Adding a server to the STENG - NEW! 🚀

To add a server to a STENG you must follow these steps:

  1. In the STENG, Clusters and Servers page, click on the NEW SERVER button.
  2. In the dialog window, select the protocol of the server you are adding among those available.
985
  1. Depending on the selected protocol, different dialog windows will appear. You can find a detailed description of the fields available for each protocol in the Protocol and fields section below. Fields with the asterisk * are mandatory.
    These fields are common to all protocols:
    - Server Name and Description.
    - Cluster associated to the server.
    - Default Status of the server: enabled or disabled.
  2. When done, click the Continue button to have a recap of the parameters entered. Click the Save button to deploy the server on the STENG.
  3. All STENGs must have the same number of servers to ensure high reliability. Therefore, when adding a server to a STENG, the last screen with list all STENGs and when saving, the server will be added to all missing STENGs. Likewise, when deleting a server, it will be deleted from all STENGs to keep the same number of servers in all STENGs.

Protocols and fields

These fields are common to all protocols:
- Server Name and Description.
- Cluster associated to the server.
- Default Status of the server: enabled or disabled.

Fields with the asterisk * are mandatory.

FTP

Connection
PORT * Enter the port to connect to the server. This is the TCP/IP port the server will listen to in the STENG node.
PORT RANGE Enter the range for the ports the server will listen to.
ACTIVE DATA CONNECTION LOCAL ADDRESS Enter the local address for active data connection
PASSIVE EXTERNAL ADDRESS This field must be filled in only if OPERATING MODE is set to PASSIVE and will contain the address used for passive connections. If the server is behind NAT, insert the external IP address.
MAX SESSION Specify the maximum number of active sessions.
CONNECTION TIMEOUT Define the number of seconds without network activity to wait before closing a session due to inactivity. Default value: 60.
ACTIVE DATA CONN LOCAL OUTPORT If the OPERATING MODE is set to ACTIVE, enter the port the client must connect to.
OPERATING MODE How data connection is established, possible values:

- ACTIVE (default value)
- PASSIVE
When setting the “Active mode file transfer”, the client will establish a control connection to the server and the server will establish a data connection back to the client.
With “Passive mode file transfer”, the client will establish both a control connection and a data connection to the server.
DMZ mode
NONE (default) No session proxying through DMZ Gateway applied.
PORT_FORWARDING Incoming/Outgoing connections to/from STENG server will be proxied inside an SSL tunnel without being validated in advance.
DMZ PROXY PORT *: This port represents the tunnel that is opened for connection with the STENG Server.
SESSION_TERMINATION The server session will be terminated inside the DMZ Gateway before data is sent to STENG server.
DMZ PROXY PORT *: This port represents the tunnel that is opened for connection with the STENG Server.
SERVER PORT *: DMZ server port used for connection.
DMZ PASSIVE EXTERNAL ADDRESS: When an FTP client wants transfer data using Passive Mode, it issues the PASV command. Upon receiving that command, the FTP server responds with the server’s IP address and the port number the client must connect to.
DMZ PORT RANGE: Range of ports for passive data connection.

FTPS

Connection
PORT * Enter the port to connect to the server. This is the TCP/IP port the server will listen to in the STENG node.
PORT RANGE Enter the range for the ports the server will listen to.
SERVER KEYLABEL * Enter the Key identifier about keystore store to select Private Key and Certificate to create SSL connection.
ACTIVE DATA CONNECTION LOCAL ADDRESS Enter the local address for active data connection.
PASSIVE EXTERNAL ADDRESS This field must be filled in only if OPERATING MODE is set to PASSIVE and will contain the address used for passive connections. If the server is behind NAT, insert the external IP address.
MAX SESSION Specify the maximum number of active sessions.
CONNECTION TIMEOUT Define the number of seconds without network activity to wait before closing a session due to inactivity. Default value: 60.
ACTIVE DATA CONN LOCAL OUTPORTIf the OPERATING MODE is set to ACTIVE, enter the port the client must connect to.
REQUIRE CLIENT AUTHENTICATIONEnable the toggle button if you want the server to require SSL Client Authentication to the client that is connecting.
If enabled, the CLIENT CERTIFICATION MATCH field appears and the appropriate option must be selected in the drop-down menu – details in the field here below.
CLIENT CERTIFICATION MATCHThis field appears if the REQUIRE CLIENT AUTHENTICATION button is enabled. It defines if the Certificate required for Client Authentication will be matched and how. Possible values:

- NONE: the Certificate will not be matched. The presence of a valid Certificate is enough to proceed. This is the less secure option.
- CNEQUALS (default value): the Common Name field of the Certificate must be exactly the same as the user name. This is the most restrictive option.
- CNCONTAINS: the Common Name field of the Certificate must contain the user name.
OPERATING MODEHow data connection is established, possible values:

- ACTIVE (default value)
- PASSIVE
When setting the “Active mode file transfer”, the client will establish a control connection to the server and the server will establish a data connection back to the client.
With “Passive mode file transfer”, the client will establish both a control connection and a data connection to the server.
DATA PROTECTIONData channel protection. Possible values:

- PROTECTED: Force data channel protection
- CLEARTEXT: No data channel protection
SSL CONTROLPossible values:

- EXPLICIT (recommended)
- IMPLICIT
Selecting EXPLICIT, an explicit SSL/TLS connection will be set via AUTH command.
Selecting IMPLICIT, an implicit SSL/TLS connection will be set. Most FTP/S Servers listen for implicit connections to port 990.
AUTHENTICATION PROTOCOLSelect the SSL authentication protocol. Possible values:

- ALL
- ONLY SPECIFIC VALUES:
SSLv3
TLSv1
TLSv1_1
TLSv1_2
TLSv1_3
SSLv2Hello
ACCEPTED CIPHER SUITESSelect the cipherSuites accepted to establish SSL connection.
For a list of all accepted Cipher Suites, follow this link.
DMZ mode
NONE (default) No session proxying through DMZ Gateway applied.
PORT_FORWARDING Incoming/Outgoing connections to/from STENG server will be proxied inside an SSL tunnel without being validated in advance.
DMZ PROXY PORT *: This port represents the tunnel that is opened for connection with the STENG Server.
SESSION_TERMINATIONThe server session will be terminated inside the DMZ Gateway, before data is sent to STENG server.
DMZ PROXY PORT *: This port represents the tunnel that is opened for connection with the STENG Server.
SERVER PORT *: DMZ server port used for connection.
SERVER KEYLABEL: Select the label of private key to be used by the FTPS server exposed in the DMZ Gateway.
REQUIRE CLIENT AUTHENTICATION: Enable the toggle button if you want the server to require SSL Client Authentication to the client that is connecting in DMZ.
If enabled, the DMZ CLIENT CERTIFICATION MATCH field appears and the appropriate option must be selected in the drop-down menu – details in the field here below.
If the FTPS client on DMZGateway is connecting to an FTPS Server with clientAuthentication=true on the STENG, check the client certificate coming from the client FTPS into the Untrusted Cache. Then trust the client certificate and check the Trust Store.
DMZ CLIENT CERTIFICATION MATCH: This field appears if the Require Client Authentication button is enabled. It defines if the Certificate required for Client Authentication will be matched and how. Possible values:

- NONE: the Certificate will not be matched. The presence of a valid Certificate is enough to proceed. This is the less secure option.
- CNEQUALS (default value): the Common Name field of the Certificate must be exactly the same as the user name. This is the most restrictive option.
- CNCONTAINS: the Common Name field of the Certificate must contain the user name.
ACCEPTED CIPHER SUITES: It lists SSL/TLS cipher suites available in the FTP/S server and exposed in the DMZ Gateway. Select the cipherSuites accepted. For a list of all accepted Cipher Suites, follow this link.
DATA PROTECTION: Set whether the data channel must be protected via SSL in the FTP/S server exposed in DMZ Gateway. Possible values:
- PROTECTED: Force data channel protection
- CLEARTEXT: No data channel protection
SECURITY PROTOCOL: Possible values:
- ALL
- ONLY SPECIFIC VALUES:
SSLv3
TLSv1
TLSv1.1
TLSv1.2
SSLv2Hello
SSL PROTOCOL: Select a secure server profile activation mechanism in FTP/S server exposed in DMZ Gateway (see Connection/SSL Control).
DMZ PASSIVE EXTERNAL ADDRESS: When an FTP/S client wants transfer data using Passive Mode, it issues the PASV command. Upon receiving that command, the FTP/S server responds with the server’s IP address and the port number the client must connect to.
DMZ PORT RANGE: Range of ports for passive data connection

SFTP

Connection
PORT * Enter the port to connect to the server. This is the TCP/IP port the server will listen to in the STENG node.
SERVER KEYLABEL * Enter the Key identifier about keystore store to select Private Key and Certificate to create SSL connection.
MAX SESSION Specify the maximum number of active sessions.
CONNECTION TIMEOUT Define the number of seconds without network activity to wait before closing a session due to inactivity. Default value: 60.
ALLOW SCP Switch to disable or enable the SCP protocol. Possible values: YES and NO.
ALLOWED CLIENT AUTHENTICATION MODES * This field refers to the SSH client authentication mechanism. Possible values:
PUBLICKEY
PASSWORD
PASSWORD_AND_PUBLICKEY
PASSWORD_OR_PUBLICKEY
ACCEPTED CIPHER SUITES Select the cipherSuites accepted to establish SSL connection.
For a list of all accepted Cipher Suites, follow this link.
MAC ALGORITHMS Possible values:
HMAC_MD5
HMAC_SHA1
HMAC_MD5_96
HMAC_SHA1_96
HMAC_SHA256
HMAC_SHA2_256
HMAC_SHA2_512
KEY EXCHANGE ALGORITHMS Possible values:
DIFFIE_HELLMAN_GROUP1_SHA1
DIFFIE_HELLMAN_GROUP14_SHA1
DIFFIE_HELLMAN_GROUP14_SHA256
DIFFIE_HELLMAN_GROUP15_SHA512
DIFFIE_HELLMAN_GROUP16_SHA512
DIFFIE_HELLMAN_GROUP17_SHA512
DIFFIE_HELLMAN_GROUP18_SHA512
DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA1
DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA256
ECDH_SHA2_NISTP256
ECDH_SHA2_NISTP384
ECDH_SHA2_NISTP521
DMZ mode
NONE (default) No session proxying through DMZ Gateway applied.
PORT_FORWARDING Incoming/Outgoing connections to/from STENG server will be proxied inside an SSL tunnel without being validated in advance.
DMZ PROXY PORT *: This port represents the tunnel that is opened for connection with the STENG Server.
SERVER KEYLABEL: Select the label of private key to be used by the SFTP server exposed in the DMZ Gateway.
CLIENT AUTHENTICATION MODES: This field refers to the SSH client authentication mechanism. Possible values:
PUBLICKEY
PASSWORD
PASSWORD_AND_PUBLICKEY
PASSWORD_OR_PUBLICKEY


MAC ALGORITHMS: Possible values:
HMAC_MD5
HMAC_SHA1
HMAC_MD5_96
HMAC_SHA1_96
HMAC_SHA256
HMAC_SHA2_256
HMAC_SHA2_512


KEY EXCHANGE ALGORITHMS: Possible values:
DIFFIE_HELLMAN_GROUP1_SHA1
DIFFIE_HELLMAN_GROUP14_SHA1
DIFFIE_HELLMAN_GROUP14_SHA256
DIFFIE_HELLMAN_GROUP15_SHA512
DIFFIE_HELLMAN_GROUP16_SHA512
DIFFIE_HELLMAN_GROUP17_SHA512
DIFFIE_HELLMAN_GROUP18_SHA512
DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA1
DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA256
ECDH_SHA2_NISTP256
ECDH_SHA2_NISTP384
ECDH_SHA2_NISTP521


ACCEPTED CIPHER SUITES: It lists SSL/TLS cipher suites available in the SFTP server and exposed in the DMZ Gateway. Select the cipherSuites accepted. For a list of all accepted Cipher Suites, follow this link.
SESSION_TERMINATION The server session will be terminated inside the DMZ Gateway, before data is sent to STENG server.
DMZ PROXY PORT *: This port represents the tunnel that is opened for connection with the STENG Server.

SERVER PORT *: Enter the DMZ server port to be used for the connection.

SERVER KEYLABEL: Select the label of private key to be used by the SFTP server exposed in the DMZ Gateway.

CLIENT AUTHENTICATION MODES: This field refers to the SSH client authentication mechanism. Possible values:
PUBLICKEY
PASSWORD
PASSWORD_AND_PUBLICKEY
PASSWORD_OR_PUBLICKEY


ACCEPTED CIPHER SUITES: It lists SSL/TLS cipher suites available in the SFTP server and exposed in the DMZ Gateway. Select the cipherSuites accepted. For a list of all accepted Cipher Suites, follow this link.

MAC ALGORITHMS: Possible values:
HMAC_MD5
HMAC_SHA1
HMAC_MD5_96
HMAC_SHA1_96
HMAC_SHA256
HMAC_SHA2_256
HMAC_SHA2_512


KEY EXCHANGE ALGORITHMS: Possible values:
DIFFIE_HELLMAN_GROUP1_SHA1
DIFFIE_HELLMAN_GROUP14_SHA1
DIFFIE_HELLMAN_GROUP14_SHA256
DIFFIE_HELLMAN_GROUP15_SHA512
DIFFIE_HELLMAN_GROUP16_SHA512
DIFFIE_HELLMAN_GROUP17_SHA512
DIFFIE_HELLMAN_GROUP18_SHA512
DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA1
DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA256
ECDH_SHA2_NISTP256
ECDH_SHA2_NISTP384
ECDH_SHA2_NISTP521


ACCEPTED CIPHER SUITES: It lists SSL/TLS cipher suites available in the SFTP server and exposed in the DMZ Gateway. Select the cipherSuites accepted. For a list of all accepted Cipher Suites, follow this link.


The rsa-sha2-256 and rsa-sha2-512 signing algorithms (also called HostKeyAlgorithms) are included in the list of supported ssh-rsa and ssh-dss algorithms.
They are hard-coded, so they cannot be configured.


HTTP

Connection
PORT *Enter the port to connect to the server. This is the TCP/IP port the server will listen to in the STENG node.
MAX SESSIONSpecify the maximum number of active sessions.
DMZ mode
NONE (default) No session proxying through DMZ Gateway applied.
PORT_FORWARDING Incoming/Outgoing connections to/from STENG server will be proxied inside an SSL tunnel without being validated in advance.
DMZ PROXY PORT *: This port represents the tunnel that is opened for connection with the STENG Server.
SESSION_TERMINATION The server session will be terminated inside the DMZ Gateway, before data is sent to STENG server.
DMZ PROXY PORT *: This port represents the tunnel that is opened for connection with the STENG Server.
SERVER PORT *: Enter the DMZ server port to be used for the connection.

HTTPS

Connection
PORT * Enter the port to connect to the server. This is the TCP/IP port the server will listen to in the STENG node.
SERVER KEYLABEL * Enter the Key identifier about keystore store to select Private Key and Certificate to create SSL connection.
MAX SESSION Specify the maximum number of active sessions.
CONNECTION TIMEOUT Define the number of seconds without network activity to wait before closing a session due to inactivity. Default value: 60.
REQUIRE CLIENT AUTHENTICATIONEnable the toggle button if you want the server to require SSL Client Authentication to the client that is connecting.
If enabled, the CLIENT CERTIFICATION MATCH field appears and the appropriate option must be selected in the drop-down menu – details in the field here below.
CLIENT CERTIFICATION MATCHThis field appears if the Require Client Authentication button is enabled. It defines if the Certificate required for Client Authentication will be matched and how. Possible values:

- NONE: the Certificate will not be matched. The presence of a valid Certificate is enough to proceed. This is the less secure option.
- CNEQUALS (default value): the Common Name field of the Certificate must be exactly the same as the user name. This is the most restrictive option.
- CNCONTAINS: the Common Name field of the Certificate must contain the user name.
AUTHENTICATION PROTOCOL Select the SSL authentication protocol. Possible values:

- ALL
- ONLY SPECIFIC VALUES:
SSLv3
TLSv1
TLSv1_1
TLSv1_2
TLSv1_3
SSLv2Hello
ACCEPTED CIPHER SUITES Select the cipherSuites accepted to establish SSL connection.
For a list of all accepted Cipher Suites, follow this link.
DMZ mode
NONE (default) No session proxying through DMZ Gateway appli.
PORT_FORWARDING Incoming/Outgoing connections to/from STENG server will be proxied inside an SSL tunnel without being validated in advance.
DMZ PROXY PORT *: This port represents the tunnel that is opened for connection with the STENG Server.
SESSION_TERMINATIONThe server session will be terminated inside the DMZ Gateway, before data is sent to STENG server.
DMZ PROXY PORT *: This port represents the tunnel that is opened for connection with the STENG Server.
SERVER PORT *: Enter the DMZ server port to be used for the connection.
SERVER KEYLABEL: Select the label of private key to be used by the SFTP server exposed in the DMZ Gateway.
REQUIRE CLIENT AUTHENTICATION: Enable to use SSL Client authentication in DMZ. The remote X.509 client certificate will be validated by the DMZ HTTP/S server before the connection is routed to STENG server.
If enabled, the DMZ CLIENT CERTIFICATION MATCH field appears and the appropriate option must be selected in the drop-down menu – details in the field here below.
If the HTTP client on DMZGateway is connecting to an HTTP Server with clientAuthentication=true on the STENG, check the client certificate coming from the client HTTP into the Untrusted Cache. Then trust the client certificate and check the Trust Store.
DMZ CLIENT CERTIFICATION MATCH: This field appears if the Require Client Authentication button is enabled. It defines if the Certificate required for Client Authentication will be matched and how. Possible values:

- NONE: the Certificate will not be matched. The presence of a valid Certificate is enough to proceed. This is the less secure option.
- CNEQUALS (default value): the Common Name field of the Certificate must be exactly the same as the user name. This is the most restrictive option.
- CNCONTAINS: the Common Name field of the Certificate must contain the user name.
AUTHENTICATION PROTOCOL: Select the SSL authentication protocol. Possible values:
- ALL
- ONLY SPECIFIC VALUES:
SSLv3
TLSv1
TLSv1_1
TLSv1_2
SSLv2Hello
ACCEPTED CIPHER SUITES: It lists SSL/TLS cipher suites available in the FTP/S server and exposed in the DMZ Gateway. Select the cipherSuites accepted. For a list of all accepted Cipher Suites, follow this link.

PeSIT

Connection
PORT *Enter the port to connect to the server. This is the TCP/IP port the server will listen to in the STENG node.
DIAGNOSTIC PORT1Enter the Diagnostic port used by the native layer.
DIAGNOSTIC PORT2Enter the Diagnostic port used by the native layer.
LOCAL IDEnter the local Pesit identifier.
DEFAULT FILE NAMEEnter a default file name for file received. This is a free text field where spaces are allowed but not suggested.
MAXIMUM PDU SIZEEnter the maximum PDU size buffer. Possible values: 1 <= size <= 66000. Default value: 30000.
MAXIMUM SDU SIZEEnter the maximum SDU size buffer. Possible values: 1 <= size <= 66000. Default value: 30000.
CONNECTION TIMEOUTDefine the number of seconds without network activity to wait before closing a session due to inactivity.
MAX SESSIONEnter the maximum number of active sessions. Values: 0 to 256.
SYNC POINT BY DATAEnter the number of synchronization points used to restart a transfer after an incident
ACK WINDOWEnter the Acknowledgement window size. Values: 0 to 255.
DMZ mode
NONE (default) No session proxying through DMZ Gateway applied.
PORT_FORWARDING Incoming/Outgoing connections to/from STENG server will be proxied inside an SSL tunnel without being validated in advance.
DMZ PROXY PORT *: This port represents the tunnel that is opened for connection with the STENG Server.
SESSION_TERMINATION The server session will be terminated inside the DMZ Gateway, before data is sent to STENG server.

PR4

When configured on multiple STENG peers, the PR4 server provides active-passive High Availability. This implies that outbound transport jobs and inbound transport jobs using the PR4 protocol will only run in one of the peers.

The first peer activated gets priority activation of the PR4 server.
Peers activated later will remain in idle status.
In case of deactivation or crash of the first peer, the system will assign activation priority to one of the other peers that are still active.

In mini systems (i.e. excluding zOS), idle servers are activated in mirror mode in order to redirect incoming traffic to the one and only active server.

Note: Intentionally stopping the PR4 server in the peer that holds the PR4 activation priority does not change the configuration of the priority assignment. So, PR4 transport jobs will not be executed until the server is started.

Connection
PORT * Enter the port to connect to the server. This is the TCP/IP port the server will listen to in the STENG node.
NODE NAME * Enter the SPAZIO system local name.
QMANAGER NAME * Enter the SPAZIO local Queue Manager.
SERVER KEYLABEL Select the key identifier about keystore store to select Private Key and Certificate to create SSL connection.
PPS COMPRESSION SUPPORT Enable if the server must accept compression using PPS.
PPS HASH ALGORITHM Select the algorithm used by PPS for hashing. Possible values:
NULLHASH
MD5
SHA1
SHA_256
SHA_384
SHA_512
PPS CRYPTO ALGORITHM Select the algorithm used by PPS for cryptography. Possible values:
NULLCIPHER
DES_CBC
DES3_CBC
RC4
DES3_CBC_EDE2
AES256_CTR
AES192_CTR
AES128_CTR
DMZ mode
NONE (default) No session proxying through DMZ Gateway applied.
PORT_FORWARDING Incoming/Outgoing connections to/from STENG server will be proxied inside an SSL tunnel without being validated in advance.
OUTGOING LINE IPADDR *: Enter the address used by outgoing connections via DMZ.
OUTGOING LINE PORT *: Enter the port used by outgoing connections via DMZ.
SESSION_TERMINATION The server session will be terminated inside the DMZ Gateway, before data is sent to STENG server.
DMZ PROXY PORT *: This port represents the tunnel that is opened for connection with the STENG Server.
SERVER PORT *: Enter the DMZ server port to be used for the connection.
OUTGOING LINE IPADDR *: Enter the address used by outgoing connections via DMZ.
OUTGOING LINE PORT *: Enter the port used by outgoing connections via DMZ.

PR5

Connection
PORT * Enter the port to connect to the server. This is the TCP/IP port the server will listen to in the STENG node.
QMANAGER NAME * Enter the SPAZIO local Queue Manager. Maximum 48 characters.
DEFAULT CHARSET * Select the default charset used to convert the received text in the external file.
For a list of the default charset, follow this link.
SERVER KEYLABEL * Select the key identifier about keystore store to select Private Key and Certificate to create SSL connection.
AUTHENTICATION PROTOCOL Select the SSL authentication protocol. Possible values:
ALL
ONLY SPECIFIC VALUES
:
SSLv3
TLSv1
TLSv1_1
TLSv1_2
TLSv1_3
SSLv2Hello
ACCEPTED CIPHER SUITES Select the cipherSuites accepted to establish SSL connection.
For a list of all accepted Cipher Suites, follow this link.
REQUIRE CLIENT AUTHENTICATION Enable the toggle button if SSL Client authentication must be required.
DMZ mode
NONE (default) No session proxying through DMZ Gateway applied.
PORT_FORWARDING Incoming/Outgoing connections to/from STENG server will be proxied inside an SSL tunnel without being validated in advance.
DMZ PROXY PORT *: This port represents the tunnel that is opened for connection with the STENG Server.
SERVER KEYLABEL: Select the label of private key to be used by the SFTP server exposed in the DMZ Gateway.
AUTHENTICATION PROTOCOL: Select the SSL authentication protocol. Possible values:
ALL
ONLY SPECIFIC VALUES
:
SSLv3
TLSv1
TLSv1_1
TLSv1_2
TLSv1_3
SSLv2Hello
ACCEPTED CIPHER SUITES: For a list of all accepted Cipher Suites, follow this link.
REQUIRE CLIENT AUTHENTICATION: Enable the toggle button if SSL Client authentication must be required.
SESSION_TERMINATION The server session will be terminated inside the DMZ Gateway, before data is sent to STENG server.
DMZ PROXY PORT *: This port represents the tunnel that is opened for connection with the STENG Server.
SERVER PORT *: Enter the DMZ server port to be used for the connection.
SERVER KEYLABEL: Select the label of private key to be used by the SFTP server exposed in the DMZ Gateway.
AUTHENTICATION PROTOCOL: Select the SSL authentication protocol. Possible values:
ALL
ONLY SPECIFIC VALUES
:
SSLv3
TLSv1
TLSv1_1
TLSv1_2
TLSv1_3
SSLv2Hello
ACCEPTED CIPHER SUITES: For a list of all accepted Cipher Suites, follow this link.
REQUIRE CLIENT AUTHENTICATION: Enable the toggle button if SSL Client authentication must be required.

PR5S

Connection
PORT * Enter the port to connect to the server. This is the TCP/IP port the server will listen to in the STENG node.
QMANAGER NAME * Enter the SPAZIO local Queue Manager. Maximum 48 characters.
DEFAULT CHARSET * Select the default charset used to convert the received text in the external file.
For a list of the default charset, follow this link.
SERVER KEYLABEL * Select the key identifier about keystore store to select Private Key and Certificate to create SSL connection.
AUTHENTICATION PROTOCOL Select the SSL authentication protocol. Possible values:
ALL
ONLY SPECIFIC VALUES:

SSLv3
TLSv1
TLSv1_1
TLSv1_2
TLSv1_3
SSLv2Hello
ACCEPTED CIPHER SUITES Select the cipherSuites accepted to establish SSL connection.
For a list of all accepted Cipher Suites, follow this link.
🚀REQUIRE CLIENT AUTHENTICATION Enable the toggle button if you want the server to require SSL Client Authentication to the client that is connecting.
If enabled, the CLIENT CERTIFICATION MATCH field appears, and the appropriate option must be selected in the drop-down menu – details in the field here below.
🚀 CLIENT CERTIFICATION MATCHThis field appears if the Require Client Authentication button is enabled. It defines if the Certificate required for Client Authentication will be matched and how. Possible values:

- NONE: the Certificate will not be matched. The presence of a valid Certificate is enough to proceed. This is the less secure option.
- CNEQUALS (default value): the Common Name field of the subject of the Certificate must be exactly the same as the user name. This is the most restrictive option.
- CNCONTAINS: the Common Name field of the subject of the Certificate must contain the user name.
DMZ mode
NONE (default) No session proxying through DMZ Gateway applied.
PORT_FORWARDING Incoming/Outgoing connections to/from STENG server will be proxied inside an SSL tunnel without being validated in advance.
DMZ PROXY PORT *: This port represents the tunnel that is opened for connection with the STENG Server.
SERVER KEYLABEL: Select the label of private key to be used by the SFTP server exposed in the DMZ Gateway.
AUTHENTICATION PROTOCOL: Select the SSL authentication protocol. Possible values:
ALL
ONLY SPECIFIC VALUES:

SSLv3
TLSv1
TLSv1_1
TLSv1_2
TLSv1_3
SSLv2Hello
ACCEPTED CIPHER SUITES: For a list of all accepted Cipher Suites, follow this link.
REQUIRE CLIENT AUTHENTICATION: Enable the toggle button if SSL Client authentication must be required.
SESSION_TERMINATION The server session will be terminated inside the DMZ Gateway, before data is sent to STENG server.
DMZ PROXY PORT *: This port represents the tunnel that is opened for connection with the STENG Server.
SERVER PORT *: Enter the DMZ server port to be used for the connection.
SERVER KEYLABEL: Select the label of private key to be used by the SFTP server exposed in the DMZ Gateway.
AUTHENTICATION PROTOCOL: Select the SSL authentication protocol. Possible values:
ALL
ONLY SPECIFIC VALUES:

SSLv3
TLSv1
TLSv1_1
TLSv1_2
TLSv1_3
SSLv2Hello
ACCEPTED CIPHER SUITES: For a list of all accepted Cipher Suites, follow this link.
REQUIRE CLIENT AUTHENTICATION: Enable the toggle button if SSL Client authentication must be required.

CD

Connection
EVENT POLLING BATCH SIZEEnter the maximum quantity of Connect:Direct statistics read at each poll; this is necessary to verify that a file is ready to be got.
PORT *Enter the API command port of the Connect:Direct server.
HOST *Enter the IP Address of the Connect:Direct server.
NODE NAME *Enter name of the Connect:Direct node.
USER *Enter the Username to connect to the Connect:Direct node.
PASSWORD *Enter the password to connect to the Connect:Direct node.
SHARED FOLDER WITH C:D SERVER *Enter the folder shared with the server.
CONNECTION TIMEOUTEnter the number of seconds without network activity to wait before closing a session due to inactivity. Default value: 60.
DMZ cannot be used with this protocol
Note: The first time the C:D server is started, the "trnx/cd" folder is created in the directory shared among the STENGs of the Cluster. Information about the files exchanged between Data One and the C:D Server is written in this folder. Moreover, it is used to manage the C:D Server statistics.