AS2 or FTP:What’s Best for Your Company
John Radko, Chief Technology Strategist, GXSRochelle Cohen, Sr. Product Marketing Manager, GXS
May 19, 2011 | Slide 2 | © 2011 GXS, Inc.
Family Feud: AS2 Versus the FTP ClanSelecting the Right Option for Your B2B Needs
May 19, 2011 | Slide 3 | © 2011 GXS, Inc.
Agenda
AS2 vs FTP John Radko– Review of basics– How do they work?– How to choose the best one?
GXS Solutions for Connectivity Rochelle Cohen– Options available– Additional services
Q&A
May 19, 2011 | Slide 4 | © 2011 GXS, Inc.
What Is a Protocol?
Client? Server?
Channel?
To illustrate the basics of a communication protocol, let’s buy some furniture…
May 19, 2011 | Slide 7 | © 2011 GXS, Inc.
IKEA Protocol for Furniture Transfer
Channel
Client
Server
May 19, 2011 | Slide 8 | © 2011 GXS, Inc.
IKEA Protocol for Furniture Transfer
Synchronous Request/Response(you go to the store, find it, put it on a cart, buy it, and drive it home.)
Channel
Client
Server
May 19, 2011 | Slide 12 | © 2011 GXS, Inc.
N.C. Furniture Protocol
RequestResponse
Channel
Client
Server
May 19, 2011 | Slide 13 | © 2011 GXS, Inc.
Understanding a Comms Protocol
Clients are requesting data (in the B2B scenario) or services
Servers are providing the data or services The Channel is how the request and data
move (may be combined or discrete) Client/Server is a role – a given system may be
both depending on the situation (AS2)
May 19, 2011 | Slide 16 | © 2011 GXS, Inc.
A Shared “Family Tree”
Internet Protocol (IP)
Transport Control Protocol (TCP) (UDP)
May 19, 2011 | Slide 17 | © 2011 GXS, Inc.
A Shared “Family Tree”
Internet Protocol (IP)
Transport Control Protocol (TCP) (UDP)TCP/IP
May 19, 2011 | Slide 18 | © 2011 GXS, Inc.
A Shared “Family Tree”
Internet Protocol (IP)
Transport Control Protocol (TCP) (UDP)TCP/IP
File Transfer Protocol (FTP)
Hyper-text Transfer Protocol (HTTP)
May 19, 2011 | Slide 19 | © 2011 GXS, Inc.
A Shared “Family Tree”
Internet Protocol (IP)
Transport Control Protocol (TCP) (UDP)TCP/IP
File Transfer Protocol (FTP)
Hyper-text Transfer Protocol (HTTP)
FTP Secure or FTP-SSL (FTPS)
HTTP over SSL (HTTPS)
May 19, 2011 | Slide 20 | © 2011 GXS, Inc.
A Shared “Family Tree”
Internet Protocol (IP)
Transport Control Protocol (TCP) (UDP)TCP/IP
File Transfer Protocol (FTP)
Hyper-text Transfer Protocol (HTTP)
FTP Secure or FTP-SSL (FTPS)
Applicability Statement 3 (AS3)
HTTP over SSL (HTTPS)
Applicability Statement 2 (AS2)
May 19, 2011 | Slide 21 | © 2011 GXS, Inc.
A Shared “Family Tree”
Internet Protocol (IP)
Transport Control Protocol (TCP) (UDP)TCP/IP
File Transfer Protocol (FTP)
Hyper-text Transfer Protocol (HTTP)
FTP Secure or FTP-SSL (FTPS)
Applicability Statement 3 (AS3)
HTTP over SSL (HTTPS)
Applicability Statement 2 (AS2)
May 19, 2011 | Slide 22 | © 2011 GXS, Inc.
A Shared “Family Tree”
Internet Protocol (IP)
Transport Control Protocol (TCP) (UDP)TCP/IP
File Transfer Protocol (FTP)
Hyper-text Transfer Protocol (HTTP)
FTP Secure or FTP-SSL (FTPS)
Applicability Statement 3 (AS3)
HTTP over SSL (HTTPS)
Applicability Statement 2 (AS2)
May 19, 2011 | Slide 23 | © 2011 GXS, Inc.
A Shared “Family Tree”
Internet Protocol (IP)
Transport Control Protocol (TCP) (UDP)TCP/IP
File Transfer Protocol (FTP)
Hyper-text Transfer Protocol (HTTP)
FTP Secure or FTP-SSL (FTPS)*
Applicability Statement 3 (AS3)
HTTP over SSL (HTTPS)
Applicability Statement 2 (AS2)
May 19, 2011 | Slide 24 | © 2011 GXS, Inc.
The Extended Family
Internet Protocol (IP)
Transport Control Protocol (TCP)TheInternet
FTP HTTP SMTP SSH
FTPS HTTPS SFTP
AS3 AS2
SOAP
AS1AS4EDIINT
May 19, 2011 | Slide 25 | © 2011 GXS, Inc.
ServerServer
How FTP Works (Active Mode)
FTP Client
FTP Server
Command Channel
Random port above 1023 Port 21
May 19, 2011 | Slide 26 | © 2011 GXS, Inc.
ServerServer
How FTP Works (Active Mode)
FTP Client
FTP Server
Command Channel
Random port above 1023 Port 21
Data Channel
Random port +1 (1024)
Port 20
May 19, 2011 | Slide 27 | © 2011 GXS, Inc.
ServerServer
How FTP Works (Active Mode) Challenge
FTP Client
FTP Server
Command Channel
Random port above 1023 Port 21
Data Channel
Port 20Firewall that HATES inbound
connections
May 19, 2011 | Slide 28 | © 2011 GXS, Inc.
ServerServer
How FTP Works (Passive Mode)
FTP Client
FTP Server
Command Channel
Random port above 1023 Port 21
May 19, 2011 | Slide 29 | © 2011 GXS, Inc.
ServerServer
How FTP Works (Passive Mode)
FTP Client
FTP Server
Command Channel
Random port above 1023 Port 21
Server opens a port in the firewall for the client to use for data (>1023)
May 19, 2011 | Slide 30 | © 2011 GXS, Inc.
ServerServer
How FTP Works (Passive Mode)
FTP Client
FTP Server
Command Channel
Random port above 1023 Port 21
Data Channel
Server opens a port in the firewall for the client to use for data (>1023)
Random port +1 (1024)
May 19, 2011 | Slide 31 | © 2011 GXS, Inc.
ServerServer
How FTP Works (Passive Mode) Challenge
FTP Client
FTP Server
Command Channel
Random port above 1023 Port 21
Data Channel
Random port +1 (1024)
Network Admin that HATES inbound connections
May 19, 2011 | Slide 32 | © 2011 GXS, Inc.
Securing FTP
VPN– Creates a secure “tunnel”– Can be used with any
protocol, not just FTP– Some standards (especially
server-to-server), but may require client install
FTPS– 2 types
• Explicit• Implicit
– Uses TLS/SSL to encrypt one or both channels
May 19, 2011 | Slide 33 | © 2011 GXS, Inc.
ServerServer
Virtual Private Network (VPN)
FTP Client
FTP ServerVPN
VPN
Sof
twar
e VPN Softw
are
May 19, 2011 | Slide 34 | © 2011 GXS, Inc.
ServerServer
Virtual Private Network (VPN)
FTP Client
FTP Server
Command Channel
VPNVP
N S
oftw
are VPN
Software
May 19, 2011 | Slide 35 | © 2011 GXS, Inc.
ServerServer
Virtual Private Network (VPN)
FTP Client
FTP Server
Command Channel
Data Channel
VPNVP
N S
oftw
are VPN
Software
May 19, 2011 | Slide 36 | © 2011 GXS, Inc.
Explicit FTPS
ServerServer
FTP Client
FTP Server
Command Channel
Data Channel
May 19, 2011 | Slide 37 | © 2011 GXS, Inc.
Explicit FTPS
ServerServer
FTP Client
FTP Server
Command Channel
Data Channel
AUTH SSL
May 19, 2011 | Slide 38 | © 2011 GXS, Inc.
Explicit FTPS
ServerServer
FTP Client
FTP Server
Command Channel
Data Channel
AUTH SSL
May 19, 2011 | Slide 39 | © 2011 GXS, Inc.
Explicit FTPS
ServerServer
FTP Client
FTP Server
Command Channel
Data Channel
AUTH SSL
Explicit FTPS is usually used so that non FTPS clients can still connect.
May 19, 2011 | Slide 40 | © 2011 GXS, Inc.
Explicit FTPS
ServerServer
FTP Client
FTP Server
Command Channel
Data Channel
AUTH SSL
Explicit FTPS is usually used so that non FTPS clients can still connect.
May 19, 2011 | Slide 41 | © 2011 GXS, Inc.
Implicit FTPS
ServerServer
FTP Client
FTP Server
Command Channel
May 19, 2011 | Slide 42 | © 2011 GXS, Inc.
Implicit FTPS
ServerServer
FTP Client
FTP Server
Command Channel
Data Channel
May 19, 2011 | Slide 43 | © 2011 GXS, Inc.
Implicit FTPS
ServerServer
FTP Client
FTP Server
Command Channel
Data Channel
Implicit FTPS always uses secured channels, but the software must support it to connect.
May 19, 2011 | Slide 44 | © 2011 GXS, Inc.
AS2 Provides Value-Added Capabilities
– Security• Data is encrypted and signed• Data is secured at all points• Digital signatures allow non-repudiation
– Message Management• Usage of “receipts” (called MDNs)• Defined service levels
– Interoperability• Extensive interoperability testing• Certification by Drummond assures
products work together
May 19, 2011 | Slide 45 | © 2011 GXS, Inc.
Public Internet or Other TCP/IP Network
How Does AS2 Work?
Partner BPartner ASender Receiver
001101…
May 19, 2011 | Slide 46 | © 2011 GXS, Inc.
Public Internet or Other TCP/IP Network
How Does AS2 Work?
Partner BPartner ASender• Sign
Receiver
001101…
May 19, 2011 | Slide 47 | © 2011 GXS, Inc.
Public Internet or Other TCP/IP Network
How Does AS2 Work?
Partner BPartner ASender• Sign• Encrypt
Receiver
001101…
May 19, 2011 | Slide 48 | © 2011 GXS, Inc.
Public Internet or Other TCP/IP Network
How Does AS2 Work?
Partner BPartner A
HTTP
Sender• Sign• Encrypt• Send
Receiver• Receive
001101…
May 19, 2011 | Slide 49 | © 2011 GXS, Inc.
Public Internet or Other TCP/IP Network
How Does AS2 Work?
Partner BPartner A
HTTP
Sender• Sign• Encrypt• Send
Receiver• Receive• Decrypt
001101…
001101…
May 19, 2011 | Slide 50 | © 2011 GXS, Inc.
Public Internet or Other TCP/IP Network
How Does AS2 Work?
Partner BPartner A
HTTP
Sender• Sign• Encrypt• Send
Receiver• Receive• Decrypt• Verify Signature
001101…
PARTNERA
001101…
May 19, 2011 | Slide 51 | © 2011 GXS, Inc.
Public Internet or Other TCP/IP Network
How Does AS2 Work?
Partner BPartner A
HTTP
MDN
Sender• Sign• Encrypt• Send
Receiver• Receive• Decrypt• Verify Signature• Send MDN
001101…
PARTNERA
001101…
May 19, 2011 | Slide 52 | © 2011 GXS, Inc.
Public Internet or Other TCP/IP Network
How Does AS2 Work?
Partner BPartner A
HTTP
MDN
Sender• Sign• Encrypt• Send• Verify MDN
Receiver• Receive• Decrypt• Verify Signature• Send MDN
001101…
PARTNERA
001101…
May 19, 2011 | Slide 53 | © 2011 GXS, Inc.
A Quick Comparison – Plus
AS2 – Ready for Business Purposely built for B2B Interoperable security Interoperable non-repudiation Built-in business grade transaction
management Proxy/firewall friendly Interoperability testing process Widely adopted in many
communities (opt) Re-start
FTP – I’m Already Here Ubiquitous, on basically every
computer Widely used in almost every
community Vast amounts of experience Nearly instant setup Low administrative overhead*
FTPS – Privacy Included Channel encryption Low administrative overhead Relatively simple
May 19, 2011 | Slide 54 | © 2011 GXS, Inc.
A Quick Comparison – Minus
AS2 – Specialist Requires special software Certificate administration Higher processing overhead (for
encryption and digital signature) More keys/IDs to manage
FTP – Master of None What security? No standard guaranteed delivery No interoperability testing No standardised document
tracking Requires two network connections Can be difficult (or impossible) to
traverse some networks (NAT)
FTPS All the minuses of FTP Not as ubiquitous as FTP
May 19, 2011 | Slide 56 | © 2011 GXS, Inc.
FTP or AS2
Gateway
A Hybrid Community to Mediate Protocols
Partners using same protocol
Partners that use a different protocol
May 19, 2011 | Slide 58 | © 2011 GXS, Inc.
Your B2B Communications Decisions
EDI Translator
EDI Data
CommunicationsSoftware
EDI Translator
EDI Data
Sending Company Receiving Company
Service Provider
Which protocol?How to connect?
CommunicationsSoftware
May 19, 2011 | Slide 59 | © 2011 GXS, Inc.
AS2 and FTP/VPNMost Popular Protocols for New GXS Clients
Protocols Selected by New GXS Clients 2008-2010
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
AS2FTP/VPN
SFTPFTPS
Other
May 19, 2011 | Slide 60 | © 2011 GXS, Inc.
Global, Flexible Connectivity OptionsEnabling Businesses to Make Technology Decisions Independent of Their Partners
FTP/VPN, S/FTP and
FTP/S
SOAP& HTTPS
AS1, AS2,AS3
Internet Protocols
OFTP, OFTP2
Async /Bisync & SNA
MQ Series
Legacy Protocols
X400
X.25
VAN Interconnect Frame Relay
Private IP Networks
(e.g., ANX, ENX)Web Forms EDI-to-Fax
Other Services
®
May 19, 2011 | Slide 61 | © 2011 GXS, Inc.
Internet
AS2 Direct Trading Partners
AS2
Real-time, efficient communications with your entire community
One implementation with GXS, GXS manages community
All the value-added transaction management services
Leverages AS2 software already in place
Reduce risk of failed connectivity
Trading Partners
Additional AS2 Services: AS2 Contingency
– Back-up access if your AS2 server goes down
AS2 Outsourcing– Comply with AS2 mandates without adding infrastructure, expense, & expertise
Your Company
Full Portfolio of AS2 Options on GXS Trading Grid
May 19, 2011 | Slide 62 | © 2011 GXS, Inc.
Full Portfolio of Secure FTP Solutions
Multiple FTP options: FTP over VPN SFTP (SSH FTP) FTPS (FTP/SSL)
InternetSecure FTP
Trading Partners
Your Company
Easy to implement
Standards based
Wide range of client software support
Multiple security options
May 19, 2011 | Slide 63 | © 2011 GXS, Inc.
GXS BizManager® SoftwareBehind-the-Firewall Connectivity Software for Every Type of User
Func
tiona
lity
BizManager400unlimited connections
BizManager BizConnectUp to 25 connections
Community Size
Windows, Red Hat and SUSE Linux, Solaris,
AIX, HP-UX
AS400
Windows, Red Hat and SUSE Linux
BizManager BizLinkunlimited connections
May 19, 2011 | Slide 64 | © 2011 GXS, Inc.
GXS Internet Connectivity Solutions for Each Business Scenario
Software
Connectivity to GXS Trading Grid
B2B Program Outsourcing