YADE User Manual - Jump Host File Transfer

Introduction

• A  jump host is a server over which traffic to and from a network is channeled, see Jump Host Architecture.
• Jump hosts can be used to provide a secure method of file transfer across network boundaries by not allowing direct transfer over the boundary.
• DMZs  (demilitarized zones) are a common form of jump hosts.
• YADE can be used to carry out file transfer via a jump host, once a YADE Client has been installed on the jump host.
• Different protocols can be used for transfer between the source host and the jump host than for the transfer between the jump host and the target host. To this end, different parameter sets are defined in the YADE configuration for each part of the transfer.

The focus of this article is the configuration of individual parameters - a more general description of the considerations involved in setting up a jump host file transfer can be found in the following article:

•  The YADE Client Command Line Interface - Tutorial 7 - Transfer via a Jump Host / DMZ

Schematic Diagram

The following diagram shows schematically how files are sent via the Internet from one network with a DMZ to another network with a DMZ.

Configuration 

The XML element hierarchy for the configuration of a jump host is shown below for a Copy operation with the jump host on the target side of the operation:

• Fragments
  • ProtocolFragments
    • *Fragment (any protocol except SMB can be used for transfer from jump host to target)
      • *Connection
      • *Authentication
      • JumpFragmentRef  (references the JumpFragment)
      • etc.
    • JumpFragment
      • BasicConnection
      • SSHAuthentication
      • JumpDirectory (optional)
      • ProxyForSFTP (optional)
      • StrictHostKeyChecking (optional)
• Profiles
  • Profile
    • Operation
      • Copy
        • CopySource
          • CopySourceFragmentRef
        • CopyTarget
          • CopyTargetFragmentRef
          • Directory
            
            

A fragment element is specified in the usual manner and is called from a CopySourceFragmentRef or CopyTargetFragmentRef element in the Profiles branch of the configuration.

The jump host is specified as part of the configuration of the file transfer fragment using the JumpFragmentRef element, which can be specified as an optional child of all connection fragment elements, with the exception of SMBFragments.

The JumpFragmentRef element references a JumpFragment element, which is basically a second connection fragment element and specifies the jump host configuration.

Note that the JumpFragment element allows the specification of an optional JumpDirectory element that can be used for intermediate file storage during the transfer operation. All files written to the JumpDirectory will be removed at the end of the operation.

Neither configuration data nor log files are stored by YADE on the jump host.

Element Restrictions

Element Use Restrictions

• Only a single JumpFragment can be specified as part of a connection fragment element.

  Jump hosts cannot be specified as part of AlternativeFragment elements.

Parameter Restrictions

• BasicConnection and SSHAuthentication elements must be specified for every JumpFragment. URL- and HTTPConnections and BasicAuthentication are not allowed.
• Password or Publickey authentication can be specified
• Only SFTP proxies can be used with JumpFragment elements, meaning that only proxies that use the SOCKS4 and SOCKS5 protocols can be specified.

Parameter Reference

• Follow the link for detailed information about the JumpHost element and its parameters.

Examples

• How to send and receive files between networks with DMZs
• How to send and receive files using a jump server in the DMZ

Tutorial

•  The YADE Client Command Line Interface - Tutorial 7 - Transfer via a Jump Host / DMZ