Administrator > File transfer > File servers

File servers

Configure file servers to exchange files with remote partners.

You can configure the following servers:

•AS2 server. Receives files from partners with AS2 file transfer.
•HTTPS server. Partners connect to the server to upload and download files.
•SFTP server. Partners connect to the server to upload and download files.
•Proxy server. An intermediary between the partner's file servers and the organization's file servers.

Configuring a file server

Configure properties for a file server to exchange files between the server and remote partners.

1In Administrator, select File Servers.

2On the File Servers tab, select the Secure Agent that runs the File Integration Service that you want to use to exchange files with the remote servers.

3On the File Server for agent page, select the tab for the type of server to configure, HTTPS server, AS2 server, SFTP server, or proxy server.

4Configure the file server properties, and then click Save.

- For information about AS2 server properties, see AS2 server configuration properties.
- For information about HTTPS server properties, see HTTPS server configuration properties.
- For information about SFTP server properties, see SFTP server configuration properties.
- For information about proxy server properties, see Proxy server configuration properties.

AS2 server configuration properties

For each runtime environment that uses the File Integration Service, you can configure an AS2 server to receive files from remote AS2 servers.

You configure AS2 server properties on the AS2 Server tab of the File Server for agent page.

Configure the following types of properties:

•General properties
•SSL properties
•Message security properties
•MDN properties
•Upload restriction properties

General properties

The following table describes general AS2 server properties:

Property	Description
Enable AS2 Server	Whether to enable the AS2 server. When not enabled, the AS2 server cannot receive files. Default is disabled.
AS2 Server Id	Name or ID used by the sender. Note the following rules for the ID: - The value is case sensitive. - The ID can contain up to 128 ASCII characters, special characters, and spaces.
Port	Port number for the AS2 server. Default is 15400.
Local Address	Local address of the AS2 sever.
Enable SSL	Whether to use SSL encryption in communications with remote AS2 servers. Default is disabled.

SSL properties

The following table describes the SSL properties:

Property	Description
SSL Protocol	Whether to use the SSL or TLS protocol. Select one of the following values: - TLS. A new version of SSL, Transport Layer Security will be used to secure the transmission. - SSL. A traditional Secure Socket Layer protocol is used to secure the transmission. Default is SSL.
Enabled SSL Protocols	Specify the permissible TLS and SSL versions separated with a comma. The supported versions are: - TLS: TLSv1.2, and TLSv1.3 - SSL: SSLv2Hello and SSLv3 When a value is not specified, all the versions for the selected protocol are enabled.
Client Authentication	Whether the client must have a certificate to authenticate with the server. Choose one of the following values: - None. The SSL connection runs without checking certificates and the user is authenticated with a password. If any of the information being transmitted requires a certificate, the connection fails. - Required. The SSL connection will not connect or authenticate a user unless a valid certificate is available. - Optional. The SSL connection looks for a valid certificate, but continues with password authentication if a certificate is not present.
Key Store Location	Location of the key store that stores the private key and associated certificates that the client uses to authenticate communications with the File Integration Service. Include path and file name.
Key Store Password	Password to access the key store.
Key Store Type	Type of the private key store. Use one of the following values: - JKS - PKCS12
Key Alias	Key alias or certificate for the private key used to sign the MDN.
Trust Store Location	The path to the trust store file that the File Integration Service uses for HTTPS communication.
Trust Store Password	Password to access the trust store.
Trust Store Type	Type of trust store. Use one of the following values: - JKS - PKCS12

Message security properties

The following table describes basic message security properties:

Property	Description
Encryption Required	Whether files received by the File Integration Service must be encrypted. Default is enabled.
Signature Required	Whether files from the remote AS2 server must contain a digital signature. If a signature is required, the File Integration Service rejects any messages without the signature. Default is enabled.
Authentication Required	Whether the user is required to authenticate. Default is disabled.
Decryption Certificate Alias	Key alias or certificate used to decrypt incoming messages. The alias references a certificate in the key store. All partners who send AS2 messages must have the public portion of this certificate.

MDN properties

The following table describes message receipt properties:

Property	Description
MDN Signature Certificate Alias	Alias that refers to the private key that the AS2 server uses to sign the message receipt. The private key is in the default private key store.
Asynchronous MDN Automatic Approval	Whether to send a return receipt automatically or manually.
Enabled Proxy for Async MDN	Determines if a proxy server is enabled for Asynchronous MDN. Default is disabled.
Proxy Type	Type of proxy server to use for the connection. Select one of the following types: - SOCKS. You can use SOCKS version 4 or 5. - HTTPS. - Informatica File Server proxy. Verify with your network administrator which proxy server type to use.
Host	Host name or IP address of the proxy server on your network.
Port	Port number of the proxy server on your network. If left blank, the default port for HTTP is 80 and the default port for SOCKS is 1080.
User	User name to use for login when connecting to the proxy server.
Password	Password for connecting to the proxy server. Required if your network uses the proxy server to create HTTP or HTTPS connections.

Upload restrictions properties

You can specify the types of files to allow or deny in an AS2 file upload. The following table describes the properties that control upload restrictions:

Property	Description
File Extension Filter Type	Whether to accept or deny the extensions in the File Extensions list. Use one of the following values: - Do Not Filter. Accept all file types. - Accept. Accept files with the extensions listed in the File Extensions property. - Deny. Do not allow files with the extensions listed in the File Extensions property.
File Extensions	List of file extensions. Add the file extensions that correspond to the File Extension Filter Type. For example, to accept .csv and .txt files, in the File Extension Filter Type property, select Accept, and then add csv and txt to the list of file extensions. To add an extension to the list, type the extension in the text box and click Add. To remove an extension from the list, highlight the extension and click Delete.
File Extension Case Sensitive	Whether to factor case when you filter using the file extensions list. When enabled, files with extensions that do not match the case used in the File Extensions list cannot be uploaded. For example, if the file extension list includes csv but not CSV, files with the extension of csv can be uploaded but files with the extension of CSV cannot be uploaded.
Allow Files with Extension	Whether to enable the file extension filter. When enabled, the file extension properties configured on this page determine which file types can be uploaded. Default is enabled.
Allow Files with No Extension	Whether to allow files that do not include the extension in the file name. Default is enabled.
Allow Files with No Name	Whether to allow files with no name. The Secure Agent saves files without a name using the following format: as2data_<datetime> where datetime is the current time stamp including milliseconds. Default is enabled.
File Name Suffix Timestamp (Optional)	Whether to append timestamp to the file name. When enabled, the timestamp is suffixed to the file name.
Max Upload Size	Maximum file size that the AS2 server can upload, in megabytes. Default is 5 MB.
When File Exists	Choose the action to be performed when a file that already exists in the folder is received again. Select one of the following options: - Rename: Rename the newly received file. - Append: Append the changes to the existing file. - Overwrite: Overwrite the existing file with the newly received file. - Error: Display an error if the file already exists.

HTTPS server configuration properties

For each runtime environment that uses the File Integration Service, you can configure an HTTPS server to exchange files with remote HTTPS servers.

You configure HTTPS server properties on the HTTPS Server tab of the File Server for agent page. You must have the HTTPS license to exchange files through HTTPS servers.

Configure the following types of properties:

•General
•SSL
•Upload restriction

General properties

The following table describes general HTTPS server properties:

Property	Description
Enable HTTPS Server	Whether to enable the HTTPS server. When not enabled, the HTTPS server cannot receive files. Default is disabled.
Port	Port number for the HTTPS server. Default is 15400.
Local Address	Local address of the HTTPS sever.
Enable SSL	Whether to use SSL encryption in communication with remote HTTPS servers. Default is disabled.

SSL properties

The following table describes the SSL properties:

Property	Description
SSL Protocol	Whether to use the SSL or TLS protocol. Select one of the following values: - TLS. A new version of SSL, Transport Layer Security will be used to secure the transmission. - SSL. A traditional Secure Socket Layer protocol is used to secure the transmission (default).
Enabled SSL Protocols	Specify the permissible TLS and SSL versions separated with a comma. The supported versions are: - TLS: TLSv1.1,TLSv1.2, and TLSv1.3 - SSL: SSLv2Hello and SSLv3 When a value is not specified, all the versions for the selected protocol are enabled.
Client Authentication	Whether the client must have a certificate to authenticate with the server. Choose one of the following values: - None. The SSL connection runs without checking certificates and the user is authenticated with a password. If any information being transmitted requires a certificate, the connection fails. - Required. The SSL connection will not connect or authenticate a user unless a valid certificate is available. - Optional. The SSL connection looks for a valid certificate, but continues with password authentication if a certificate is not present.
Key Store Location	Location of the key store that stores the private key and associated certificates. Client uses the key store file to authenticate communication with the File Integration Service. Include path and file name.
Key Store Password	Password to access the key store.
Key Store Type	Type of the private key store. Use one of the following values: - JKS - PKCS12
Key Alias	Key alias or certificate for the private key used to sign the MDN.
Trust Store Location	The path to the trust store file that the File Integration Service uses for HTTPS communication.
Trust Store Password	Password to access the trust store.
Trust Store Type	Type of trust store. Use one of the following values: - JKS - PKCS12

Upload restrictions properties

You can specify the types of files to allow or deny in an HTTPS file upload.

The following table describes the properties that control upload restrictions:

Property	Description
File Extension Filter Type	Whether to accept or deny the extensions in the File Extensions list. Use one of the following values: - Do Not Filter. Accept all file types. - Accept. Accept files with the extensions listed in the File Extensions property. - Deny. Do not allow files with the extensions listed in the File Extensions property.
File Extensions	List of file extensions. Add the file extensions that correspond to the File Extension Filter Type. For example, to accept .csv and .txt files, in the File Extension Filter Type property, select Accept, and then add csv and txt to the list of file extensions. To add an extension to the list, type the extension in the text box, and click Add. To remove an extension from the list, highlight the extension, and click Delete.
File Extension Case Sensitive	Whether to factor case when you filter using the file extensions list. When enabled, files with extensions that do not match the case used in the File Extensions list cannot be uploaded. For example, if the file extension list includes csv but not CSV, files with the extension of csv can be uploaded but files with the extension of CSV cannot be uploaded.
Allow Files with Extension	Whether to enable the file extension filter. When enabled, the file extension properties configured on this page determine which file types can be uploaded. Default is enabled.
Allow Files with No Extension	Whether to allow files that do not include the extension in the file name. Default is enabled.
Allow Files with No Name	Whether to allow files without a name. The Secure Agent saves files without a name using the following format: as2data_<datetime> where datetime is the current time stamp including milliseconds. Default is disabled.
Max Upload Size(MB)	The file size limit in megabytes for the HTTPS server upload. Default is 5 MB.

SFTP server configuration properties

For each runtime environment that uses the File Integration Service, you can configure an SFTP server to exchange files.

You configure SFTP server properties on the SFTP Server tab of the File Server for agent page. Configure the following types of properties:

•General properties
•Algorithms properties
•Host keys properties
•Upload restriction properties

General properties

The following table describes general SFTP server properties:

Property	Description
Enable SFTP Server	Whether to enable the SFTP server. When not enabled, the SFTP server cannot receive or send files. Default is disabled.
Port	Port number for the SFTP server. Default is 15002.
Local Address	Local IP address for the SFTP sever.
Enable SCP	Whether to use session control protocol (SCP) to create the connection. Default is disabled.
Idle Timeout	Number of seconds that the connection is idle before is closes. Default is 300.
Maximum Logins	Maximum number of users that can be logged in to the server concurrently. Default is 500.
Login Failure Delay	Delay between failed login attempts, in seconds. Default is 0.
Maximum Login Failures	Number of allowed login failures for a user. Default is 5.
Welcome Message	Message to show when the connection to the server is established.

Algorithms properties

Enable the following algorithm types in the Algorithms section of the SFTP Server tab:

•Cipher algorithms
•Message Authentication Code (MAC) algorithms
•Compression algorithms
•Key exchange algorithms

When you configure the use of algorithms for SFTP file exchange, consider the following rules and guidelines:

•You can move algorithms between the Available and Selected lists. The File Integration Service applies the algorithms that are listed in the Selected list.
•If no algorithms are selected for an algorithm type, the File Integration Service applies all the algorithms that are listed in the Available list.
•The File Integration Service applies the algorithms in the order in which they are listed, from the top of the list to the bottom of the list. You can use the up and down arrows to change the order of the algorithms in list.

Host keys properties

The following table describes host keys properties:

Property	Description
RSA Key File Location	Location of the RSA host key file.
RSA Key Passphrase	Passphrase for the RSA key.
DSA Key File Location	Location of the DSA host key file.
DSA Key Passphrase	Passphrase for the DSA key.

Upload restrictions properties

You can specify the types of files to allow or deny in an SFTP file exchange. The following table describes the properties that control upload restrictions:

Property	Description
File Extension Filter Type	Whether to accept or deny the extensions in the File Extensions list. Use one of the following values: - Do Not Filter. Accept all file types. - Accept. Accept files with the extensions listed in the File Extensions property. - Deny. Do not allow files with the extensions listed in the File Extensions property. Default is Do Not Filter.
File Extensions	List of file extensions. Add the file extensions that correspond to the File Extension Filter Type. For example, to accept .csv and .txt files, in the File Extension Filter Type property, select Accept, and then add csv and txt to the list of file extensions. To add an extension to the list, type the extension in the text box and click Add. To remove an extension from the list, highlight the extension and click Delete.
File Extension Case Sensitive	Whether to factor case when you filter using the file extensions list. When enabled, files with extensions that do not match the case used in the File Extensions list cannot be uploaded. For example, if the file extension list includes csv but not CSV, files with the extension of csv can be uploaded but files with the extension of CSV cannot be uploaded. Default is disabled.
Allow Files with No Extension	Whether to allow files that do not include the extension in the file name. Default is disabled.
Allow Files with Extension	Whether to enable the file extension filter. When enabled, the file extension properties configured on this page determine which file types can be uploaded. Default is enabled.

Proxy server configuration properties

For each runtime environment that uses the File Integration Service, you can configure one or more proxy servers.

You configure proxy server properties on the Proxy Server tab of the File Server for agent page.

To add a proxy server, click Add Proxy Configuration, configure server settings, and click Save.

Note: You must also install the proxy server in the DMZ. For more information, see Installing a file integration proxy server.

Configure the following types of properties:

•General properties
•Service mappings properties, which associate internal file servers with the proxy server

General properties

The following table describes general proxy server properties:

Property	Description
Enabled	Whether or not the proxy server is enabled. Default is Yes.
Controller Address	External IP address of the server in the DMZ on which the proxy server listens for control connections from the organization file servers.
Controller Port	Port number for the server in the DMZ on which the proxy server listens for control connections from the organization file servers. Default is 9100.
Minimum Number of Threads	Minimum number of threads that are reserved for connections to the location where the proxy server is installed. Default is 10.
Maximum Number of Threads	Maximum number of simultaneous requests that the proxy server can handle. Default is 2000.
Thread Keep Alive Time	The number of seconds idle threads wait before terminating. Default is 60.

Service mappings properties

To configure service mappings for the proxy server, in the Proxy Server Configuration page, click Add next to Service Mappings, configure the mapping parameters, and click OK. You can add as many service mappings as required to associate internal file servers with the proxy server.

The following table describes the service mappings properties:

Property	Description
Label	Label of the mapping.
From Address	IP address of the proxy server.
From Port	Port number of the proxy server.
To Address	IP address of the internal file server.
To Port	Port number of the internal file server.
Load Balancer Rule	Name of the load balancing rule to use with the mapping. The name of the rule must be identical to the name that appears in the proxy.xml file, which is part of the proxy server installation. For more information, see Installing a file integration proxy server.

Installing a file integration proxy server

Install a file integration proxy server in the DMZ and configure server parameters. You can install the server on Windows and Linux operating systems.

Note: You must also enable the proxy server and configure server properties in Informatica Intelligent Cloud Services, in Administrator. For more information, see Proxy server configuration properties.

1Copy the fis-proxy-server.zip file to the server in the DMZ.

2Download Java 1.8 (OpenJDK or Oracle) and install it on the server in the DMZ.

3From the fis-proxy-server/bin folder, edit one of the following files:

- On a Windows operating system, edit setenv.bat.
- On a Linux operating system, edit setenv.sh.

aSet JAVA_HOME to the JDK Home or the JRE home of Java 1.8.
bSet the folder path of fis-proxy-server to FIS_PROXY_HOME.

4From the fis-proxy-server/config folder, edit the proxy.xml file and set values for the following variables:

Variable	Description
controllerAddress	External IP address of the server in the DMZ on which the proxy server listens for control connections from the organization file servers.
dataAddress	Internal IP address of the server in the DMZ on which the proxy server listens for data connections from the organization file servers.
proxyAddress	IP address of the server in the DMZ on which the proxy server listens for incoming connections.
forwardProxyLocalAddress	IP address of the server in the DMZ on which the proxy server establishes outbound connections to remote servers as a forward proxy.

If required, change the port numbers.

5To start the proxy server, run one of the following commands:

- On a Windows operating system, run fis-proxy.bat start.
- On a Linux operating system, run fis-proxy.sh start.

6To stop the proxy server, run one of the following commands:

- On a Windows operating system, run fis-proxy.bat stop.
- On a Linux operating system, run fis-proxy.sh stop.

The proxy server saves logs in the fis-proxy-server/logs folder.

Stopping and starting a file server

You can stop or start a File Integration Service file server on the File Servers page. Stop and start a file server after you make configuration changes.

Stopping and starting HTTPS, AS2, and SFTP servers

To stop or start an HTTPS, AS2, or an SFTP server, perform the following actions:

1In Administrator, select File Servers.

2On the File Servers tab, click the arrow next to the name of the Secure Agent that runs the server.

3From the Actions menu, select one of the following options:

- Start AS2 Server
- Stop AS2 Server
- Start HTTPS Server
- Stop HTTPS Server
- Start SFTP Server
- Stop SFTP Server

Informatica Intelligent Cloud Services adds an entry in the audit log to indicate the action.

Stopping and starting a proxy server

To stop or start a proxy server, perform the following actions:

1In Administrator, select File Servers.

2On the File Servers tab, select the Secure Agent that runs the File Integration Service on which to stop or start the proxy server.

3On the File Server for agent page, select the Proxy Server tab.

4From the Actions menu of the server to stop or start, select Stop or Start.

Informatica Intelligent Cloud Services adds an entry in the audit log to indicate the action.