How to send receive files between networks with DMZs

Goal

To transfer files from one network to another where file transfer to and from each network is only allowed via a demilitarised zone (DMZ).

Preconditions

1. A JADE client on each network. Alternatively, a JobScheduler with JITL Jobs could be used for this.
   #Jade Client on the DMZs To send files over the Internet via a DMZ using a jump server it is neccessary to install the JADE client on the DMZ/jump server before starting the file transfer. More information about the installation and a download containing all the files needed can be found here: JADE client.
   #Configuration file with JADE profiles
   #Firewall Configuration Firewalls on both DMZs must allow direct file transfer between the DMZs.

File transfer

Starting the file transfer

The file transfer can be started by using

1. the local jade4dmz client
2. the job Jade4DMZ_Copy_To_Internet

The jade4dmz client is to be started with

 jade4dmz.cmd|sh <configuration file name> <section name>

Sending files via the Internet from one network with a DMZ to another network with a DMZ

The file transfer processes in the sending network are controlled and checked by a JADE client in the network (JADE1).
This client runs the steps shown in the diagram and described in more detail below.

<mscgen>
// send files
msc {

 width1. "800";

JADE1,DMZ1,Internet,DMZ2;

  JADE1>DMZ1 [labelh1. "(1) copy data to DMZ1"];
  JADE1 .. DMZ1 [label "SFTP, FTP, FTPS"];
  JADEh1. >DMZ1 [label "(2) start JADE Client on DMZ1"];
  JADE1 .. DMZ1 [labelh1. "SSH"];
  DMZ1> DMZ2  [labelh1. "(3) JADE Client on DMZ1 transfers data from DMZ1 to DMZ2"];
  DMZ1 .. DMZ2  [label "SFTP, FTP, WebDav"];
  JADEh1. >DMZ1 [label "(4) delete data on DMZ1"];
  JADE1 .. DMZ1 [labelh1. "SFTP, FTP, FTPS"];
  JADE1>JADE1 [labelh1. "(5) delete data from file system"];

JADE1 box JADE1 label"Network 1 Intranet", textbgcolouh1. ",

  DMZ1 box DMZ1 [labeh1. "JADE Client on DMZ1", textbgcolour"#7f7fff",  textcolouh1. "#FFFFFF"],
  Internet box Internet [label"", textbgcolouh1. "#7f7fff",  textcolour"#FFFFFF"],
  DMZ2 box DMZ2 [labeh1. "JADE Client on DMZ2 is not required to receive data", textbgcolour"#ff7f7f",  textcolouh1. "#FFFFFF"];

}
</mscgen>

(1) Copy data to source DMZ

After checking and creating the respective temp folders, the files to be transferred are copied by the controlling JADE client in Network 1 (JADE1) from the network file system to the temp folder in DMZ1. This is done using SFTP, FTP or FTPS.

(2) Start JADE clients in DMZ1 per SSH

The JADE1 client starts its DMZ JADE client using SSH.

(3) Transfer data to target DMZ

The JADE client in DMZ1 carries out the file transfer from DMZ1 via the Internet to DMZ2. This can be done using SFTP, FTP, WebDav, etc.

(4) Delete data from source DMZ

After successful file transfer from DMZ1 to DMZ2, the JADE1 client uses SFTP, FTP or FTPS to delete the transferred files from DMZ1.

(5) Delete data on local

If required, the files on netork 1 will be deleted from the local file system by the JADE1 client.

Receiving files via the Internet in a network with a DMZ

The file transfer processes in the receiving network are also controlled and checked by a JADE client in the network (JADE2).
This client runs the steps shown in the diagram and described in more detail below.

<mscgen>
// receive files
msc {

 width"800";

DMZ1,Internet,DMZ2,JADE2;

  DMZ1h1. > DMZ2  [label "Data has been transferred to DMZ2", linecolouh1. "#A0A0A0", textcolour"#A0A0A0"];
  DMZ1 .. DMZ2  [labelh1. "SFTP, FTP, WebDav", linecolour"#A0A0A0", textcolouh1. "#A0A0A0"];
  DMZ2> JADE2 [labelh1. "(2) copy data from DMZ2"];
  DMZ2 .. JADE2 [label "SFTP, FTP, FTPS"];
  JADE2h1. > DMZ2 [label "(3) delete data on DMZ2"];
  JADE2 .. DMZ2 [labelh1. "SFTP, FTP, FTPS"];

DMZ1 box DMZ1 label"JADE Client on DMZ1", textbgcolouh1. ",

  Internet box Internet [labeh1. "", textbgcolour"#7f7f7f",  textcolouh1. "#FFFFFF"],
  DMZ2 box DMZ2 [label"JADE Client on DMZ2 is not required to receive data", textbgcolouh1. "#ff7f7f",  textcolour"#FFFFFF"],
  JADE2 box JADE2 [labeh1. "Network 2 Intranet", textbgcolour"#ff7f7f",  textcolouh1. "#FFFFFF"];

}
</mscgen>

After data has been copied to the target DMZ:

The following steps take place after files have been transferred to the temp folder in DMZ2:

(1) Copy data to target network

The controllling JADE client in the target network (JADE2) copies the files from DMZ2 to the local file system. This can be done using SFTP, FTP or FTPS.

(2) Delete data on local

The JADE2 client deletes the copied files from DMZ2.

See also:

• How to send/receive files using DMZ as a jump server
• How to poll a server in the DMZ and execute a job chain for each file found
• JADE / SOSFTP FAQ

<!--

File transfer via the Internet between data centres with DMZs - an overview

The processes in each data center are controlled and checked by a JADE client in each data center Intranet (JADE1 and JADE2).
These clients run the steps shown in the diagram and described in more detail below.

<mscgen>
// send and receive files
msc {

 width"1000";

JADE1,DMZ1,Internet,DMZ2,JADE2;

  JADEh1. >DMZ1 [label "(1) copy data to DMZ1"];
  JADE1 .. DMZ1 [labelh1. "SFTP, FTP, FTPS"];
  JADE1>DMZ1 [labelh1. "(2) start JADE Client on DMZ1"];
  JADE1 .. DMZ1 [label "SSH"];
  DMZ1h1. > DMZ2  [label "(3) JADE Client on DMZ1 transfers data from DMZ1 to DMZ2"];
  DMZ1 .. DMZ2  [labelh1. "SFTP, FTP, WebDav"];
  JADE1>DMZ1 [labelh1. "(4) delete data on DMZ1"];
  JADE1 .. DMZ1 [label "SFTP, FTP, FTPS"];
  JADEh1. >JADE1 [label "(5) delete data from file system"];
  DMZ2h1. > JADE2 [label "(6) copy data from DMZ2"];
  DMZ2 .. JADE2 [labelh1. "SFTP, FTP, FTPS"];
  JADE2> DMZ2 [labelh1. "(7) delete data on DMZ2"];
  JADE2 .. DMZ2 [label "SFTP, FTP, FTPS"];

JADE1 box JADE1 labeh1. "Data Center 1 Intranet", textbgcolour",

  DMZ1 box DMZ1 [label"JADE Client on DMZ1", textbgcolouh1. "#7f7fff",  textcolour"#FFFFFF"],
  Internet box Internet [labeh1. "", textbgcolour"#7f7f7f",  textcolouh1. "#FFFFFF"],
  DMZ2 box DMZ2 [label"JADE Client on DMZ2 is not required to receive data", textbgcolouh1. "#ff7f7f",  textcolour"#FFFFFF"],
  JADE2 box JADE2 [labeh1. "Data Center 2 Intranet", textbgcolour"#ff7f7f",  textcolour="#FFFFFF"];

}
</mscgen>

(1) Copy data to source DMZ

After checking and creating the respective temp folders, the files to be transferred are copied by the controlling JADE client in data center 1 (JADE1) from the data center file system to the temp folder in DMZ1. This is done using SFTP, FTP or FTPS.

(2) Start JADE client in DMZ1 per SSH

The JADE1 client starts its DMZ JADE client using SSH.

(3) Transfer data to target DMZ

The JADE client in DMZ1 carries out the file transfer from DMZ1 via the Internet to DMZ2. This can be done using SFTP, FTP, WebDav, etc.

(4) Delete data from source DMZ

After successful file transfer from DMZ1 to DMZ2, the JADE1 client uses SFTP, FTP or FTPS to delete the files from DMZ1.

(5) Delete data on local

If required, the files on data center 1 will be deleted from the local file system by the JADE1 client.

(6) Copy data from target DMZ

After successful file transfer from DMZ1 to DMZ2, the JADE2 client uses SFTP, FTP or FTPS to copy the transferred files from DMZ2 to the data center 2 file system. Note that the JADE client in this DMZ is not required to receive data.

(7) Delete data from target DMZ

After files have been transferred to the data center 2 file system the JADE2 client deletes the files from the temp folders in DMZ2 using SFTP, FTP or FTPS.

See also:

• How to send/receive files using DMZ as a jump server
• How to poll a server in the DMZ and execute a job chain for each file found
• JADE / SOSFTP FAQ
  -->