JADE User Manual - Jump Host File Transfer

Introduction

• A jump host is a server over which traffic to and from a network is channeled.
• Jump hosts can be used to provide a secure method of file transfer across network boundaries by not allowing direct transfer over the boundary.
• DMZs  (demilitarized zones) are a common form of jump hosts.
• JADE can be used to carry out file transfer via a jump host, once a JADE client has been installed on the jump host.
• Different parameter sets are defined in JADE for the transfer to the jump host and for the transfer from the jump host to the target. This means that different protocols, authentication methods and other file transfer parameters can be specified for each part of the operation.
• From the standpoint of the application originating the file transfer, transfer to the jump host and transfer from the jump host to the target are both carried out as a single operation.
  This means that the jump host remains transparent to the JADE client. 

The following diagram shows schematically how files are sent via the Internet from one network with a DMZ to another network with a DMZ.

Configuration 

The XML element hierarchy for the configuration of a jump host is shown below for a Copy operation with the jump host on the target side of the operation:

• Fragments
  • ProtocolFragments
    • *Fragment (any protocol can be used for transfer from jump host to target)
      • *Connection
      • *Authentication
      • JumpFragmentRef  (References the JumpFragment)
      • etc.
    • JumpFragment
      • BasicConnection
      • SSHAuthentication
      • JumpDirectory (optional)
      • ProxyForSFTP (optional)
      • StrictHostKeyChecking (optional)
• Profiles
  • Profile
    • Operation
      • Copy
        • CopySource
        • CopyTarget
          • CopyTargetFragmentRef
          • Directory
            
            

As mentioned above, the jump host is transparent to the JADE client. A file transfer fragment is specified in the usual manner and the jump host is specified as part of the configuration of the file transfer fragment.

The use of  the jump host is configured with the JumpFragmentRef element, which can be specified as an optional child of all connection fragment elements.

The JumpFragmentRef element references a JumpFragment element, which is basically a second connection fragment element, which allows the specification of a JumpDirectory element.

Note that only a single JumpFragment can be specified as part of a connection fragment element.

Neither configuration data nor log files are stored by JADE on the jump host.

All files written to a JumpDirectory specified for intermediate file storage during a transfer operation will be removed at the end of the operation.

Element Restrictions

Element Use Restrictions

• Jump hosts cannot be specified as part of AlternativeFragment elements.

Parameter Restrictions

• BasicConnection and SSHAuthentication elements must be specified for every JumpFragment. URL- and HTTPConnections and BasicAuthentication are not allowed.
• Password or Publickey authentication can be specified
• Only SFTP proxies can be used with JumpFragment elements, meaning that only proxies that use the SOCKS4 and SOCKS5 protocols can be specified.

Parameter Reference

• Follow the link for detailed information about the JumpHost element and its parameters.

Examples

• How to send and receive files between networks with DMZs
• How to send and receive files using a jump server in the DMZ

Tutorials

• TODO