AS2 or FTP:What’s Best for Your Company
John Radko, Chief Technology Strategist, GXS
Rochelle Cohen, Sr. Product Marketing Manager, GXS
Slide 2 ©2011 GXS, Inc.
Family Feud: AS2 Versus the FTP ClanSelecting the Right Option for Your B2B Needs
Slide 3 ©2011 GXS, Inc.
Agenda
AS2 vs FTP John Radko
– Review of basics
– How do they work?
– How to choose the best one?
GXS Solutions for Connectivity Rochelle Cohen
– Options available
– Additional services
Q&A
Slide 4 ©2011 GXS, Inc.
What Is a Protocol?
Client? Server?
Channel?
To illustrate the basics of a communication
protocol, let’s buy some furniture…
Slide 5 ©2011 GXS, Inc.
IKEA Protocol for Furniture Transfer
Client
Slide 6 ©2011 GXS, Inc.
IKEA Protocol for Furniture Transfer
Client
Server
Slide 7 ©2011 GXS, Inc.
IKEA Protocol for Furniture Transfer
Channel
Client
Server
Slide 8 ©2011 GXS, Inc.
IKEA Protocol for Furniture Transfer
Synchronous
Request/Response
(You go to the store, find it, put
it on a cart, buy it, and drive it
home.)
Channel
Client
Server
Slide 9 ©2011 GXS, Inc.
N.C. Furniture Protocol
Client
Slide 10 ©2011 GXS, Inc.
N.C. Furniture Protocol
Client
Server
Slide 11 ©2011 GXS, Inc.
N.C. Furniture Protocol
Request
Channel
Client
Server
Slide 12 ©2011 GXS, Inc.
N.C. Furniture Protocol
Request
Response
Channel
Client
Server
Slide 13 ©2011 GXS, Inc.
Understanding a Comms Protocol
Clients are requesting data (in the B2B
scenario) or services
Servers are providing the data or services
The Channel is how the request and data
move (may be combined or discrete)
Client/Server is a role – a given system may be
both depending on the situation (AS2)
April 6, 2011 | Slide 14 ©2010 GXS, Inc.
Looking at the Protocol Families
Slide 15 ©2011 GXS, Inc.
A Shared “Family Tree”
Internet Protocol (IP)
Slide 16 ©2011 GXS, Inc.
A Shared “Family Tree”
Internet Protocol (IP)
Transport Control Protocol (TCP) (UDP)
Slide 17 ©2011 GXS, Inc.
A Shared “Family Tree”
Internet Protocol (IP)
Transport Control Protocol (TCP) (UDP)
TCP/IP
Slide 18 ©2011 GXS, Inc.
A Shared “Family Tree”
Internet Protocol (IP)
Transport Control Protocol (TCP) (UDP)
TCP/IP
File Transfer
Protocol (FTP)
Hyper-text Transfer
Protocol (HTTP)
Slide 19 ©2011 GXS, Inc.
A Shared “Family Tree”
Internet Protocol (IP)
Transport Control Protocol (TCP) (UDP)
TCP/IP
File Transfer
Protocol (FTP)
Hyper-text Transfer
Protocol (HTTP)
FTP Secure or FTP-
SSL (FTPS)
HTTP over SSL
(HTTPS)
Slide 20 ©2011 GXS, Inc.
A Shared “Family Tree”
Internet Protocol (IP)
Transport Control Protocol (TCP) (UDP)
TCP/IP
File Transfer
Protocol (FTP)
Hyper-text Transfer
Protocol (HTTP)
FTP Secure or FTP-
SSL (FTPS)
Applicability
Statement 3 (AS3)
HTTP over SSL
(HTTPS)
Applicability
Statement 2 (AS2)
Slide 21 ©2011 GXS, Inc.
A Shared “Family Tree”
Internet Protocol (IP)
Transport Control Protocol (TCP) (UDP)
TCP/IP
File Transfer
Protocol (FTP)
Hyper-text Transfer
Protocol (HTTP)
FTP Secure or FTP-
SSL (FTPS)
Applicability
Statement 3 (AS3)
HTTP over SSL
(HTTPS)
Applicability
Statement 2 (AS2)
Slide 22 ©2011 GXS, Inc.
A Shared “Family Tree”
Internet Protocol (IP)
Transport Control Protocol (TCP) (UDP)
TCP/IP
File Transfer
Protocol (FTP)
Hyper-text Transfer
Protocol (HTTP)
FTP Secure or FTP-
SSL (FTPS)*
Applicability
Statement 3 (AS3)
HTTP over SSL
(HTTPS)
Applicability
Statement 2 (AS2)
Slide 23 ©2011 GXS, Inc.
The Extended Family
Internet Protocol (IP)
Transport Control Protocol (TCP)The
Internet
FTP HTTP SMTP SSH
FTPS HTTPS SFTP
AS3 AS2
SOAP
AS1AS4EDIINT
Slide 24 ©2011 GXS, Inc.
ServerServer
How FTP Works (Active Mode)
FTP
ClientFTP
Server
Command Channel
Random port
above 1023 Port 21
Slide 25 ©2011 GXS, Inc.
ServerServer
How FTP Works (Active Mode)
FTP
ClientFTP
Server
Command Channel
Random port
above 1023 Port 21
Data Channel
Random port
+1 (1024)
Port 20
Slide 26 ©2011 GXS, Inc.
ServerServer
How FTP Works (Active Mode) Challenge
FTP
ClientFTP
Server
Command Channel
Random port
above 1023 Port 21
Data Channel
Port 20Firewall that
HATES
inbound
connections
Slide 27 ©2011 GXS, Inc.
ServerServer
How FTP Works (Passive Mode)
FTP
ClientFTP
Server
Command Channel
Random port
above 1023 Port 21
Slide 28 ©2011 GXS, Inc.
ServerServer
How FTP Works (Passive Mode)
FTP
ClientFTP
Server
Command Channel
Random port
above 1023 Port 21
Server opens a port in
the firewall for the client
to use for data (>1023)
Slide 29 ©2011 GXS, Inc.
ServerServer
How FTP Works (Passive Mode)
FTP
ClientFTP
Server
Command Channel
Random port
above 1023 Port 21
Data Channel
Server opens a port in
the firewall for the client
to use for data (>1023)
Random port
+1 (1024)
Slide 30 ©2011 GXS, Inc.
ServerServer
How FTP Works (Passive Mode) Challenge
FTP
ClientFTP
Server
Command Channel
Random port
above 1023 Port 21
Data Channel
Random port
+1 (1024)
Network
Admin that
HATES
inbound
connections
Slide 31 ©2011 GXS, Inc.
Securing FTP
VPN
– Creates a secure “tunnel”
– Can be used with any
protocol, not just FTP
– Some standards (especially
server-to-server), but may
require client install
FTPS
– 2 types
• Explicit
• Implicit
– Uses TLS/SSL to
encrypt one or both
channels
Slide 32 ©2011 GXS, Inc.
ServerServer
Virtual Private Network (VPN)
FTP
ClientFTP
ServerVPN
VP
N S
oft
wa
reV
PN
So
ftware
Slide 33 ©2011 GXS, Inc.
ServerServer
Virtual Private Network (VPN)
FTP
ClientFTP
Server
Command Channel
VPNV
PN
So
ftw
are
VP
N S
oftw
are
Slide 34 ©2011 GXS, Inc.
ServerServer
Virtual Private Network (VPN)
FTP
ClientFTP
Server
Command Channel
Data Channel
VPNV
PN
So
ftw
are
VP
N S
oftw
are
Slide 35 ©2011 GXS, Inc.
Explicit FTPS
ServerServer
FTP
ClientFTP
Server
Command Channel
Data Channel
Slide 36 ©2011 GXS, Inc.
Explicit FTPS
ServerServer
FTP
ClientFTP
Server
Command Channel
Data Channel
AUTH SSL
Slide 37 ©2011 GXS, Inc.
Explicit FTPS
ServerServer
FTP
ClientFTP
Server
Command Channel
Data Channel
AUTH SSL
Slide 38 ©2011 GXS, Inc.
Explicit FTPS
ServerServer
FTP
ClientFTP
Server
Command Channel
Data Channel
AUTH SSL
Explicit FTPS is usually used so that
non FTPS clients can still connect.
Slide 39 ©2011 GXS, Inc.
Explicit FTPS
ServerServer
FTP
ClientFTP
Server
Command Channel
Data Channel
AUTH SSL
Explicit FTPS is usually used so that
non FTPS clients can still connect.
Slide 40 ©2011 GXS, Inc.
Implicit FTPS
ServerServer
FTP
ClientFTP
Server
Command Channel
Slide 41 ©2011 GXS, Inc.
Implicit FTPS
ServerServer
FTP
ClientFTP
Server
Command Channel
Data Channel
Slide 42 ©2011 GXS, Inc.
Implicit FTPS
ServerServer
FTP
ClientFTP
Server
Command Channel
Data Channel
Implicit FTPS always uses secured
channels, but the software must
support it to connect.
Slide 43 ©2011 GXS, Inc.
AS2 Provides Value-Added Capabilities
– Security• Data is encrypted and signed
• Data is secured at all points
• Digital signatures allow non-repudiation
– Message Management
• Usage of “receipts” (called MDNs)
• Defined service levels
– Interoperability
• Extensive interoperability testing
• Certification by Drummond assures products work together
Slide 44 ©2011 GXS, Inc.
Public Internet or Other
TCP/IP Network
How Does AS2 Work?
Partner BPartner ASender Receiver
001101…
Slide 45 ©2011 GXS, Inc.
Public Internet or Other
TCP/IP Network
How Does AS2 Work?
Partner BPartner ASender
• Sign
Receiver
001101…
Slide 46 ©2011 GXS, Inc.
Public Internet or Other
TCP/IP Network
How Does AS2 Work?
Partner BPartner ASender
• Sign
• Encrypt
Receiver
001101…
Slide 47 ©2011 GXS, Inc.
Public Internet or Other
TCP/IP Network
How Does AS2 Work?
Partner BPartner A
HTTP
Sender
• Sign
• Encrypt
• Send
Receiver
• Receive
001101…
Slide 48 ©2011 GXS, Inc.
Public Internet or Other
TCP/IP Network
How Does AS2 Work?
Partner BPartner A
HTTP
Sender
• Sign
• Encrypt
• Send
Receiver
• Receive
• Decrypt
001101…
001101…
Slide 49 ©2011 GXS, Inc.
Public Internet or Other
TCP/IP Network
How Does AS2 Work?
Partner BPartner A
HTTP
Sender
• Sign
• Encrypt
• Send
Receiver
• Receive
• Decrypt
• Verify Signature
001101…
PARTNER
A
001101…
Slide 50 ©2011 GXS, Inc.
Public Internet or Other
TCP/IP Network
How Does AS2 Work?
Partner BPartner A
HTTP
MDN
Sender
• Sign
• Encrypt
• Send
Receiver
• Receive
• Decrypt
• Verify Signature
• Send MDN
001101…
PARTNER
A
001101…
Slide 51 ©2011 GXS, Inc.
Public Internet or Other
TCP/IP Network
How Does AS2 Work?
Partner BPartner A
HTTP
MDN
Sender
• Sign
• Encrypt
• Send
• Verify MDN
Receiver
• Receive
• Decrypt
• Verify Signature
• Send MDN
001101…
PARTNER
A
001101…
Slide 52 ©2011 GXS, Inc.
A Quick Comparison – Pluses
AS2 – Ready for Business
Purpose built for B2B
Interoperable security
Interoperable non-repudiation
Built-in business grade transaction
management
Proxy/firewall friendly
Interoperability testing process
Widely adopted in many
communities
(opt) Re-start
Slide 53 ©2011 GXS, Inc.
A Quick Comparison – Pluses
AS2 – Ready for Business
Purpose built for B2B
Interoperable security
Interoperable non-repudiation
Built-in business grade transaction
management
Proxy/firewall friendly
Interoperability testing process
Widely adopted in many
communities
(opt) Re-start
FTP – I’m Already Here
Ubiquitous, on basically every
computer
Widely used in almost every
community
Vast amounts of experience
Nearly instant setup
Low administrative overhead*
FTPS – Privacy Included
Channel encryption
Low administrative overhead
Relatively simple
Slide 54 ©2011 GXS, Inc.
A Quick Comparison – Minuses
AS2 – Specialist
Requires special software
Certificate administration
Higher processing overhead (for
encryption and digital signature)
More keys/IDs to manage
Slide 55 ©2011 GXS, Inc.
A Quick Comparison – Minuses
AS2 – Specialist
Requires special software
Certificate administration
Higher processing overhead (for
encryption and digital signature)
More keys/IDs to manage
FTP – Master of None
What security?
No standard guaranteed delivery
No interoperability testing
No standardized document
tracking
Requires two network connections
Can be difficult (or impossible) to
traverse some networks (NAT)
FTPS
All the minuses of FTP
Not as ubiquitous as FTP
Slide 56 ©2011 GXS, Inc.
And the Winner Is…
Applicability
Statement 2 (AS2)
Slide 57 ©2011 GXS, Inc.
FTP or
AS2
Gateway
A Hybrid Community to Mediate Protocols
Partners using same
protocol
Partners that use a
different protocol
April 6, 2011 | Slide 58 ©2010 GXS, Inc.
GXS Communications Portfolio
April 6, 2011 | Slide 59 ©2010 GXS, Inc.
Your B2B Communications Decisions
EDI
Translator
EDI Data
Communications
Software
EDI
Translator
EDI Data
Sending Company Receiving Company
Service
Provider
Which protocol?
How to connect?
Communications
Software
April 6, 2011 | Slide 60 ©2010 GXS, Inc.
AS2 and FTP/VPNMost Popular Protocols for New GXS Clients
Protocols Selected by New GXS Clients
2008-2010
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
AS2
FTP/VPNSFTP
FTPS
Other
April 6, 2011 | Slide 61 ©2010 GXS, Inc.
Global, Flexible Connectivity OptionsEnabling Businesses to Make Technology Decisions Independent of Their Partners
FTP/VPN,
S/FTP and
FTP/S
SOAP
& HTTPS
AS1, AS2,
AS3
Internet Protocols
OFTP
Async /
Bisync & SNA
MQ Series
Legacy Protocols
X400
X.25
VAN
Interconnect Frame Relay
Private
IP Networks
(e.g., ANX, ENX)
Web Forms EDI-to-Fax
Other Services
®
April 6, 2011 | Slide 62 ©2010 GXS, Inc.
Internet
AS2 Direct
Trading Partners
AS2 Trading
Partners
Your Company
Full Portfolio of AS2 Options on GXS
Trading Grid
April 6, 2011 | Slide 63 ©2010 GXS, Inc.
Internet
AS2 Direct
Trading Partners
AS2
Real-time, efficient communications with your
entire community
One implementation with GXS, GXS manages
community
All the value-added transaction management
services
Leverages AS2 software already in place
Reduce risk of failed connectivity
Trading
Partners
Your Company
Full Portfolio of AS2 Options on GXS
Trading Grid
April 6, 2011 | Slide 64 ©2010 GXS, Inc.
Internet
AS2 Direct
Trading Partners
AS2
Real-time, efficient communications with your
entire community
One implementation with GXS, GXS manages
community
All the value-added transaction management
services
Leverages AS2 software already in place
Reduce risk of failed connectivity
Trading
Partners
Additional AS2 Services: AS2 Contingency
– Back-up access if your AS2
server goes down
AS2 Outsourcing
– Comply with AS2 mandates
without adding infrastructure,
expense, and expertise
Your Company
Full Portfolio of AS2 Options on GXS
Trading Grid
April 6, 2011 | Slide 65 ©2010 GXS, Inc.
Full Portfolio of Secure FTP Solutions
Multiple FTP options:
FTP over VPN
SFTP (SSH FTP)
FTPS (FTP/SSL)
InternetSecure FTP
Trading
Partners
Your Company
Easy to implement
Standards based
Wide range of client
software support
Multiple security options
April 6, 2011 | Slide 66 ©2010 GXS, Inc.
GXS BizManager® SoftwareBehind-the-Firewall Connectivity Software for Every Type of User
Fu
ncti
on
ali
ty
BizManager400unlimited connections
BizManager BizConnectUp to 25 connections
Community Size
Windows, Red Hat and
SUSE Linux, Solaris,
AIX, HP-UX
AS400
Windows, Red Hat and
SUSE Linux
BizManager BizLink
unlimited connections
April 6, 2011 | Slide 67 ©2010 GXS, Inc.
GXS Internet Connectivity Solutions for Each Business Scenario
Software
Connectivity to GXS Trading Grid
B2B Program Outsourcing
April 6, 2011 | Slide 68 ©2010 GXS, Inc.
And More―GXS Is the Largest Integration Cloud for B2B
April 6, 2011 | Slide 69 ©2010 GXS, Inc.
Thank You for Your Participation!
For More Information:
Phones:
US: 1-800-334-5669, option 3
EMEA: +44 (0) 1932 776047
ASPAC: +852 2884 6088
Japan: +81-3-5574-7545
GXS web sites:
US: www.gxs.com
EMEA: www.gxs.eu
ASPAC: www.gxs.asia.com
Japan: www.gxs.co.jp
Presenters:
John Radko, [email protected]
Rochelle Cohen, [email protected]