Goal
To transfer files from one network to another where file transfer to and from each network is exclusively allowed via a demilitarized zone (DMZ).
Preconditions
- A YADE Client on each network is required. Alternatively, a JobScheduler with YADE JITL Jobs could be used.
- To send files over the Internet via a DMZ using a jump server it is required to install the YADE Client on the DMZ/jump server before starting the file transfer.
- YADE Configuration file
- Configuration file with YADE profiles for each YADE Client.
- Firewall configuration
- Firewalls on both DMZs have to allow direct file transfer between the DMZs.
File transfer
Starting the file transfer
The file transfer can be started by using
- the YADE Client CLI jade4dmz command
- the YADE JITL job Jade4DMZ_Copy_To_Internet
The YADE Client is started with the jade4dmz command:
jade4dmz.cmd|sh <configuration file name> <profile name>
Sending files via the Internet from one network with a DMZ to another network with a DMZ
The file transfer processes in the sending network are controlled and checked by a YADE Client in the Network (furtheron YADE-1 and Network-1). These processes are shown in the diagram below.
- File transfer between the DMZs is carried out from the sending DMZ, i.e. it is a "push" operation.
- "Pull" transfer is not desired as it would involve folders in the sending DMZ being polled from the receiving network.
(1) Copy files to source DMZ
After checking and creating the respective temporary folders, the files to be transferred are copied by the controlling YADE-1 client in Network-1 from the source system to the temporary folder in DMZ-1.
(2), (3) Start YADE Clients in DMZs per SSH
The controlling YADE-1 and YADE-2 clients start the YADE Clients in their respective DMZs using SSH.
(4) Transfer files to target DMZ
The YADE Client in DMZ-1 carries out the file transfer from DMZ-1 via the internet to DMZ-2.
(5) Delete files from source DMZ
After successful file transfer from DMZ-1 to DMZ-2, the YADE-1 Client uses SFTP, FTP or FTPS to delete the transferred files from DMZ-1.
(6) Delete files on source system
If required, the files on Network-1 will be deleted by the YADE-1 client.
Receiving files via the Internet in a network with a DMZ
The file transfer processes in the receiving network are controlled and checked by a YADE Client in the network (furtheron called YADE-2 and Network-2). These processes are shown in the diagram below.
After the files have been copied to the target DMZ the following steps take place after files have been transferred to the temporary folder in DMZ2:
(1) Copy files to target network
The controllling YADE client in the target network (YADE-2) copies the files from DMZ-2 to the local file system. This can be effected by using SFTP, FTP or FTPS.
(2) Delete files on local file system
The YADE-2 Client deletes the copied files from DMZ2.
Proxy Support
YADE-286 - Getting issue details... STATUS
YADE-294 - Getting issue details... STATUS
YADE can support HTTP, SOCKS4 and SOCKS5 proxies with jump hosts from Release 1.9 onwards.
The following parameters are required when connecting to a jump host via a proxy:
jump_proxy_protocol = http|socks4|socks5jump_proxy_hostjump_proxy_portjump_proxy_userjump_proxy_password
See also
How to send/receive files using DMZ as a jump server
- How to poll a server in the DMZ and execute a job chain for each file found
- YADE User Manual - The Use of Proxies
- YADE Parameter Reference - JumpFragment
- YADE - FAQ by Topic