About the Webinar
Many companies are still using custom scripts or manual processes to exchange information with customers, partners, or other recipients. And, they do it despite the extra time and headaches required to maintain these outdated methods – and the lack of security these methods provide.
If this sounds familiar, join us as our cybersecurity experts explain why using FTP and other insecure, manual methods are a threat to your organization’s cybersecurity stance.
You’ll also be introduced to Fortra technology that allows you to secure, centralize, and audit the sending and receiving of files, with a web-based solution that is scalable and easy-to-manage solution.
Transcript
Angela:
Thank you so much for joining us for today's webinar, Replacing FTP Scripts with Managed File Transfer, where we're going to walk through challenges in using manual processes, and custom scripts, and better methods using secure managed file transfer solutions. I'm here with my cohost, Heath Kath, Heath, are you there?
Heath:
I am. Good morning. Hello, everyone.
Angela:
Hello. And before we kick things off, I'm going to just remind everyone, we do have today's event scheduled for an hour, and we are recording the event. So, following the presentation, you'll be receiving an email with the recording. In addition, we're going to have a survey that will pop up at the close of the event. And if you fill that out for us, it gives us valuable insights into any feedback that you have, and if you have any questions that weren't answered during the presentation, please feel free to ask them in that survey.
Speaking of questions, you're going to see a question pane on the right hand side of your screen. Feel free during today's event to go ahead and ask any questions that you have there. We do have some team members on the line who will be answering questions, and then we will also, if there's time, answer some of those at the end.
Agenda
All right, let's talk through our agenda for today. So, we're going to set the stage for the context of file transfers in organizations today, and then we're going to dive into some of the issues with manual, custom scripts, homegrown solutions, manual processes, and then dive into some better best practices with a secure managed file transfer solution, and Heath's going to take us into a live demo of GoAnywhere. And then we'll go wrap up with some Q&A. So, I'm going to introduce you now to Heath. Heath is a senior solutions consultant here at HelpSystems, and he works with our GoAnywhere Managed File Transfer product line.
Heath provides pre-sales support, and specializes in demos, and proof of concepts. He's also a member of our professional services team, and provides additional training, and assistance to our GoAnywhere users. Welcome, Heath, I'm going to turn things over to you, and you can take it away.
Heath:
Sounds good. Thanks, Angela. Yeah, I appreciate that. And thanks, everyone, for your time here today. I really, really do appreciate that. But, we do have a lot to cover, so we'll get started right away. As I go through these slides here, I'm going to try to keep them kind of high level, and pretty quick and to the point. But, like Angela mentioned, if you have any questions, feel free to send those chat messages out there as needed.
Putting MFT in Context
We'll cover some solutions, the mitigations if you will, around those common pitfalls of traditional FTPs, various scripts, applications, the decentralization, weak or no encryption, auditing and more. So, that's some of the areas I'll be focusing on around the standard MTFs, your file transfers and all that.
Each company, regardless of size, and industry, requires exchanging information with internal, and, or external collaborators. Maybe it's payments, invoices, policies, inventories, or maybe quarterly reports. Traditionally, the way to exchange this information has been based on plain old FTP, or SSH. These are really no longer viable protocols.
Maybe you're using those very popular cloud type services, like Box, Dropbox, Google Drive, ShareFile, Salesforce, and so on. Many different services are available, and many of them don't have any tracking. They're very limited in security, and so forth. Maybe you have non secure APIs that are opening some security vulnerabilities with applications that are sharing data back and forth.
I still come across a few that still use standard email. It's quick, it's simple, right? To add to this list, maybe you're saving information to an external disk, or a portable drive, and then manually delivering the content yourself. These are also no longer viable protocols, and we need to tighten things up, especially on transmitting potential PII, or PHI, or PCI information, all that sensitive information needs to be controlled a little bit better. The last item, automated scripts, these scripts can be awesome. They could be complex, they could do a lot, right? However, what we find is that they're typically hard to maintain, and manage, and some are very challenging just to use them.
The Problem of Homegrown Solutions & Scripts
So, what type of file exchanges are you doing today? Some of the file exchange types are pretty straightforward, such as, b2b, business to business, or business to consumer type interactions. This is going to be your automated, unattended file transfers. No human interventions. This could be like command line scripting, if you will.
The next one is person to person, or maybe it's a mix, like person to server. This is more of that traditional ad hoc type file transfers where a user is manually taking some sort of action. Maybe it's as simple as sending an email, or even basic FTP tasks to send documents out the door.
To expand on external file transfers. These file exchanges we all want, or should I say we all need to send the documents securely. These actions are here listed in the red. Those are those basic ones, the FTP, HTTP, and standard email. These methods are the ones that really should be avoided. We should be leveraging encryption keys, so we can get to those green colored arrows up above here, like HTTPS, being able to leverage TLS type of encryption using certificates. And then, we have the secure FTP, leveraging some SSH keys to encrypt those files in transit.
The next bullet point, we're talking about the end to end encryption. This is not only protecting in transit, but also the encryption at rest. We need to be able to protect those documents on the server that they land on. That is, to be automatically encrypted as they sit there, at rest. Definitely pay attention to those that are in transit. But, a lot of times we forget how important the at rest encryption is. And we'll kind of cover that a bit more here in just a little bit.
EDI document translation. This is really about those computer to computer, or business to business communication that's automated. To get that human interaction out of the processing to deliver invoices, or purchase orders, and things like that. Many times, these are homegrown solutions that can be difficult to build, and maintain. You may also require a specialty IP system, or another application alongside of it, that is going to be quite expensive. A side note, some of the trading partners will require AS2 type file transfers for their EDI files. So, that can also add more to that price tag.
Applications can be created to transfer files between network shares. Applications can be set up to extract, and modify the data. Maybe you have a mix of manual steps combined with some applications. Some of it's not automated. So, if it's not automated, then it's prone to those human interactions, and human type of errors.
You may have a need to transfer files to different servers, platforms, and applications internally. This also can get a bit cumbersome over time, especially if you have different OSs that are involved, and that you need to manage. You may also have those one offs, tools or resources that are not centralized, also making it more challenging to access, manage, and to exchange data with.
Encryption in moving information is quite common, either because the protocols are secure, or because the files sent are encrypted. But, what is generally neglected is the process of encryption, and decryption before and after sending the files. In general, this process is manual, leaving the information exposed after it's been decrypted. Another challenge around this is also the generation of keys, and certificates. The process is sensitive, and it shouldn't be left to everyone, or anyone out there.
Yes, the file transfers are internal within the company, that is, but this is really focusing on external file transfers, as a transfer is going from one location to another. Whether these are going to be traditional MPLS lines acting as one entire network or not, this is another security piece that must be covered. Maybe we're doing just regular VPNs, or maybe we're doing things just over the internet.
Beyond the security aspect of it, look at the bottom point, talking about the transmission of maybe large files. Maybe you're an architecture firm, and you have large CAD drawings, or videos, or other large file types, and you need to transfer these things internally throughout your network. Well, the latency between those lines, if you don't have the high speed, or if you're dumping a lot of money into your infrastructure, as far as the lines are concerned, can be a big issue, whether or not files actually fully get across the line from point A to point B. Maybe the communication line is timing out, maybe it's just taking a very, very long time to transfer those files, so it's very slow. In any case, time does equal money. These are also factors to consider around your file transfers, even internally.
So, let's dive into some of those common issues around the homegrown solutions. Picture this if you will, data is leaving the firm in all kinds of ways. While the CISO, the chief information security officer, and the Technology Group, they need to track all this file movement. You also need to put protection in place. Those protections need to be spelled out in the contract, so the outside firms understand what they can, and cannot do with that data.
So, this kind of leads me to the very first problem around development and maintenance. We all know developers are pretty sharp folks. But sometimes those processes that they create can be difficult to follow, and understand. If so, this can leave that dependency on a certain few individuals, and that could create delays, and maybe can be expensive, as you may need to bring in additional resources internally, or contracting out, if additional help or updates are also needed. Tools could be outdated, and misconfigured, and having to maintain these one off client type of apps could also be troublesome, a real pain.
Keeping up to the latest security requirements. Earlier I mentioned just a little bit about PCI specifically, we think about it, using the piece of it, like TLS, version 1.2. Does your provider meet those requirements? Is your provider a member of the PCI Security Council, which will help them, and you, keep up to date with those requirements? You may be dealing with several scripts, programs, from day to day, or those one offs, who is managing all of them?
Since you may have so many existing scripts, which one is the right one to use? You may end up finding that it'd be easier just to go out there, and actually duplicate the script, copy those programs. Or, maybe to create a brand new one from scratch, because there's so many out there, it's too hard to manage which one to use, and you just add to that list.
Maybe some users don't really understand the security protocols, and how they work, or what is really required. Those are types of things that we need to make sure you're addressing, and doing correctly. We need to make sure your files are being protected, not just assuming, or thinking they are. Definitely time consuming. That is, to put it all in these different resources, to find and resolve all these different issues, this issue, or challenge gets multiplied if your solution is not centralized.
Problem number two, administration is decentralized. This is probably one of the biggest challenges that within the MFT space. That is, not having the one place to go. Not having one centralized administration pane of glass to manage all the different movements, and data manipulation that you want to do.
The administration of complex scripts, multiple tools, and different solutions that you need today. Maybe you have people using a free FTP server, and then someone else using an open PHP Studio for their PHP encryption, and somebody else is using something else for their file transfer process. It's a complete mix, or a mess, if you will. Don't forget the mix of protocols, what do your trading partners require?
The management of service users. This is the case in the systems, and the applications that the users need to use. User management can be a huge problem, whether it's administration user, whether it's the users that connect to your system to do FTP, or log in to a web client. Not having a centralized place is very difficult to manage them, but also can create security holes, as far as creating different service accounts.
The lack of integration to Active Directory, or maybe it's just too hard, too tough to set up, and manage. You need a solution that makes it easy to integrate with Active Directory, or generic LDAP, or even LDAP managed accounts. If you don't have AD, or LDAP, you at least must have then, another option to help you manage the users' profiles, passwords, their accounts, and this also can be very challenging in some cases.
Managing the encryption keys. These keys, and certificates can be all over the place. Maybe you have your own PK environment for certificates, but you also use open SSH. Some type of service for PGP keys, and then maybe you generate the SSH keys using PuTTY, or something else. The point again, your tools should be centralized, not decentralized. Not to mention, again, who's managing all these keys? Who's taking ownership?
Automation is another limitation that many are faced with. The more that you can automate, the better. The less user interaction, the less things could go wrong. Plus, what if that person who's doing all the manual steps is out of the office? Who has the knowledge, and the time to back up that person, to run through all those steps?
Does your process today have built in auto retry logic? What if you're doing a file transfer, especially on a large file to a partner, and in midstream, the connection goes down? Maybe their router rebooted, or yours. Do you have some auto-resume logic built in to pick up where it left off, versus starting all over? Or just to make sure the delivery of the file is successful?
Do you have simple workflows that you can build, and automate your entire file transfer? Usually, we see companies building scripts, sometimes several scripts, just to pick up a file, encrypt it, and deliver it. If this is you, you're probably lacking an easy to use graphical user interface, or you're not able to build project, and automatic workflow for your file movement.
Limited controls of secure file movements. Maybe you're putting files into the hands of other users that really don't understand the sensitivity of the data. You're depending on them to know that it's sensitive, and you're assuming that they will use that secure method, like secure mail tool they have, or hoping they will use some secure method of pushing that file out.
Do they really know how to encrypt with PGP? And if so, are they using the correct key? All of these is around manual steps, and because it's manual, it's also very risky. Many times we hear that encryption, and decryption are still a manual process, and it's a lot of work. It's a pain in the rear, to be blunt.
The problem before is around the lack of auditing, and notifications. Lacking, or no centralized audit trails. You should be able to verify easily if a file was transferred, and how it was delivered. Your solutions to view the audit log should be easily accessible. you should be able to define how long to keep the logs, and where to keep them, even.
Lacking a full audit trail. What if you're getting audited, and your audit logs are only partial, or incomplete? Will you pass the audit? Can you show the detailed information about who sent the file, who you sent it to, what method et cetera? Where is that proof that you need for that auditor? To dive a little bit deeper on auditors, maybe even end users, can you quickly and easily show what files were delivered, or received? Can you search through your audit trails for just a particular file?
Another challenge for many current solutions is that they're lacking good, and automated alerts. Maybe those alerts are by email, or to send a text message out. I will assume that you would rather know what is going on now, versus finding out later, maybe several hours later, that documents were not being processed and delivered. Maybe you have SLAs, you're expecting a file by a certain time, a process to move a file didn't happen on time, and so forth. Many solutions lack the ability to define those SLAs, to be able to inform you if a condition was met, or not met.
Another issue is that many are unable to meet those requirements around strict security policies, complying with state privacy laws. You may have HIPAA, PCI SOCs, ISO, GLBA, compliances that you are required to meet, but currently, your solutions really don't help much.
The fifth common issue is around security. Or should I say, the lack of. Definitely a very viable, and important concern to have. When we talk about encryption, this is where we're going beyond the title of the webinar. Let's replace FTP scripts. First, FTP is known to several as the older, or outdated protocol. Many may have some deep hooks into FTP, and we do understand that. But FTP really is not a safe protocol to use for file transfers.
This can be a valuable point, for many of you guys is a main problem. The files are sent out not using an encrypted channel, nor are the files encrypted, like with PGP. So, the recommendation is really try to get away from FTP if possible. You may have algorithms that are vulnerable to hackers, or may have some scripts, and these scripts may have some profile passwords that are stored in there, and those passwords are stored in the clear, so now you and others can easily read them. If you do it using encryption like PGP, your solution might be lacking the capability to help you manage the keys, and certificates. Thus, you may have to rely on other applications, or a third party for those.
Access Management, the current solution may not have built in segregation of duties. Do you have a need to regulate, control the type of connection given, or allowed, maybe by branch, a team, maybe by department. Many tools are lacking the ability to manage, and control these users. Focusing on our administrators, these admin users, how are they segregated? Do you have different RBAC roles that can be assigned to their profile, really controlling what they can see, and do?
So, depending upon what that person needs to see, and needs to access, can you really define, and control this? Can you easily, and automatically disable, or deactivate a user profile? Maybe too many invalid login attempts? Maybe the profile was inactive for too many days, such as, you hit 180 days, it's automatically disabled. Do you have a strict password policy? Where, what we hear, I should say, is that many solutions don't have that strict control around the profile and passwords. Their solutions may lack the MFA, multi factor authentications.
A quick note though, about MFAs, is that this is really a good way to probably get rid of 90% of those potential breaches of your username and passwords. That multi factor authentication, whether it's a text to your phone, an email, or whatever, it makes it exponentially more difficult for someone to hack into your account.
To expand on security issues, from the architecture point of view. I will try to make it quick, and summarize here, focusing on the server side, where you have customers, trading partners, maybe remote employees, who are now working from a remote office, A.K.A. their home, connecting to your server to upload, or download files. This server, or this active listener on your end, may not have the additional layer of protection that you need to have, from the outside world into your private network. How is that to be controlled? How's that being managed?
So, this image is more of a traditional DMZ server, a gateway configuration, not what we fully recommend. In the middle, we have that DMZ server, and possibly that FTP server, the listener. Traditionally, some users or processes will house different folders in the DMZ, or store credentials out in the DMZ, and things like that.
With this setup, you are leaving yourself open for getting hacked. You have all these users, and possibly hackers getting into your DMZ server, where all that information is being stored in one location. So, this is a big risk. In an upcoming slide, I'll talk more about a more secure way of utilizing the DMZ server that an MFT solution can provide.
We just covered some of the architecture. So, I'm just going to expand a little bit more on security here, and I have added two more bullet points. We have the availability. Is your environment set up for high availability, HA, or disaster recovery? It's that, "What if?" And how do you react? How do you recover if a server goes down? What is your process today around high availability?
If you're looking into an MFT, the Managed File Transfer solution, does it have some sort of high availability option in there, built in? Usually, this is going to be in the form of a cluster, like active-active. If one node goes down, well, there's another node that's up, so you can continue working seamlessly, allowing your files to transfer as needed.
Some solutions lack the ability to prevent, or deny service features, or brute force attacks. If you're listening, say, on port 22, for secure FTP, or 21 for FTP, or 443 for HTTPS, those are going to be those common ports that people, or bots are going to be hitting, and trying to log in. If so, you should have a solution that has automatic IP blacklisting, checks on malicious usernames, and things like that. So, you will need an MFT solution that can provide that layer of protection.
Another challenge, or a problem is around data integrity. Has the data been altered, when received by the recipient? Do you have some checksums in place? CIA, and I don't mean the Central Intelligence Agency. What I'm referring to is around security. CIA, the confidentiality, the integrity, and availability. Most of us probably understand the confidentiality. But what about availability? Availability is a security concern. If the data is not available, then you can't work with it.
On the other hand, making sure it's only available to the person, or persons that need to look at it, and no one else. As for integrity, make sure things are not altered in route, make sure that the middleman is not altering these files in some sort of way before it reaches the final destination.
At this point, we've covered a lot, and this is a way to help summarize those common needs to have. Protecting the data that's exchanged. This is going to be obviously, making sure that we have that encryption in place. Whether you're using PGP file level encryption, whether you're using the actual transmission protection, we want to make sure that we have those things in place. It's in there. So, it's a common need. We also hear, "We want to encrypt the data in transit, as well as at rest." So, those are two things that we need to address, and need to have a solution for.
Secondly, we want to manage, and control those file transfers from a single site, or as we talk about it, a single pane of glass, a centralized solution. And again, for all those reasons we talked about, we want to have that one place to do your auditing, your alerting, checking on things, all those types of things, to where we're not having to worry about those one off applications. And not only from an auditing perspective, but from a maintenance perspective. We only need to update, and keep one tool to the latest and greatest ease of use, easy to manage, and of course, for security perspective as well.
Last but not least, regulation compliant. I think most people in the business, in some way or another, these regulations compliances, like HIPAA, PCI SOCs, GLBA, they will affect you in some way. A lot of this can be handled, as far as a regulatory compliance, just because of the algorithms, and cipher suites, the key exchange algorithms, those types of things that are available within the product. The next step though, is to make sure that you're using those steps, using those built in options to help maintain that regulatory compliance as needed.
So, why managed file transfer? Well, it's pretty simple. Managing secure file transfers, centralized admin, one tool that allows you to build, maintain your file transfers securely, a single pane of glass, if you will, again. Full traceability, and control. Again, this gets back to that auditing, and the security that can be defined. And of course automation, automate your file transfers, no longer do you need to rely on a user to kick off that file movement.
GoAnywhere MFT
GoAnywhere Managed File Transfer is the MFT solution here that is by HelpSystems. This slide kind of paints a big picture of what GoAnywhere can do. It's that 50 foot overview, and pretty soon I'll give you a live demonstration of it, kind of give you the flow of that, moving a file around. This left hand side, this bullet list is all about going, or acting as a client, where you're initiating the file transfers, the pushing or pulling. Set up the automated workflows through a built in scheduler, and folder monitoring. These jobs could possibly pick up new files, automatically encrypt them, rename them, zip them, and send them out the door, and more.
Where we've got the right side, this is going, or acting as a service. The listener for your customers, your trading partners, employees, to connect up to your server, to securely upload, and download files based on their permissions, and based on what protocol they can use. Maybe it's secure FTP, or HTTPS, the web client, a nice easy to use, graphical user interface. Maybe using secure mail to send, or receive documents that never really go through your exchange server.
What's nice about Secure Mail, the there's no size restriction unless you define one. You can also define expirations, and more, and the recipients simply click on a link to securely download, or upload those docs to the server, as needed. And just to point out, GoAnywhere is pretty much almost agnostic. You can install GoAnywhere MFT on a Windows, a Linux, an IBM i, a Mac, and more. We support multiple platforms on prem, on virtual machine, cloud offerings like AWS, Amazon Web Service, Docker, and we also offer a SaaS solution, GoAnywhere MFT as a Service, where GoAnywhere is then hosted by HelpSystems. So, we can actually help you then really manage that software and upgrade it for you automatically.
GoAnywhere MFT here, it a modern solution. It's a web based application for administration, and for the users. Besides being a centralized solution, we continue to push out three to four major releases each year, with several updates in between. So, we're always, always improving the solution. You'll find that it's also very easy to deploy. In fact, you can download, install, and have GoAnywhere up and running in usually less than 10 minutes.
Easy to use for updates, upgrades, enablement of features. You will find that it's easy to manage the application, as well as the users. Building the workflows are also very easy, just using your normal skills, like drag and drop, and double clicking. You don't need to continue writing time consuming scripts. GoAnywhere is a Java based application. It doesn't get the hooks into the OS. That's why we're able to be OS agnostic. But also, you don't have to tinker with the registry, and things like that. It's really easy to install, create clusters, configure the high availability, the environment that may be needed. Then once you have it installed on your OS, whatever flavor it might be, you can then use the browser of your choice, I.E., Firefox, Chrome, or whatever.
And the extensibility. This is more towards the user's configurations requirements, and the flexible pricing. GoAnywhere is modular, or feature based application, so you only need to pay for what you need. You have options around licensing, like perpetual, you pay for it, and you own it. Or, with a subscription model, and you just pay for the maintenance from there on out. You can have unlimited users, transfers, file sizes, and stuff like that. So, we don't add additional cost to you along the way as you're working with the product, as you're working with all the different number transfers. Again, there's no limit to the transfers, either.
As for server connectivity, we'll talk a little more about that, and you'll see a little more here, as inside the demo itself. But, as far as how these resources go, these servers that you're connecting to within your workflows, to push and pull from, this is another good, easy way for a centralized administration, off of one pane of glass. Again, you can work with it.
So, not only are you going to be able to have the ability to manage the file transfer solution, in our case GoAnywhere. You can also define these resources right there, so you can easily reach out to those servers, using different protocols, and services to leverage their functionality, bringing it in house with GoAnywhere. That centralized solution. So, again, you'll see it here, how it all comes together here in just a little bit.
Within GoAnywhere, the advanced workflows, you can also be able to integrate, and connect to your web service applications, like Box, Dropbox, SharePoint, ShareFile, Google Drive, JAMS, Automate, Salesforce, and so many others. I think we now have at least 38 different cloud connectors that you can install. Once installed, these connectors provide an easy to use, task oriented workflow that is built by simply dragging and dropping.
To give you an example, let's say you have Salesforce. Within the workflows, you will be able to add, update, get information about your user accounts, cases, opportunities, and more. You can also download, and install GoAnywhere commands, and API's. Once you do that, you can then call GoAnywhere projects, through workflows, from a command line, or from your own enterprise Scheduler. Or, maybe you want to make them web service, SOAP and REST enabled. GoAnywhere can use web service type calls to call projects, and things like that. So, when you're calling those things like we just mentioned here, override variables, run interactive, in batch. Those are things that you can pass in as parameters at runtime, to give you additional flexibility.
On this slide here, there's a lot there, but for the most part, we already all covered this previously. Plus, you'll see a little bit more in the demo. We have auditing, inbound services, built in key management, encryption, admin roles, and so forth. Just two more slides, and then we'll get into a demo. So, just kind of bear with me here. But, another slide here around some of the advantages. Some of this, again, we covered, so just to kind of point out a couple.
The customer portal, the web client that utilizes HTTPS. This webpage can be custom for your trading partners, customers, employees that need to log into your server. You will be able to customize it with your own background image, the logos, disclaimers, and customize the layout as well. Even if using this for multi tenancy, you would like to have different listeners to it, so different images, different connection points, not a problem.
You could apply different web clients, or images, if you will, to each individual, or department, depending on that URL you set up. So, really making that page look like their own, so it's unique. So, it's another cool option you can take advantage of. Also, just to kind of point out two factor authentication. This is where you can use a RADIUS server, like RSA, SecurID, Google Authenticator, Duel, anything that can support RADIUS, the protocol. Or, we have a couple options of TOTP, the time based, one time passwords options, where it's the traditional TOTP, like Google auth, Duel, or Microsoft Authenticator. Those apps on your phone can be easily used. GoAnywhere also has a built in option, so you don't have to rely on a third party app to send out that one time based password via email, or a text message, also.
All right, our last slide here, then a quick demonstration. But we know most IT professionals want credible, third party evaluations to help you find the best MFT solution for your organization. Info-Tech Research Group released their 2020 MFT Data Quadrant Report earlier this year. That is based on customer feedback on over 30 leading MFT solutions, taken from softwarereviews.com, and the second time, two years in a row now, GoAnywhere was placed in the leader quadrant, and earned the number one spot, with the highest composite satisfaction score, and net emotional footprint. Which really comes down to really measuring how our customers feel about us, compared to other products like Ipswitch, MOVEit, IBM MFT, Citrix, and so many others.
Areas, by the way, that GoAnywhere really stands above others, are from like values created, number, and quality of features, ease of implementation. GoAnywhere also received top five scores in vendor support, ease of data integration, IT administration, customization, and the availability, and quality of trainings that we also offer. And to learn more about this, we have a full report from them, put it right there on our website, so it's easy to access.
Live Demo
All right, so let me go ahead and bring up my screen for you. All right. So, what you're looking at here, by the way, this is the point of view as an administrator. When you first log in, you'll have your own dashboard. It's a great way to see what's happening on your server, what's happened recently. Again, this is for your admins, and each one of you, each admin will have their own personal layout, so you can change the layout, and you can pick and choose what gadgets, what information is being displayed on this dashboard.
Again, you can see quickly, your jobs that have run for last 30 days, if you want that there. Recent completed jobs, the statuses, and even links. We can jump right into the job log from here. It's interactive. You can customize these gadgets, and display different lengths of data, different time period that is, or even different types of information. So, maybe you only want jobs that are successful versus terminated, or whatever it might be.
You can see services. So if you have those listeners up and running, at a quick glance, you can make sure they're up and running. They're all started here, great. Quick links for navigation, or you can just use that bar right there on top. Whatever you prefer. Tracking the users, the number of transfers they have, users that are currently logged in, unresolved jobs, file movements, all these different gadgets can be easily, and quickly put into your dashboard.
All right, just kind of break it down a little bit, because time wise here, I want to get through everything for you. At a high level here, we have two types of users. The administrator, that's me right now, logged in. Your admins, they're here to help you set up GoAnywhere, manage your users, set those workflows, et cetera.
You have different templates, and groups to help manage them, and of course, you can define certain roles to those admins. There's 18 RBAC roles out of the box. As you can see, we have quite a few of them. You can define an admin to be just an auditor, to view the logs. An admin to just to be able to run the projects, or to design the projects, those workflows.
I even have one down here that you had the Web User Manager, but based on another user request, they wanted to set up an admin who could only reset a user's profile, not make any other changes to it. So here, I've actually created this granular role. I got some different admins that can do it. But under permissions, I have web users, and you can see, the only options they can do is actually view that, users, the web user, and reset their password. So again, you can actually define granular roles, if needed.
Let me show you an example of one of my admin profiles. I'll pick on my own initially here, let's go down to... Actually, I'll grab this one. Because we do support the dual factor, MFA and all that, dual factor authentication, this one's set up for that, and comes down to, first of all, here are the roles that this admin can do. He can only work with the dashboards, and he's also product administrator.
So again, you can lock down what these admins can see, and what they can do within the product. But I want to show you this one time password, and let me do this. Let me bring up... There it is. All right. So, if I show you really quickly here, I have it all set up for me. I'm going to demonstrate that, use that profile right there. So, HK_Duo. You can see this has popped up. This is set up to use the one that's built in to GoAnywhere to be able to email, or send a quick text message out with that number.
Hit send. If it all goes well, I should get a quick text message. And I got it, and of course, then I get the fun of typing the number in there, and it's a six character digit. But of course I did it wrong right away. Oops, and I did it wrong. Let's try that again. Yeah, well, next try, if it don't work, I give up, just because of time wise here.
All right, sorry about that. Live demos, that's what happens here. But anyway, I would get a six digit character code to actually log in. It's no big deal there, just to show how it worked. But, it just didn't work on my end. My typing skills for you. As a new user, first time user, that is, you would have to have a barcode you can scan into your device there. So it's pretty easy to get set up, and all that. But again, that multi factor authentication is pretty easy to use, and take advantage of.
Now, the other type of user is around the web users. The web users become a higher global term, it's about your users, your customers, your vendors, whoever it might be that are coming to your server. They may be using FileZilla, or an application, or utilizing it on the web, true web, through HTTPS. And, once they're in there, just like before, by the way, you have templates in groups. You have different login settings you can define, by the way. Just to show it to you quickly.
This applies for both admin, and end user. The one time password, time based password with RADIUS, single sign on, login method routing. So you have different options there too, that you can set up and utilize. You also have different login methods that you can set up, and define, and associate these with the users for both the admins, and end users. So if you have Active Directory, LDAP or RS already, not a problem. Plus, as I mentioned, we have a built in database, also, to help you manage those profile passwords.
As a web user, once you set them up, again, these users are those that you're allowing to walk through, to be able to connect up to your server to upload files, download files, et cetera. And if I pick on one of my users on this server, we'll call them the best user. So your trading partner, customer, or vendor, whoever's coming in, you're going to define who they are, and what they can do once they login.
So, as this particular user right now, you have information about who they are on that screen there, how they must authenticate, again, do they require, are you using Active Directory, or will they be managed by GoAnywhere, et cetera. But, it comes down to really two main tabs, I'd say in here, in the sense of setup. You've got your features. What are the protocols, can this particular user use, to connect to your server? You may have everything up and running on your end there, but you can lock it down so that this particular user can only use HTTPS, and secure FTP. It's up to you.
And at that point, what features, what modules of GoAnywhere do have installed that they can use? So, this user, it's actually set up to use secure folders, secure mail, and also be able to view their own activity report. All right. So when they connect up using secure FTP, or HTTPS, what can they see? What folders can they get ahold of, right? Get access to, and all that.
We have home directory, this is associated to the unique user ID that that profile is using, the person is using there. And I have just the list permission defined. So, I can only list things. But, I do have two virtual folders. Virtual folders, these are just pointers. So this Inbound is a made up name, pointing to some path below it, that the end user will never see. So, you're keeping this path completely hidden from them. This by the way, Inbound, is actually pointing to a remote server. You actually are able to point to different locations, locally shared drives, remote server, S3 buckets, et cetera.
Outbound. This was defined locally. And again, look at those permissions, what can that user do on that folder? Here I have list, upload, and overwrite. That's all I can do. Again, you are able to lock that down pretty easily. Outside of that, you can actually define different IP filter rules. You can control the time of day, day of the week when they can access this, and so forth. So you have different options you can actually set up for that particular user.
And to kind of give you a little example here… actually, let me back up for a second. So, the features, right? These protocols, it's really easy for you to set them up and manage them also within GoAnywhere, under service, service manager. This is where you're going to set up those listeners, HTTPS, secure FTP, et cetera. GoFast, by the way, this is just another protocol we have for secure file transfers, within GoAnywhere, at a little bit faster rate. But, taking a little deeper look here at HTTPS.
Really quickly, let me dive into it. And we have a couple different listeners set up. Just want to point out, again, you can define the port number. You can also take advantage of different protocols as needed, different cipher suites, and even set up that certificate, what certificate is being used at the back end there, of which can be managed, by the way, within GoAnywhere, within a key vault, which we actually queued up here. So, it's really easy, again, all centralized for you.
All right, like I said, I kind of want to walk you through some examples here, some different things you can do to work with that workflow, to move those files around. And my example will be taking advantage of using an existing key within a PGP key. So, under Encryption KMS, first of all, just to think about that listener, the HTTPS one I just showed you, just to go back for that, for a quick second.
I can come in here, I can search for that particular certificate, and the key pair that set up for that. And here it is, right there for you. So, you see those certificates are right there. And by the way, once you create them, you can add them, or import them. You're able then to leverage those certificates, those keys really easy within GoAnywhere.
If I back up for a quick second, let's say you have some PGP keys, ones that you need to use for encryption, or decryption, depend on which way you're going. It's right there for you. So, here we have those PGP keys, right there for you. You can, again, create your own key pairs. You can import your existing keys, or your trading partner's public key that you need to use.
All right, so here's my little story for you today here, guys. Let's picture this here, I'm going to set up what we call a monitor, and let me go and zoom in a bit. All right, so, inside the workflows, again, the projects are really your file moving. We'll get a little more into that in just a little bit. I'll walk you through one. But in sense of automation, what I'm going to demonstrate here is the ability to actually monitor a folder for a document, or documents being dropped off. And I have one out there right now, it looks like it's active. I'll make sure that, just really quickly. Yep, it is active.
Let me walk you through it. Here you can see it's active there as well. You're able to monitor a local folder, a network share folder, even a remote server, like through secure FTP resource. We're going to monitor a folder in this example, we've got these Daily Reports. We're going to be looking for some type of event. Since this has started, or since the last time I checked, has anything been created, or modified? Created, modified, or deleted? Or, kind of a high thing here, does anything exist?
In my example here, does anything exist with this file naming pattern? All right? So you can actually define a wildcard if needed. You can also define a regular expression. How often you check in that folder, you can define how often you want to check. I'm going from 5:00 AM to 6:00 PM. I'm checking every 15 seconds, but maybe more realistic, you can check every five minutes, every 10 minutes, every hour, whatever you need to do there.
We're looking for a document, several documents. And this one here is a file list variable, so we can actually pick up one, or several files in that document we're monitoring. It'll keep track of those, through a variable called Files. Files will be passed to a project, that project will do something then with those files, and meet your criteria.
Advanced. We want to make sure there's no locks in the file. So we can check for actual local file locks, or secondary snapshot. Email notification. If this monitor itself fails to run, maybe that folder you're monitoring has been renamed, or deleted, or a remote server, the connection is down, so you can't connect to it. You can be notified.
Project success, failures, you can be notified, even SLA. If by 6:00 PM, as I have said here, if no files were ever found, were received there, you can be notified. Okay? So we're monitoring a folder. And let me show you this, that's if I can get to it. Bear with me here. All right. And so, here's what we're doing. We're actually monitoring this folder right here for those documents. And I do have a couple documents here I can grab. You may have users creating documents, you may have a process, an application, a job that's going to push those files there.
All right, I'm not sure what it's doing. I think it might be trying to open it on me. All right, we'll keep talking. My PC kind of locked up on me. All right, it's coming back. All right. All right. Let me grab those two documents, and I'm going to copy them in there.
All right, so they placed the documents there. And again, that could be a user doing it, it could be a process. They're right there on top, and as I'm refreshing them, if I catch it really quickly here, that monitor is going to fire off, and actually rename them. So, they were just renamed, and now they're gone already. So it was a quick second there. So what happened here is that in the back end, again, we're monitoring that particular folder, and then a project was fired off. A project that could automatically pick those documents up, and do something with them, whatever it might be, right? It could be anything.
And what happened here is that, long story short because of time wise, we're going through it, we have a temporary space to put things into, to work with it, by the way, it's part of this job. If you're on the i series, an IBMer, and all that, think of Q Temp, like a library, temporary spot. Rename. Here's that variable called Files. Let me zoom just a little bit for you. Right there, that came from that monitor, right? So, that variable called Files has been keeping track of all those documents that were just uploaded to that particular folder that I picked up.
At this point, I'm going to zoom down just a little bit here, I’m going to zoom out. I'm keeping track, also the number of files who have variables. So I'm creating some variables here in the bottom, the number of files, and also the files to be renamed. And I'm going to encrypt those files. So, now I am actually using that variable I just created in the previous step called FilesRenamed. By the way, that's just right there in the right corner. FilesRenamed right here. All you have to do is drag and drop, or double click to fill in that parameter. So, it's really easy, will format it for you automatically.
And by the way, there's also some built in help that's outstanding within GoAnywhere. You'll find some really good detailed information very quickly by clicking that question mark. Plus, you can also get additional help by scrolling down, and seeing examples et cetera.
And so, I'm going to encrypt those files. I am going to encrypt those files with a key that's right out of my KMS. So, something you've created, or could be imported from a trading partner, select their key. Where are you going to put those files? You can put them into this temporary workspace. But note, you can also deliver them to some other location, a local drive, even to a remote server through what we call a resource, a SFTP resource, where I can deliver them directly to my business partner.
But, what I'm doing here, I'm putting them into a local space. I'm keeping track of them, the original files, encrypted files, et cetera. And the reason I'm doing so, is I'm going to show you some different options you guys can do. It's up to you, again. I could take those encrypted files that were renamed, and deliver them using secure FTP. I select my server, my trading partner, who I want to deliver to. That's the resource.
I could also, and by the way, here's that Put Files, again, just using a variable. And that destination, just to show it to you, when you browse, it actually connects you to that remote server. So, I'm on that remote server. I'm on my trading partner's server, and from there, I can navigate to the folder I want to drop them off at. I could also email out that file. Here we have some information, the body of the email, number of files, a list of files that was encrypted. And also, the attachment of the encrypted files.
Maybe you want to archive the files, move them to another folder if you deliver them. You can do that as well. You can do a move, you can do another put, whatever it is. Up to you guys, real easily. Again, I'm utilizing the variables, so it makes it really easy for me to do that.
At the end, I'm going to delete the workspace where I kept a copy of those files. I also have some error handling built in, where if something fails, it's going to run this module down below to do something, and you have over 150 different tasks, different actions you can do now. Not just a simple put. I could actually do an email, send an email out, indicating what job failed, what's the error ID. I could also include a job log right away. So, that's all being done automatically within that process there.
Let's just see if I got it or not. Here's that email was sent out. Listing those two files that were sent, and also the actual files themselves, just things you can do. All right. So, that's one little example there. We went through it. Again, monitoring, monitoring a folder, picks up those documents, automatically moves them, removes the files once it processes them, et cetera.
You also have the end user who logs in. So this is another option you can do. So, let me log in with that BestUser profile. I have cap locks on here. Nope, BestUser. And when they log in, those virtual folders you saw earlier, when I walk through that settings, they're listed there. I can't navigate, I can't browse. And my inbound, if I go to that folder, you're going to see those two files that I've picked up, that was monitoring, that I renamed and encrypted right there. They were delivered to my business partner. So, now they have easy access to them.
Maybe they want to send you something. They could actually do an outbound. So if I go to that folder, they can actually easily then drag and drop their document into that folder, or documents, that will actually show them a little confirmation once it's uploaded successfully, and you could have a trigger in place, a third piece of automation, that can react to it instantly, to send out some notifications.
In my example, I do have an email that will be sent out to me, indicating what user just uploaded a file, and what file they uploaded. So, there's different things you can do. Email is probably a very easy thing to do, but you can also rename the file, move the file, you could actually call that workflow project to do more. But, here is that email. Here's the file that was uploaded, the size of it, the name of it, the location, and also information about the user who just uploaded the file. Just something you can do as well, if needed.
All right. I know we just have about a minute or two left here. Time does fly. But, as I'm working, as I'm doing all this stuff here, just note that everything is being tracked, everything is being written to an audit log. If you're doing it, use secure mail to send out emails securely, it's all being written to a job log, not a problem.
Here we have file audit. As I mentioned, you can search for file names. You can search for a particular user, a resource, exactly what's been done. But here are those two files that I encrypted, completed jobs. These are workflows, the automation piece that you set up, it's all being tracked, all being written. You can export the information, you have options, right to a Syslog Server. And, you have the option to break it down by protocol type. I just showed you HTTPS there, when I logged in, and I uploaded a file, and you can drill into it, and so forth.
All right. Typically, I'd like to show a little bit of email, just because of time, we're running out, but just to mention, along Secure Email, you can also use Secure Email from a plugin, use it within Outlook. So, if you have Outlook, we do have plugins there for you, where you can easily write, compose, and send out those documents securely, or you can do a request file, where you can send out a link to a recipient, with an upload link, and they can upload documents to your server. Once they arrive, you will get notified. So there's a lot of flexibility. So, if you guys want to see more on that, please reach out to us, and we'd be glad to do a demonstration for you on that one.
All right. Let me get back here. Okay, trying to go to the next page, and there my options are. All right, so, at this point, again, we went through a lot, but again, there's a lot more we can do, and I'll hand things over to Angela to wrap up here for us.
Contact Us
Angela:
Yeah, excellent, excellent job, Heath, thank you so much. So, I know Joe has been busy online here, answering a lot of your questions already. I think we have almost all of them answered. One did just come through. We'll go ahead and answer a couple of these. If you'd like to hang on the line, please feel free. Otherwise, if you are going to drop off, again, if you could fill out that survey for us, that would be very helpful, to request any feedback.
And then also, if you have any additional questions that you didn't pop into the question page today, please feel free to answer those, or reach out to us in any of the avenues that you see up there on our screen. And then, so Heath, I do think that almost all of these questions were answered, and so I see, I think we might be good, actually. So, if there are any additional questions, please feel free to send them our way. I know we're just a little past the hour here, so we'll go ahead and wrap this up. But thank you everyone, so much, for joining us, and that's a wrap.
Heath:
Thanks everyone. Have a great day.
Ready to See How GoAnywhere Fits into Your Security Suite?
Get a quote and see how our secure managed file transfer can fit into your organization's IT and cybersecurity budget.