in IBM webMethods Managed File Transfer.
Specific user. Search for the virtual folders associated with a specific user in IBM webMethods Managed File Transfer. Select this option, type the name of the user, and click Ok.
Folder name
Type the name of the specific virtual folder you want to view.
Click Apply for the changes to take effect and click Reset to clear the values. The virtual folders list is populated with the virtual folders matching the search criteria.
Configuring Additional Settings for a Virtual Folder
No subtopics in this section
To configure additional settings
Go to Virtual folders, and on the Folders tile, click on a virtual folder.
Type a different virtual folder name and select one of the partner options:
Option
Description
No Partner
Select this option if you do not want to associate the virtual folder with a partner or the enterprise.
Enterprise
Select this option if you want to associate the virtual folder with the enterprise. Type a new enterprise name and click Create.
Partner
Select this option if you want to associate the virtual folder with a partner. Either select a partner from the list or type a new partner name. Click Create to associate the virtual folder with a partner.
Configure the location in one of the following ways:
Option
Description
Configure a remote location
Select this option to specify a file path in a remote server along with a protocol (transport mechanism) from the list, and type the file path location. For example, FTP://host:port/DestinationFolder/. Type a username and password for the remote server. See Supported protocols and Supported storage types for more information.
Add a user to the virtual folder and configure the permissions with the username.
The user can now view, download, upload, delete, create a folder, delete folder, or rename the folder.
When you grant user permissions to a parent folder, the user inherits the same permissions for all subfolders.
When you grant user permissions to a subfolder, the user inherits the permission to traverse through the parent folders.
For a user, when you override the inherited permissions and specify a different set of permissions to a folder, those new permissions are inherited by the subfolders within the parent folder.
Support for these permissions is dependent on the specific VFS that you are configuring.
Define specific file-based encryption and decryption PGP keys for a virtual folder.
When encryption and decryption keys are configured at multiple levels such as user, listener, and virtual folder, IBM webMethods Managed File Transfer enforces the following order of listener preference:
Users
Virtual folders
Listeners
For example, if user A accesses port 10 and uploads a file in VFS TestFolder123, then IBM webMethods Managed File Transfer checks if the encryption or decryption key is available for user A. If no key is available at the virtual folder level, then IBM webMethods Managed File Transfer checks for the user settings for the key. If no key is present at the user settings level, then IBM webMethods Managed File Transfer checks the server level settings for the key. If no key is present at the server level settings, then files are not encrypted or decrypted during upload or download.
Note
IBM webMethods Managed File Transfer does not use these keys when a virtual folder is configured in a post-processing or scheduled action. If you want to configure the encryption and decryption keys in an action, create an encryption or decryption task.
Keystore Alias (Applicable only for FTPES and FTPS)
Type the certificate alias. This key is used for certificate based login.
Connection Pool Size
Limit the number of connections created using a particular VFS. The default value is unlimited, which does not restrict the number of connections created using a particular VFS.
High availability download recovery
Select the option to allow IBM webMethods Managed File Transfer to resume a download that was not completed previously.
High availability upload recovery
Select the option to allow IBM webMethods Managed File Transfer to resume an upload that was not completed previously.
Passive
Select the option to enable IBM webMethods Managed File Transfer to connect to a remote server using the passive mode. IBM webMethods Managed File Transfer uses the active mode by default.
Force CWD to exact directory
Select the option if you are connected to a FTP server that allows file operations only on the current directory. Enabling this option forces a change to the target directory before executing the file operations.
HTTP and HTTPS
Field
Description
Keystore Alias (Applicable only for HTTPS)
Type the certificate alias. This key is used for certificate based login.
High availability download recovery
Select the option to allow IBM webMethods Managed File Transfer to resume a download that was not completed previously.
High availability upload recovery
Select the option to allow IBM webMethods Managed File Transfer to resume an upload that was not completed previously.
SFTP
Field
Description
Key Alias
Type the certificate alias. This key is used for certificate based login.
Preferred cipher
Configure the preferred cipher from the list of supported ciphers.
Excluded cipher
If you want to remove a cipher from the supported cipher list, then configure it in the Excluded cipher field.
SSH Fingerprint
Click the button to retrieve the host key fingerprint from the remote SFTP server. Remove the SSH fingerprint, if you do not want host key fingerprint verification for the virtual folder.
Two-factor authentication
Select this option to use both password and public key authentication to connect to the remote SFTP server configured for this VFS.
Connection Pool Size
Limit the number of connections created using a particular VFS. The default value is unlimited, which does not restrict the number of connections created using a particular VFS.
High availability download recovery
Select the option to allow IBM webMethods Managed File Transfer to resume a download that was not completed previously.
High availability upload recovery
Select the option to allow IBM webMethods Managed File Transfer to resume an upload that was not completed previously.
SMB
Field
Description
SMB Version
Select the SMB version from the list.
SMB v1. Select this for legacy SMB servers.
SMB v2. Select this to support SMB Server 2 and SMB Server 3.
Dfs enabled
This is applicable only for SMB v2 option. Select Dfs enabled, if the remote SMB server is configured with a Distributed File System (DFS).
High availability download recovery
Select the option to allow IBM webMethods Managed File Transfer to resume a download that was not completed previously.
High availability upload recovery
Select the option to allow IBM webMethods Managed File Transfer to resume an upload that was not completed previously.
WEBDAV and WEBDAVS
Field
Description
Key Alias
Type the certificate alias. This key is used for certificate based login.
High availability download recovery
Select the option to allow IBM webMethods Managed File Transfer to resume a download that was not completed previously.
High availability upload recovery
Select the option to allow IBM webMethods Managed File Transfer to resume an upload that was not completed previously.
Configuring a virtual folder with Amazon-S3 bucket
To configure the VFS with Amazon-S3
Specify the following information and click Save.
Field
Description
Bucket name
Specify the Amazon-S3 bucket name.
Folder path
Specify the folder path for the bucket. If you do not specify the folder path, then the root of the bucket is considered by default.
Region name
Choose the AWS (Amazon Web Services) region from the list. This is the location where your Amazon-S3 bucket resides.
Access key ID
Specify the Access key ID to access the Amazon-S3 bucket.
Secret access key
Specify the secret key which corresponds to the Access Key ID that has the access to Amazon-S3 bucket.
Note
For more information about Amazon-S3 service, refer Amazon documentation.
When you provide a non-existent folder path in a VFS pointing to S3, the folder automatically gets created during file operations.
Configuring a virtual folder with Hosted-S3 bucket
To configure the VFS with Hosted-S3
Specify the following information and click Save.
Field
Description
Bucket name
Specify the Hosted-S3 bucket name.
Folder path
Specify the folder path for the bucket. If you do not specify the folder path, then the root of the bucket is considered by default.
Access key ID
Specify the Access key ID to access the Hosted-S3 bucket.
Secret access key
Specify the Secret access key which corresponds to the Access key ID that has the access to Hosted-S3 bucket.
Endpoint
Specify the Endpoint to access the Hosted-S3 bucket.
URL Style
Choose one of the following addressing models:
Path. In this URL model, the hostname is s3-hosted.example.com and the bucket name is specified in the path as /bucket-name/. For example, https://s3-hosted.example.com/bucket-name/
If you want to configure the VFS with Azure storage type, then select the AZURE-FILE or AZURE-BLOB from the list.
Note
IBM webMethods Managed File Transfer currently supports only AZURE-FILE shares and AZURE-BLOB containers.
Configuring a virtual folder with AZURE-FILE
To configure the VFS with AZURE-FILE
Specify the authentication information that must be sent to Azure storage type for authorizing access to specific resources. AZURE-FILE share supports Shared Key and Shared Access Signature (SAS) authentication types.
Choose one of the following ways to provide the authentication information:
Option
Description
Shared Key
The shared key type passes a header with each request that is signed using the respective storage account access key. Specify the values for the following fields:
Account name. The account name that corresponds to the Azure account for the AZURE-FILE location.
Access key. The key that you create at the Azure portal for the corresponding account name.
Shared access signature (SAS)
The Shared Access Signature (SAS) type provides secure delegated access to resources in the storage account without compromising the security of the data. Additionally, control what resources the client may access, what permissions they have on those resources, and how long the SAS is valid, among other parameters.
Account name. Specify the account name that corresponds to the Azure account for the AZURE-FILE location.
SAS token. The SAS token is a string that you generate in the Azure portal for an account.
High availability download recovery
Select the option to allow IBM webMethods Managed File Transfer to resume a download that was not completed previously.
Specify the location where the folder for the AZURE-FILE share resides.
Note
AZURE-FILE share supports headers for customization, security, caching, modification checks, and efficient transfers.
Configuring a virtual folder with AZURE-BLOB
To configure the VFS with AZURE-BLOB
Specify the authentication information that must be sent to the Azure storage for authorizing the access to resources. The AZURE-BLOB supports Shared Key, Shared Access Signature (SAS), and Anonymous public access authentication types.
Choose one of the following ways to provide the authentication information:
Option
Description
Shared Key
The shared key type passes a header with each request that is signed using the respective Storage Account Access Key. Specify the values for the following fields:
Account name. The account name that corresponds to the Azure account for the blob location.
Account key. The key that you create at the Azure portal for the corresponding account name.
Shared Access Signature (SAS)
The Shared Access Signature (SAS) type provides secure delegated access to resources in your storage account without compromising the security of the data. Additionally, control what resources the client may access, what permissions they have on those resources, and how long the SAS is valid, among other parameters.
Account name. The account name that corresponds to the Azure account for the blob location.
SAS token. The SAS token is a string that you generate in the Azure portal for an account.
Anonymous public read access
The anonymous public read access type provides you with read access within a publicly accessible container without authorizing the request. Specify the values for the following fields:
Account name. The account name that corresponds to the Azure account for the blob location.
High availability download recovery
Select the option to allow IBM webMethods Managed File Transfer to resume a download that was not completed previously.
Select a storage sub-type. The below mentioned are the two types of storage sub-types:
Block Blob. It stores the unstructured data such as files, media, images, and documents in blocks.
Append Blob. It appends the unstructured data such as files, media, images, documents and so on.
Specify the Azure container folder path for the Location field.
Specify the advance configuration options as follows:
Storage size. Specifies the size of each part of the file which gets uploaded to the blob container.
Azure headers - Add additional header parameters to set the extra metadata for the blob container. Click to add the Header key and Header value information, respectively. The following are the list if supported headers:
cacheControl
contentType
contentEncoding
contentLanguage
contentDisposition
Note
AZURE-BLOB now supports creating and renaming of folders and files upto 256 MB.
Configuring a virtual folder with Google Cloud Platform (GCP) bucket
IBM webMethods Managed File Transfer supports GCP storage buckets using Google Cloud Service Account.
To configure the VFS with Google Cloud Platform
Specify the following information and click Save.
Field
Description
Service account private key
Specify the encoded private key (a JSON file) for a service account. This key is used to authenticate the service account and authorize it to access GCP resources.
Open your Google Cloud console settings.
Go to IAM & Admin > Service Accounts.
Click Create service account.
Provide the configured email address.
Click keys tab and add the JSON key.
Refer Google Cloud documentation for more details.
Bucket name
Specify the GCP bucket name.
Folder path
Specify the folder path for the bucket. If you do not specify the folder path, then the root of the bucket is considered by default.
High availability download recovery
Select the option to allow IBM webMethods Managed File Transfer to resume a download that was not completed previously.
Note
Hosted-S3 and Google Cloud Platform configurations are available only on the Virtual folders tab. This cannot be configured while creating actions.
When you provide a non-existent folder path in a VFS pointing to GCP, the folder automatically gets created during file operations.
IBM webMethods Managed File Transfer supports antivirus scanning of inbound files by using an open source antivirus scanner ClamAV, which supports Internet Content Adaptation Protocol (ICAP). Antivirus scanning is limited to the scanning of inbound files, and does not support scanning of the internal IBM webMethods Managed File Transfer Server environment, outbound files or incoming files from default or child of default directory.
ClamAV virus signatures are updated every day by IBM. ClamAV is exposed to the ActiveTransfer Server using an ICAP Server.
Antivirus scanning is enabled by default. You can disable the antivirus scanning if you absolutely trust the entity that is sending the files to the VFS. However, IBM does not recommend disabling the antivirus scanning.
Note
Virus scanning may have some impact on IBM webMethods Managed File Transfer performance, since all files being transferred are scanned.
To disable IBM webMethods Managed File Transfer antivirus scanning of inbound files:
Log in to your tenant.
Go to Virtual folders > Folders section.
Click on the folder that does not require antivirus scanning.
Click Disabled under Antivirus Scanning. Click Save.
Important
IBM webMethods Managed File Transfer maintains a scan buffer size of 2 MB for antivirus scanning.
Files less than 2 MB in size are maintained in the Java Virtual Machine (JVM) and forwarded to the destination after scanning.
Files larger than 2 MB in size are scanned in 2 MB sections and forwarded to the destination, section by section. The file is completely written to the destination only when the entire file is scanned. You may experience a slow upload or session might go on hold in these scenarios, until the file is completely scanned and uploaded. It is recommended that you use a larger client timeout for such scenarios.
IBM webMethods Managed File Transfer stops taking virus scanning requests if the collective sum of all 2 MB buffers exceeds 1 GB per instance.
Actions taken when a virus is found
No files are uploaded without an antivirus scan if the VFS is configured with scanning. If the ICAP server detects any virus in the file data sent for scanning, the ICAP server reports it to ActiveTransfer Server. You receive a reply that a virus is found and the connection is terminated. The ActiveTransfer Server then stops the file upload, deletes the file data from the JVM, and triggers deletion of the partial file data in ActiveTransfer Server.