Goal
To transfer files from one network to another where file transfer to and from each network is only allowed via a demilitarised zone (DMZ).
Preconditions
- A JADE client on each network. Alternatively, a JobScheduler with JITL Jobs could be used for this.
#Jade Client on the DMZs To send files over the Internet via a DMZ using a jump server it is neccessary to install the JADE client on the DMZ/jump server before starting the file transfer. More information about the installation and a download containing all the files needed can be found here: JADE client.
#Configuration file with JADE profiles
#Firewall Configuration Firewalls on both DMZs must allow direct file transfer between the DMZs.
File transfer
Starting the file transfer
The file transfer can be started by using
- the local jade4dmz client
- the job Jade4DMZ_Copy_To_Internet
The jade4dmz client is to be started with
jade4dmz.cmd|sh <configuration file name> <section name>
Sending files via the Internet from one network with a DMZ to another network with a DMZ
The file transfer processes in the sending network are controlled and checked by a JADE client in the network (JADE1).
This client runs the steps shown in the diagram and described in more detail below.
<mscgen>
// send files
msc {
width="1000";
JADE1,DMZ1,Internet,DMZ2,JADE2;
}
</mscgen>
(1) Copy data to source DMZ
After checking and creating the respective temp folders, the files to be transferred are copied by the controlling JADE client in Network 1 (JADE1) from the network file system to the temp folder in DMZ1. This is done using SFTP, FTP or FTPS.
(2) Start JADE clients in DMZ1 per SSH
The JADE1 client starts its DMZ JADE client using SSH.
(3) Transfer data to target DMZ
The JADE client in DMZ1 carries out the file transfer from DMZ1 via the Internet to DMZ2. This can be done using SFTP, FTP, WebDav, etc.
(4) Delete data from source DMZ
After successful file transfer from DMZ1 to DMZ2, the JADE1 client uses SFTP, FTP or FTPS to delete the transferred files from DMZ1.
(5) Delete data on local
If required, the files on netork 1 will be deleted from the local file system by the JADE1 client.
Receiving files via the Internet in a network with a DMZ
The file transfer processes in the receiving network are also controlled and checked by a JADE client in the network (JADE2).
This client runs the steps shown in the diagram and described in more detail below.
After data has been copied to the target DMZ:
The following steps take place after files have been transferred to the temp folder in DMZ2:
(1) Copy data to target network
The controllling JADE client in the target network (JADE2) copies the files from DMZ2 to the local file system. This can be done using SFTP, FTP or FTPS.
(2) Delete data on local
The JADE2 client deletes the copied files from DMZ2.
See also: