170 likes | 249 Views
DEDS Migration to a New Architecture. Impact for CPs. Guide for CPs using DEDS for downloading/uploading files. Agenda. Introduction to DEDS Need for Change What is changing? How will this happen? What are benefits? As a CP what do I need to change? How can I go about it?
E N D
DEDS Migration to a New Architecture.Impact for CPs Guide for CPs using DEDS for downloading/uploading files.
Agenda Introduction to DEDS Need for Change What is changing? How will this happen? What are benefits? As a CP what do I need to change? How can I go about it? What are benefits for CPs? Time Scales This presentation does not cover changes for CPs where BT pushes/pulls data from CP server
Introduction DEDS – Data Exchange & Distribution Service It provides secure means to exchange data between BT and CP systems outside BT network. Acts like a post box. Currently FTP over ISDN or VPN are the means of data exchange with DEDS from CP systems. DEDS services are used by about 800+ CP accounts and there is growing demand for such service going forward. New DEDS is under development to replace the existing old and exhausted method of connection to a secure and strategic mechanism .
Need for Change ISDN access to DEDS is slow due to limited bandwidth. Being older technology, ISDN setup is difficult and costly to maintain in terms of availability of equipment and skills to maintain them. VPN access is limited by availability of VPN ports on BT firewall. Ports are almost exhausted. Existing DEDS hardware has scalability limitations.
What is changing? DEDS hardware will be migrated to new scalable Architecture. This hardware will be accessed by CP systems using standard Internet URL calls instead of an IP address. FTP Secure access with one-way SSL to DEDS is the default mechanism. DEDS will be exposed to internet with IP filtering applied on BT firewall to accept calls only from registered IPs.
What are benefits for CPs? Data transfer through a strategic, secure and Fast channel. Move from an old ISDN set up to a scalable secured FTP channel which is exposed to the internet. ISDN call charges borne by CP’s would be eliminated. Maintenance of ISDN, which is an old technology is not required. Secured FTP clients/server are readily available and many of them are freeware. Better and faster failover capabilities for DEDS which would ensure minimal loss of service.
Background on choosing FTPS • FTPS is a widely used standard alongside SFTP. Each has its own advantages and disadvantages. • Few specific reasons for choosing FTPS: • Chrooting – Required to ensure each CP has isolated working area on DEDS server for Data Security. • Time bound login – Like CPS, there are other BTW services which are not available 24 * 7. It is necessary to restrict CP access to DEDS outside of agreed service hours. • Logging – To generate MIS of CP’s upload/download activities. • Command Execution – To ensure CP can execute only certain commands necessary for transfer of files and restrict potentially harmful commands for health of DEDS. • BT has experience on implementing SSL over HTTP on B2B Gateways and necessary infrastructure for issuance and management of SSL certificates (server or client) is already built. • X509 certificates will be used by BT on DEDS server as Server Certificate. CPSOs will be provided with necessary CA (certifying authority) certificates and keys to authenticate the same. • If CPSO continue to receive files from DEDS in PUSH mode, CPSO’s can either arrange a server certificate on their own or BTW can get one issued using their own CA (affiliated to Verisign).
How will this happen? The change has been planned in phases for smooth transition from existing system to the new one. Phase I – • The New DEDS to be built on Strategic architecture. • It will be accessible over internet using FTPS over one-way SSL. • OLD DEDS and NEW DEDS will co-exist during the agreed transition period • Data synchronization mechanism will be implemented between old and new DEDS servers. • CP transition to new DEDS system will start in this phase • (Please refer to following diagram)
How will this happen? Continued… CP1 CP2 INTERNET ISDN / VPN IP FILTERING FTP FTP Secure Existing DEDS NEW DEDS Existing Setup Proposed Setup Phase - I Data synchronisation XFB / BDS / FTP BT System 1 BT System n
How will this happen? Continued… Phase II – • BT systems within BT Intranet will be re-pointed to new DEDS server. This phase has no CP impact. • Phase III – • Data Synchronization mechanism will be disabled/removed. • Old DEDS will be de-commissioned and entire service will be on NEW DEDS only.
How will this happen? Continued… CP1 CP2 INTERNET ISDN / VPN IP FILTERING FTP FTP Secure Existing DEDS NEW DEDS Existing Setup Proposed Setup Phase - II Data synchronisation XFB / FTP/FTPS BT System 1 BT System n This phase has NO impact for CP systems
How will this happen? Continued… CP1 CP2 INTERNET ISDN / VPN IP FILTERING FTP FTP Secure Existing DEDS NEW DEDS Existing Setup Proposed Setup Phase - II Phase - III Data synchronisation XFB / FTP/FTPS BT System 1 BT System n
As a CP what do I need to change? Installation of FTPS clients on the CP server’s. These clients should as a minimum support one-way SSL. CPs can use any FTP secure client of their choice. There are many commercially available or freeware clients. (List of samples is available in this slide pack later.) CP programs executing these downloads/uploads would need a change to integrate with the newly deployed FTP secure client. CP would access DEDS via Internet connection. New DEDS server will have a registered DNS URL. This is to improve the failover process. CP programs will need to change so that they FTPS onto new DEDS using this URL. Decommission the existing ISDN setup.
FTP secure client samples CoreFTP Lite (Windows) URL: http://www.coreftp.com SmartFTP (Windows) URL: http://www.smartftp.com IglooFTP Pro (Windows, Linux) URL: http://www.iglooftp.com FlashFXP (Windows) URL: http://www.flashfxp.com SDI FTP (Windows) URL: http://www.sdisw.com LFTP (Unix, MacOS X) URL: http://lftp.yar.ru/ RBrowser (MacOS X) URL: http://www.rbrowser.com FTPTLS (OpenBSD, possibly other Unix as well) URL: http://www-user.tu-chemnitz.de/~grmo/ftptls/ Port: http://www-user.tu-chemnitz.de/~grmo/ftptls/port/ftptls-port.tar.gz Glub Tech Secure FTP Client (at least Unix, MacOS X and Windows) URL: http://secureftp.glub.com/ NOTE: BT does not recommend any specific product. The list above is for reference only. CPs are requested to take their own informed decision.
How can I go about it? Approach BT account manager/BT front door contact to schedule migration to NEW DEDS. Complete FTPS client installation & configuration. FTPS clients are available either commercially or as free-ware. Test connectivity to BT system with on-ramp server. (Support team will make this available) Test connectivity to NEW DEDS (Live) Start using new DEDS!
Time scales Phase-I : This is expected to be ready by end of May-2010 Phase-II : This will start by end of May-2010. No CP impact. Phase-III : Plan is to start decommission of OLD DEDS by end September 2010, but this is subject to the CP transition plans to be discussed between CPs and BT Account Managers / Product Line leads.