docs.intersystems.com
Home  /  Application Development: Using Adapters and Gateways in Productions  /  Enabling Productions to Use Managed File Transfer Services  /  Prerequisites and Configuration


Enabling Productions to Use Managed File Transfer Services
Prerequisites and Configuration
[Back]  [Next] 
InterSystems: The power behind what matters   
Search:  


An InterSystems IRIS™ production can include business hosts that communicate directly with Managed File Transfer (MFT) services. Before adding these business hosts, perform the following prerequisites:
InterSystems IRIS supports the following MFT services:
Preparing the MFT Service Account
Before you can use an MFT service with InterSystems IRIS, you must perform the following tasks:
The following subsections provide details.
Setting Up Accounts
For each MFT service you intend to use, you must create two types of accounts:
An end user account is needed for each person (or organization) expected to send and receive files. These end users can access only the files in their own folders or in folders to which they have explicitly been granted access, either by the actual owner or by an administrator. Consult the documentation for the MFT service for instructions on how to create these subaccounts, and how to set and verify permissions.
When you create the main account, make a note of the root URL that is meant for use in transferring files (for this account). You will need this information later (to use as the Base URL for the connection to the account).
Also choose an administrator for the account and make a note of the email address of that person.
Creating a Custom Application
After creating accounts at the MFT service, you must create a custom application within the main account, for use by the InterSystems IRIS production. Within this custom application, specify the following details:
Setting Up the Directory Structure
You must also set up a directory structure so that each subaccount has a designated area for sending files and for receiving files.
InterSystems recommends using one parent “Incoming” and one parent “Outgoing” directory at the top level of the account, with individual incoming and outgoing subdirectories for the subaccounts within those directories. This organization makes it easier for the InterSystems IRIS production to locate all files that need to be transferred in either direction.
If you are already using an MFT service, then you may already be using a different directory structure. If so, and you do not wish to modify the directory structure, then you might need to add multiple MFT business services and operations to the production, each configured to find or place files in different directories.
Creating Configuration Items in InterSystems IRIS
In addition to preparing the MFT account, you need to create specific configuration items on the InterSystems IRIS server. Specifically, you must:
The following subsections describe the details.
Creating an SSL/TLS Configuration
InterSystems IRIS uses SSL/TLS to connect to an MFT service, so you must create an SSL/TLS configuration to use. InterSystems recommends that you create a separate configuration to use only for MFT connections, even if it uses default settings.
For details on creating a new SSL/TLS configuration, see Creating or Editing an SSL/TLS Configuration.”
Creating a Managed File Transfer Connection
A managed file transfer (MFT) connection is a configuration item that the production can use to connect securely to an MFT service. If you have multiple productions running on a single InterSystems IRIS server, create a separate MFT connection for each production. In each case, the MFT connection must contain the OAuth 2.0 information you received from the MFT service.
To create an MFT connection:
  1. Click Create Connection to bring up the configuration page.
  2. Specify values for the fields as follows, and then click Save:
  3. Verify that the generated redirect URL has the following form:
    http://hostname:port/prefix/csp/sys/oauth2/OAuth2.Response.cls
    If you omit Port, the colon is omitted in the generated URL. Similarly, if you omit Prefix, there is only one slash between hostname:port and csp.
    This URL must match the one you supplied to the MFT service when creating the custom application for the production.
  4. If the generated URL does not match what you had provided to the MFT service, then log in to the MFT service and edit the app definition to use the generated URL.
Authorizing an MFT Connection
The next step is to authorize the newly created MFT connection. To do so, obtain and save an access token from the Managed File Transfer Connections page (System Administration > Security > Managed File Transfer Connections), as follows:
  1. Click the Get Access Token link for the connection you want to authorize.
    When you do so, the Management Portal displays the login page for the MFT service.
  2. Log in with the credentials for the administrative account.
    Once the MFT service has authenticated the credentials, you see a page that displays the authorization request from the MFT service, listing the types of access that are to be granted to the production.
  3. Click Grant Access to authorize the access. This redisplays the Connections list, and the MFT connection is now listed as Authorized.