Professional Documents
Culture Documents
Final
Equens
Classification: NON CONFIDENTIAL
Version 1.0 - 2 March 2009
Manual Connect:Direct
Connecting to the Secure File Transfer System of Equens
Version history
Equens
Manual Connect:Direct NON CONFIDENTIAL
Connecting to the Secure File Transfer System of Equens
Content
1 Introduction................................................................................. 6
3 Security ..................................................................................... 10
3.1 Introduction .................................................................................. 10
5.3 Scenario in the event of a network failure at the Utrecht location ........... 18
5.4 Scenario in the event of a total failure at the Utrecht location ................ 19
9 File sending................................................................................ 43
4 Equens
Manual Connect:Direct NON CONFIDENTIAL
Connecting to the Secure File Transfer System of Equens
1 Introduction
In this manual you will find information about Connect:Direct, one of the four
connection types of the Secure File Transfer System. Information about the other
three connection types can be found in the "Quick reference Equens Connectivity
Services".
In the "Quick reference Connect:Direct" you can find a description of the
administrative connection procedure.
The first section describes how Equens has configured the connection with
Connect:Direct and comprises chapters 2 to 5, which contain the following
information:
• Network variants via which you will be able to connect to Connect:Direct
• How the security works
• The manner in which the system will route your data to its destination on the
basis of file names
• How Equens has set up the backup and fallback.
The second section explains in detail the one-off procedure you must perform in
order to carry out future submissions of your data using Connect:Direct. This
section comprises chapters 6 to 8, which contain the following information:
6 Equens
Manual Connect:Direct NON CONFIDENTIAL
Connecting to the Secure File Transfer System of Equens
The third section explains in detail the activities that recur. This section comprises
chapters 9 to 12, which contain the following information:
• How to send files
• How files are delivered
• How to handle compressed files
• How to submit questions and/or changes.
These two types are equal in terms of security: The security will be organised on
application level with Secure Plus (SSL encryption).
If you should opt for a more robust connection, the Leased Line is a good solution.
This will involve additional costs ensuing from the management of the Leased Line
by the connection provider. Furthermore, this connection is not a standard Equens
network variant, and is realised in project form. This will also involve additional
costs.
8 Equens
Manual Connect:Direct NON CONFIDENTIAL
Connecting to the Secure File Transfer System of Equens
2.2 Infrastructure
When the connection is made to Connect:Direct the infrastructure will appear
approximately as shown in the following figure:
3 Security
3.1 Introduction
This chapter describes how the security of your data and the continuity of services
will be guaranteed.
Agreements and technical facilities will ensure that the Equens Secure File
Transfer System secures your data at all times. The security aspects are as
follows:
Authenticity
Authenticity will be ensured by means of the following:
• certificate verification
• a firewall rule will be added for your IP-address
Confidentiality
Confidentiality regarding public and internal connections will be guaranteed
through the use of Connect:Direct with Secure Plus (SSL encryption).
Integrity
The integrity of the data that is to be transported will be guaranteed via the SSL
hashing mechanism (digital signature).
Authorisation
Authorisation will be granted by means of the following:
• check on IP-address
• check on Node name
• contract conclusion checks
One major advantage to this security method is that it is end-to-end: from node
to node. The data will not only be encrypted in the public part of the network, but
also on the internal networks of the client and Equens.
An additional advantage to this method is the fact that the network link between
the client and Equens will no longer need to be secured separately. In principle, it
will be possible to send files over any type of network, including the internet.
10 Equens
Manual Connect:Direct NON CONFIDENTIAL
Connecting to the Secure File Transfer System of Equens
A Getronics Pink Roccade PKI (Public Key Infrastructure) service will be used to
issue certificates. This company sets high standards for the construction and
management of PKI systems. Getronics Pink Roccade has set up a private CA
(Certificate Authority) for the benefit of Equens. Private, in relation to this matter,
means that this CA will only issue certificates for the Connect:Direct (and Secure
FTP) service. Conversely, the Connect:Direct service will only accept clients with
certificates issued by this CA.
Equens will have full control over issuing of certificates and will determine which
certificate applications will be accepted or rejected via a RA function. Equens will
also be able to revoke previously approved certificates if, for example, a security
risk is established or a contract expires.
12 Equens
Manual Connect:Direct NON CONFIDENTIAL
Connecting to the Secure File Transfer System of Equens
4.1 Introduction
When you wish to exchange files with Equens via Connect:Direct , the file names
must comply with a specific naming convention.
Files sent will be routed to the appropriate Equens processing system on the basis
of the file name. Equens will not be able to route files sent whose name does not
comply with the naming convention and will therefore be unable to process them.
In such cases you will receive an error message by e-mail.
14 Equens
Manual Connect:Direct NON CONFIDENTIAL
Connecting to the Secure File Transfer System of Equens
Field Description
<SENDER> The ID of the submitting party.
This will be assigned by Equens and made known to the client.
<DESTINATION> The ID of the destination.
This will include 'SFT' if the file is destined for an Equens
system (not 'INTERPAY' or 'EQUENS').
If the destination is outside of Equens, the field must be filled
with a destination name that has been assigned by Equens.
<TYPE> The ID of the file type being exchanged.
Specifications:
• Each field is mandatory
• Each field must begin with a letter
• The maximum field length is eight characters
• The file name must comprise of only capital letters.
PLEASE NOTE: When sending files with Connect:Direct you will need to include
your mailbox number before the filename. The mailbox addition MUST be in
lowercase characters (the other part of the filename in CAPITALS). Below is an
example filename for mailbox M1234567 (your mailbox number can be requested
from the Customer Interaction department).
/m1234567/R1234567.SFT.CLIEOP.C1234567.TXT
• The client sends the files for processing by Equens. The system may or may
not create output.
16 Equens
Manual Connect:Direct NON CONFIDENTIAL
Connecting to the Secure File Transfer System of Equens
18 Equens
Manual Connect:Direct NON CONFIDENTIAL
Connecting to the Secure File Transfer System of Equens
Figure 6: Route through Equens fallback environment in the event of a total failure
at the primary location
This chapter explains the procedure for connecting to the Secure File Transfer
System at network level. Once the connection has been made it will be possible to
work with Connect:Direct at transportation level.
For our Acceptance environment (previously called Test environment) You will
need to open firewall tcp port 1364 for sftacc.equens.com (82.195.45.59).
This way the correct type of traffic will be allowed from your Connect:Direct node
(the machine that makes the physical connection with the Connect:Direct node
with Equens).
Please note: If you wish to carry out processing tests (please refer to section 8.5,
"Processing tests"), you must connect to the test environment.
20 Equens
Manual Connect:Direct NON CONFIDENTIAL
Connecting to the Secure File Transfer System of Equens
7.1 Introduction
In this chapter we show you how to obtain a certificate (also called "Digital ID")
and install this in your Connect:Direct node.
7.1.1 Procedure
In general the procedure is as follows:
• You install the client certificate
− You request the certificate with Equens via your browser
− You pick up the certificate from Equens via your browser
− You export the certificate out of your browser
− You import the certificate into your Connect:Direct node
• You install the Equens CA certificate
In the following paragraphs the procedure is escribed further.
7.1.2 Preparation
Before you commence the procedure, it is important that you pay attention to the
following aspects.
Choice of applicant
First determine which employee requests the certificate, as the certificate will be
linked to the person who has requested it! This is the only person who can extend
and revoke the certificate. When the person who requested the certificate leaves
the company, it will be necessary to request a new certificate. Please keep this in
mind when you determine which person requests the certificate.
Browser choice
The procedure and screenshots in this manual are based on the use of Microsoft
Internet Explorer. Equens strongly advises to use this browser. With other browser
a correct operation cannot be guaranteed. Equens does not provide support with
problems using other browsers than Microsoft Internet Explorer.
Converting certificates
Some nodes are not able to read the standard exported format. The certificate
needs to be converted. See the "Frequently asked questions - Connectivity
services" at www.equens.com
22 Equens
Manual Connect:Direct NON CONFIDENTIAL
Connecting to the Secure File Transfer System of Equens
Note: As of October 16, 2006 Interpay is operating under the name Equens.
However, the PKI environment at PinkRoccade is still active under the name
Interpay Nederland.
In the URL you will receive, as well as in the address bar of the browser you will
see /InterpayNederlandBV/
Step 1 Copy the URL and paste this into the addressbar of your browser
URL Production:
https://mpki.pinkroccade.com/services/InterpayNederlandBV001/digitalidCenter.htm
24 Equens
Manual Connect:Direct NON CONFIDENTIAL
Connecting to the Secure File Transfer System of Equens
• The name of the applicant or the name of one of the persons authorized to
change the password.
Please note that the certificate will be linked to the person who has requested
it. This is the only person who can extend or revoke the certificate. If the
person who has requested the certificate leaves the company it will be
necessary to request a new certificate. Please keep this in mind when deciding
whose name the certificate is requested.
• The access code for the CA website you have received together with the
URL, also known as the 'Certificate Enrollment PIN'
This pincode is only valid for issuing this certificate. You do not need to
safekeep the pincode after requesting the certificate. If you request a new
certificate, you will receive a new pincode.
• A 'Challenge Phrase'
The Challenge Phrase is case sensitive and may not contain any punctuation.
The Challenge Phrase is a sentence you will need to remember. You will need
this sentence when extending your certificate. In case you do not remember
the Challenge Phrase anymore, you will need to request a new certificate and
start the certificate request procedure from the beginning.
Figure 9: It is important that you have entered your e-mail address correctly.
Step 5 Confirm that you have entered the correct e-mail address
If you click on 'Cancel', you will get the opportunity to correct the e-mail address
in the Enrollment form.
If you click 'OK', the form will be processed.
Next you will get the screen below and a message from the Internet Explorer.
Figure 11: You see a confirmation that your request has been received.
26 Equens
Manual Connect:Direct NON CONFIDENTIAL
Connecting to the Secure File Transfer System of Equens
When you check your e-mail, you should see the message below.
From: certificate
Send: woensdag 2 augustus 2006 14:13
To: Janssen, Dhr. G.A. (Geert)
Subject: Equens Digital ID request confirmation
From: certificate
Send: woensdag 2 augustus 2006 14:24
To: Janssen, Dhr. G.A. (Geert)
Subject: Your Equens Digital ID is ready
https://mpki.pinkroccade.com/services/
InterpayNederlandBV/client/mspickup.htm
As indicated in the e-mail, you will need to perform the following steps:
• You copy/paste the URL mentioned in your e-mail into the addressbar of your
browser
• In the form that appears in your browser, please type the pincode mentioned in
the e-mail
• Please follow the instructions given in the form in your browser
Step 8 Copy the URL and paste this in the addressbar of your browser
You will get the following screen:
28 Equens
Manual Connect:Direct NON CONFIDENTIAL
Connecting to the Secure File Transfer System of Equens
Step 9 Type the pincode mentioned in the e-mail and click 'Submit'
Please pay attention! You will need to retrieve the certificate with the same PC
that you have used to request the certificate.
If you don't, you will get the following error message:
Next you will see the screen below, a message from Internet Explorer:
30 Equens
Manual Connect:Direct NON CONFIDENTIAL
Connecting to the Secure File Transfer System of Equens
32 Equens
Manual Connect:Direct NON CONFIDENTIAL
Connecting to the Secure File Transfer System of Equens
Figure 19: The screen where you manage the certificates in your browser.
34 Equens
Manual Connect:Direct NON CONFIDENTIAL
Connecting to the Secure File Transfer System of Equens
36 Equens
Manual Connect:Direct NON CONFIDENTIAL
Connecting to the Secure File Transfer System of Equens
You will get a confirmation that the export was successful. Click 'OK' to continue.
38 Equens
Manual Connect:Direct NON CONFIDENTIAL
Connecting to the Secure File Transfer System of Equens
8.1 Introduction
It is advisable to first check whether the connection is functioning correctly and
whether the files are being sent on in the required manner. You can test this
easily by sending a file to yourself. This connection test and file transfer test can
simply be carried out in the Equens production environment.
If you also wish to carry out processing tests, you must carry these out in the test
environment (!) and schedule the test at least one week in advance in
consultation with the Customer Services department and the relevant business
unit.
Figure 30: Testing for Connect:Direct will take place at three levels
Testing can only commence if the following conditions have been met:
• All relevant data must have been entered in the various Equens databases
• You must have installed a Connect:Direct node
• You must have installed the client and server certificate
40 Equens
Manual Connect:Direct NON CONFIDENTIAL
Connecting to the Secure File Transfer System of Equens
Feature Description
Subject The connection with Equens Connect:Direct.
This involves aspects such as:
• Setting up a connection with Connect:Direct and
Secure Plus
• The compression mechanism
Objective Checking whether the Equens Connect:Direct
specifications have been properly implemented with
the customer.
Conditions You do not need to contact Equens in order to carry
out this test.
Importance Recommended
Environment Production environment
Please note: It is not the intention of a connection test to send files to Equens. For
sending files you need to perform a filetransfer test.
Feature Description
Subject Routing from and to yourself.
Objective Checking whether the file transfer via Connect:Direct
between Equens and the customer is successful.
Conditions You do not need to contact Equens in order to carry
out this test.
Importance Recommended
Environment Production environment
Feature Description
Subject The content and layout of the files.
Objective Checking whether file transfer and data processing
(for Equens-specific business) between Equens and
the customer via Connect:Direct is successful.
Conditions • If you use separate test machines you must
request a test certificate
• These tests must be scheduled at least one week in
advance in consultation with the Equens Customer
Services department
Importance Not mandatory
Environment Test environment (sftacc.equens.com)
(testing in the production environment is not
permitted).
42 Equens
Manual Connect:Direct NON CONFIDENTIAL
Connecting to the Secure File Transfer System of Equens
9 File sending
9.1 Introduction
You can send files to Equens using commands in your Connect:Direct node. When
sending files you will need to initiate the transfer.
You can also send compressed data files. Please refer to chapter 11, "Working
with compressed files" for additional information.
10 File delivery
10.1 Introduction
Files addressed to you are "pushed" to you by Connect:Direct, you do not need to
take the initiative to retrieve the files.
It is not possible to retrieve files again that have previously already been supplied
to you. If you would like to receive a file that has already been supplied to you,
you will need to contact our department Customer Services.
Files to be retrieved will remain available within the system for 30 days. When this
period has elapsed, the files will be deleted and cannot be resupplied.
44 Equens
Manual Connect:Direct NON CONFIDENTIAL
Connecting to the Secure File Transfer System of Equens
11.1 Introduction
Files can be compressed in order to reduce their size and therefore also the
amount of time it takes for them to be transmitted. If the bandwidth is sufficient,
compression will not be necessary and consequently advised against.
11.2.1 Conditions
• You will be able to send both compressed and uncompressed files.
Contrary to when you would like to receive compressed files, there is no need
to state this on the Service Request form.
• The compressed file that you wish to send may not contain more than one data
file.
• Although the file name in the archive does not need to comply with the naming
convention, it is advisable.
This is also easy, given that the majority of compression programmes use the
name of the file being compressed for the archive name.
For example: If you were to compress the file
R1234567.SFT.CLIEOP.A123.TXT, the archive would be named
R1234567.SFT.CLIEOP.A123.ZIP.
11.3.1 Conditions
• If you wish to receive compressed output from Equens, please specify this on
the Service Request form.
11.3.2 Features:
If you have stated that you wish to receive compressed files, the following will
apply:
• All files you receive are compressed, it is not possible to compress specific file
types
• The names of both the ZIP archive and the archived file will comply with the
file name convention.
For example: the archive R1234567.SFT.CLIEOP.A123.ZIP would contain the
file R1234567.SFT.CLIEOP.A123.TXT
46 Equens
Manual Connect:Direct NON CONFIDENTIAL
Connecting to the Secure File Transfer System of Equens
Please note: The support that Customer Services will provide is intended for
situations involving a standard connection to Connect:Direct.
In the event of deviation, Customer Services will not provide any support for
matters relating to the client's domain.
Customer services are available from Monday to Friday, with the exception of bank
holidays.
• Opening times: 8 am – 6 pm
• Telephone: 0900 - 0660 (for customers in The Netherlands)
Telephone: +31 (0)30 283 68 60 (for customers outside The Netherlands)
• Fax: +31 (0)30 283 51 33
• E-mail: sft@nl.equens.com
You must fill in and send a separate copy of the form for each request and/or
change! This form can be requested from Customer Services or can be
downloaded from our website: www.equens.com
(Support - Forms - Connectivity Services)
This Service Request Form is only for submitting changes in the transport of data.
For the processing of the data files you are sending, you will need to make
agreements with the appropriate Equens business unit/department.
48 Equens