Skip to end of metadata
Go to start of metadata

Goal

To transfer files from one network to another where file transfer to and from each network is exclusively allowed via a demilitarized zone (DMZ).

Preconditions

  1. A YADE Client on each network is required. Alternatively, a JobScheduler with YADE JITL Jobs could be used.
    • To send files over the Internet via a DMZ using a jump server it is required to install the YADE Client on the DMZ/jump server before starting the file transfer.
  2. YADE Configuration file 
    • Configuration file with YADE profiles for each YADE Client.
  3. Firewall configuration
    • Firewalls on both DMZs have to allow direct file transfer between the DMZs.

File transfer

Starting the file transfer

The file transfer can be started by using

  1. the YADE Client CLI jade4dmz command
  2. the YADE JITL job Jade4DMZ_Copy_To_Internet

The YADE Client is started with the jade4dmz command:

 jade4dmz.cmd|sh <configuration file name> <profile name>

Sending files via the Internet from one network with a DMZ to another network with a DMZ

The file transfer processes in the sending network are controlled and checked by a YADE Client in the Network (furtheron YADE-1 and Network-1). These processes are shown in the diagram below.

  • File transfer between the DMZs is carried out from the sending DMZ, i.e. it is a "push" operation.
  • "Pull" transfer is not desired as it would involve folders in the sending DMZ being polled from the receiving network.

 

(1) Copy files to source DMZ

After checking and creating the respective temporary folders, the files to be transferred are copied by the controlling YADE-1 client in Network-1 from the source system to the temporary folder in DMZ-1.

(2), (3) Start YADE Clients in DMZs per SSH

The controlling YADE-1 and YADE-2 clients start the YADE Clients in their respective DMZs using SSH.

(4) Transfer files to target DMZ

The YADE Client in DMZ-1 carries out the file transfer from DMZ-1 via the internet to DMZ-2.

(5) Delete files from source DMZ

After successful file transfer from DMZ-1 to DMZ-2, the YADE-1 Client uses SFTP, FTP or FTPS to delete the transferred files from DMZ-1.

(6) Delete files on source system

If required, the files on Network-1 will be deleted by the YADE-1 client.

Receiving files via the Internet in a network with a DMZ

The file transfer processes in the receiving network are controlled and checked by a YADE Client in the network (furtheron called YADE-2 and Network-2). These processes are shown in the diagram below. 

After the files have been copied to the target DMZ the following steps take place after files have been transferred to the temporary folder in DMZ2:

(1) Copy files to target network

The controllling YADE client in the target network (YADE-2) copies the files from DMZ-2 to the local file system. This can be effected by using SFTP, FTP or FTPS.

(2) Delete files on local file system

The YADE-2 Client deletes the copied files from DMZ2.

Proxy Support

YADE-286 - Getting issue details... STATUS

YADE-294 - Getting issue details... STATUS

YADE can support HTTP, SOCKS4 and SOCKS5 proxies with jump hosts from Release 1.9 onwards.

The following parameters are required when connecting to a jump host via a proxy:

  • jump_proxy_protocol = http|socks4|socks5
  • jump_proxy_host
  • jump_proxy_port
  • jump_proxy_user
  • jump_proxy_password

See also

How to send/receive files using DMZ as a jump server

 

Write a comment…