(For 9.1.1) SFTP Collection Agent Configuration
- Chee Hove Teng
- Kevin Wu
To open the SFTP collection agent configuration, click Build → New Configuration . Select Workflow from the Configurations dialog. When prompted to Select workflow type , select Batch. Click Add agent and select SFTP in the Collection tab in the Agent Selection dialog. Double-click the agent icon or right-click the icon and select Edit agent, to display the Agent Configuration dialog.
You can configure part of the parameters in the Filename Sequence or Sort Order service tabs, see Workflow Template for more information.
The Configuration view consists of the following tabs:
Connection
Source
Advanced
- Security
Connection Tab
The Connection tab contains configuration settings related to the remote host and authentication.
The SFTP collection agent configuration - Connection tab
| Setting | Description |
|---|---|
| Connection Information Settings | |
Host | Primary host name or IP-address of the remote host to be connected. If a connection cannot be established to this host, the Additional Hosts, specified in the Advanced tab, are tried. |
File System Type | Type of file system on the remote host. This information is used to construct the remote filenames.
|
| Enable Bind Address | Select this checkbox to explicitly bind a specific virtual network IP as the source of the SFTP agent’s connection. |
| Bind Address | This mandatory field is enabled only when the Enable Bind Address checkbox is selected. |
| Authentication Mechanism Settings | |
Authenticate With | Choice of authentication mechanism. Both password and private key authentication are supported. |
Username | Username for an account on the remote host, enabling the SFTP session to login. |
Password | Password related to the specified Username. This option only applies when password authentication is enabled. |
Private Key | When you select this option, a button will appear, which opens a window where the private key may be inserted. If the private key is protected by a passphrase, the passphrase must be provided as well. This option only applies when private key authentication is enabled. For further information, see Authentication in SFTP Agents Preparations. |
| Collection Retries Settings | |
Enable | Select this check box to enable repetitive attempts to connect and start a file transfer. When this option is selected, the agent will attempt to connect to the host as many times as is stated in the Max Retries field described below. If the connection fails, a new attempt will be made after the number of seconds entered in the Retry Interval (s) field described below. |
Retry Interval (s) | Enter the time interval in seconds, between retries. If a connection problem occurs, the actual time interval before the first attempt to reconnect will be the time set in the Timeout field in the Advanced tab plus the time set in the Retry Interval (s) field. For the remaining attempts, the actual time interval will be the number seconds entered in this field. |
| Max Retries | Enter the maximum number of retries to connect. In case more than one connection attempt has been made, the number of used retries will be reset as soon as a file transfer is completed successfully. Note! This number does not include the original connection attempt. |
| Restart Retries Settings | |
| Enable | Select this check box to enable the agent to send a RESTART command if the connection has been broken during a file transfer. The RESTART command contains information about where in the file you want to resume the file transfer. When this option is selected, the agent will attempt to re-establish the connection, and resume the file transfer from the point in the file stated in the RESTART command, as many times as is entered in the Max RESTARTS field described below. When a connection has been re-established, a RESTART command will be sent after the number of seconds entered in the Retry RESTART Interval (s) field described below. Note! The RESTART Retries settings will not work if you have selected to decompress the files in the Source tab, see the section below, Source Tab. |
Retry Restarts Interval (s) | Enter the time interval, in seconds, you want to wait before initiating a restart in this field. This time interval will be applied for all restart retries. If a connection problem occurs, the actual time interval before the first attempt to send a RESTART command will be the time set in the Timeout field in the Advanced tab plus the time set in the Retry Interval (s) field. For the remaining attempts, the actual time interval will be the number seconds entered in this field. |
Max Restarts | Enter the maximum number of restarts per file you want to allow. In case more than one attempt to send the RESTART command has been made, the number of used retries will be reset as soon as a file transfer is completed successfully. |
Source Tab
The tab contains configurations related to the remote host, source directories and source files. The configuration available can be modified by creating and selecting a customized Collection Strategy. The following text describes the configuration options available when no customized Collection Strategy has been selected.
The SFTP collection agent configuration - Source tab
| Setting | Description |
|---|---|
Collection Strategy | If there are more than one collection strategy available in the system a Collection Strategy drop down list will also be visible containing the available strategies. For further information about the nature of the collection strategy, see Appendix 4 - Collection Strategies. |
| File Information Settings | |
Directory | Absolute pathname of the source directory on the remote host, where the source files reside. The pathname might also be given relative to the home directory of the Username account. |
| Include Subfolders | Select this check box if you have subfolders in the source directory from which you want files to be collected. Note! Subfolders that are in the form of a link are not supported. If you select Enable Sort Order in the Sort Order tab, the sort order selected will also apply to subfolders. |
Filename | Name of the source files on the remote host. Regular expressions according to Java syntax applies. For further information, see http://docs.oracle.com/javase/8/docs/api/java/util/regex/Pattern.html. Example To match all filenames beginning with |
Compression | Compression type of the source files. Determines whether the agent will decompress the files before passing them on in the workflow or not.
|
| Before Collection Settings | |
Move to Temporary Directory | If enabled, the source files will be moved to the automatically created subdirectory |
Append Suffix to Filename | Enter the suffix that you want added to the file name prior to collecting it. Important! Before you execute your workflow, make sure that none of the file names in the collection directory include this suffix. |
Inactive Source Warning (h) | If enabled, when the configured number of hours have passed without any file being available for collection, a warning message (event) will appear in the System Log and Event Area: The source has been idle for more than <n>
hours, the last inserted file is <file>. |
| After Collection Settings | |
Move to | If enabled, the source files will be moved from the source directory (or from the directory Note! If a file with the same filename already exist in the target directory, this file will be overwritten and the workflow will not abort. |
Destination | Absolute pathname of the directory on the remote host into which the source files will be moved after the collection. This field is only available if Move to is enabled. Note! The Directory has to be located in the same file system as the collected files at the remote host. Also, absolute pathnames must be defined. Relative pathnames cannot be used. |
Prefix and Suffix | Prefix and/or suffix that will be appended to the beginning and/or the end, respectively, of the source files after the collection. These fields are only available if Move to or Rename is enabled. |
| Search and Replace | To apply Search and Replace, select either Move to or Rename.
Search and Replace operate on your entries in a way that is similar to the Unix sed utility. The identified filenames are modified and forwarded to the following agent in the workflow. This functionality enables you to perform advanced filename modifications, as well:
|
Keep (days) | Number of days to keep moved or renamed source files on the remote host after the collection. In order to delete the source files, the workflow has to be executed (scheduled or manually) again, after the configured number of days. Note! A date tag is added to the filename, determining when the file may be removed. This field is only available if Move to or Rename is selected. |
Rename | If enabled, the source files will be renamed after the collection, remaining (or moved back from the directory Note! You must avoid creating new file names still matching the criteria for what files to be collected by the agent, or else the files will be collected over and over again. |
Remove | If enabled, the source files will be removed from the source directory (or from the directory |
Ignore | If enabled, the source files will remain in the source directory after the collection. This option is not available if Move is enabled. |
| UDR Type Settings | |
| Route FileReferenceUDR | Select this check box if you want to forward the data to an SQL Loader agent. See the description of the SQL Loader agent in SQL Loader Agent for further information |
Advanced Tab
The Advanced tab contains configurations related to more specific use of the SFTP Advanced service.
The SFTP collection agent configuration - Advanced tab
| Setting | Description |
|---|---|
| Advanced Settings | |
Port | The port number the SFTP service will use on the remote host. |
Timeout (s) | The maximum time, in seconds, to wait for response from the server. 0 (zero) means to wait forever. |
Accept New Host Keys | If selected, the agent overwrites the existing host key when the host is represented with a new key. The default behavior is to abort when the key mismatches. Warning! Selecting this option causes a security risk since the agent will accept new keys regardless if they might belong to another machine. |
Enable Key Re-Exchange | Used to enable and disable automatic re-exchange of session keys during ongoing connections. This can be useful if you have long lived sessions since you may experience connection problems for some SFTP servers if one of the sides initiates a key re-exchange during the session. |
| Additional Hosts Settings | |
Additional Hosts | List of additional host names or IP-addresses that may be used to establish a connection. These hosts are tried, in sequence from top to bottom, if the agents fail to connect to the remote host set in their Connection tabs. Use the , , , and buttons to configure the host list. |
Security Tab
The Security tab contains configurations related to the Advanced Security Options for SFTP. The Configuration available can be modified by selecting the Advanced Security Option check box. If the advanced security is not enabled, the Cipher Mode will default to aes128-ctr and the HMac Type will default to hmac-sha2-256. If advanced security is enabled but the combo box fields are left empty, the Cipher Mode will default to aes128-ctr and the HMac Type will default to hmac-sha2-256.
The SFTP collection agent configuration - Security tab
Note!
Due to an upgrade of the Maverick library for 
version 8.1.5.0, the default handling of the advanced security has changed. Users should take note of the behaviour change for the Advanced Security Option for the SFTP agents. The Advanced Security Option will be disabled by default. Users will have to enable it on their own accord from the Security Tab in the SFTP agents configuration.
With Advanced Security Option disabled, Maverick will manage the connection between the SFTP agent and the server. Maverick will attempt to connect with the STRONG security level. Failing to do so, it will auto downgrade the security level to WEAK and attempt to connect, this behaviour will allow our agents to work well with backwards compatibility for servers with older instances of the Maverick library. Furthermore, having STRONG security level will result in a performance degradation.
However, when a user manually enables the Advanced Security Option from the security tab, Maverick will instead assign the WEAK security level, which will not be as strict or resource intensive as the STRONG security level.
For more information about security levels, you can refer to this page: https://www.jadaptive.com/managed-security-in-our-java-ssh-apis/
| Setting | Description |
|---|---|
| Cipher Mode | Algorithms for the Block Cipher Modes supported by the SFTP agent. This allows the agent to determine which algorithm for the block cipher to be used when communicating with the SFTP servers.
|
HMac Type | Methods of encryption for Key Exchange. This allows the agent to determine the method of encryption to be used when the keys are exchanged between the SFTP servers and the SFTP agent. All Sha-1 are consider weak in term of security.
|