IBM Sterling Connect:Direct 5.

3 Overview IBM

Documentation
Version 5.3.0
IBM Sterling Connect:Direct 5.3 Overview IBM

Documentation
Version 5.3.0
This edition applies to Version 5 Release 3 of IBM® Connect:Direct and to all subsequent releases and modifications
until otherwise indicated in new editions.
© Copyright IBM Corporation 1993, 2016.
US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
Contents
Chapter 1. What is IBM Sterling Sterling Connect:Direct Secure Plus . . . . . 13
Connect:Direct? . . . . . . . . . . . 1 Sterling Secure Proxy . . . . . . . . . . 14
Sterling Connect:Direct Servers and Clients . . . . 2 Enterprise Management with Sterling Control
Sterling Connect:Direct User Interfaces . . . . . 3 Center . . . . . . . . . . . . . . . . 15
Process Integration with Sterling B2B Integrator . . 16
Unattended File Management with Sterling
Chapter 2. Working With Sterling Connect:Direct File Agent. . . . . . . . . . 17
Connect:Direct . . . . . . . . . . . . 5 Other Tools/Options to Extend Capabilities . . . 17
Local Node Definition . . . . . . . . . . . 5 Additional Sterling Connect:Direct Products . . . 18
Remote Node Definitions . . . . . . . . . . 6 Speciality Product: SWIFTNet . . . . . . . . 19
Defining the Work Sterling Connect:Direct Will
Perform . . . . . . . . . . . . . . . . 6 Notices . . . . . . . . . . . . . . 21
Process Language. . . . . . . . . . . . 7
Trademarks . . . . . . . . . . . . . . 23
Creating Sterling Connect:Direct Processes . . . 8
Terms and conditions for product documentation. . 24
Managing the Work . . . . . . . . . . . . 9
Tools to Help You Manage Processes . . . . . 10

Chapter 3. Extending the Capabilities

of Sterling Connect:Direct . . . . . . 13
Enhanced Security . . . . . . . . . . . . 13

© Copyright IBM Corp. 1993, 2016 iii

iv IBM Sterling Connect:Direct 5.3 Overview: Documentation
Chapter 1. What is IBM Sterling Connect:Direct?
IBM® Sterling Connect:Direct® is point-to-point (peer-to-peer) file-based integration
middleware meant for 24x7 unattended operation, which provides assured
delivery, high-volume, and secure data exchange within and between enterprises. It
is optimized for high performance and throughput and moves files containing any
type of data (text, EDI, binary, digital content, image) across multiple platforms,
disparate file systems, and disparate media. It is used by many industries
throughout the world to move large volumes of data and for connecting to remote
offices.

Benefits

Sterling Connect:Direct offers the following benefits:

v Predictability—Assures delivery via automated scheduling, checkpoint restart,
and automatic recovery/retry. If a data transmission is interrupted, the
transmission tries to restart at a predefined interval for a configured amount of
time. All activity and statistics are logged so that there are verifiable audit trails
of all actions.
v Security—Ensures customer information stays private through a proprietary
protocol and offers basic security through authentication and user proxies.
Supports a comprehensive cryptographic solution (IBM Sterling Connect:Direct
Secure Plus) that provides strong mutual authentication using X.509 certificates,
SSL, and TLS data encryption, and data integrity checking. For more information
about Sterling Connect:Direct Secure Plus and other products that enhance
Sterling Connect:Direct's security model, see Chapter 3, “Extending the
Capabilities of Sterling Connect:Direct,” on page 13.
v Performance—Handles the most demanding loads, from high volumes of small
files to terabyte files.

Features

Sterling Connect:Direct offers the following features:

v Provides automation through easy-to-use Process definition. Multi-step Processes
manage data movement as well as pre- and post-processing.
v Provides automation through scripting, scheduling, and watch directories.
v Automatically establishes connection to remote server when data is ready for
transfer. Automatic session retry re-establishes an interrupted connection; work
resumes at the point of failure.
v Offers flexible security options to control access to data, network, or system
resources. Interfaces to operating system and vendor-supplied access control and
security software.
v Supports a comprehensive cryptographic solution (Sterling Connect:Direct Secure
Plus).
v Supports local and remote administration, configuration, and Process
management through a browser user interface.
v Supports non-intrusive integration to existing applications through the
Command Line Interface (CLI), which can be used in batch files or scripts. Also
supports direct use by applications through APIs.

© Copyright IBM Corp. 1993, 2016 1

 v Provides a complete audit trail of data movement through extensive statistics
logs.
v Supports extensive configuration options for flexibility of deployment,
management of network resources and optimization of data transfer
performance.
v Provides optional data compression that is configurable for maximum
compression or optimal use of system resources.
v Supports all major file types, media, and record formats across multiple
platforms. Data exchange is independent of content.

Platforms

Typically, Sterling Connect:Direct is installed on a mainframe, UNIX, or Microsoft

Windows server at a central processing site and is used to communicate with other
Sterling Connect:Direct sites in the business's network. Sterling Connect:Direct
offers multi-platform implementations tailored to each of the following operating
systems:
v z/OS®
v UNIX (Sun, HP UX, AIX®, Linux)
v Microsoft Windows
v OpenVMS
v HP NonStop (Tandem)
v VM
v i5/OS (OS/400®)

Sterling Connect:Direct Servers and Clients

A Sterling Connect:Direct client is used to communicate with a Sterling
Connect:Direct server regarding the work that will be performed. Sterling
Connect:Direct offers the following types of client interfaces: Web browser
interface, graphical user interface (GUI), command line client (CLI), and panels.

Each data transfer involves a local and a remote Sterling Connect:Direct server
(also referred to as nodes). The two servers work together to perform the work in a
peer-to-peer relationship. The server initiating the connection is the primary node
(PNODE) for the connection, and the server receiving the connection is the
secondary node (SNODE). A Sterling Connect:Direct server can manage multiple
concurrent connections with other Sterling Connect:Direct servers and can act as
both a PNODE and an SNODE.

The following figure shows the relationships between Sterling Connect:Direct

clients and servers during peer-to-peer sessions:

2 IBM Sterling Connect:Direct 5.3 Overview: Documentation

Sterling Connect:Direct User Interfaces
The following user interfaces serve as clients to Sterling Connect:Direct servers:
v Sterling Control Center provides a system-wide view of your Sterling
Connect:Direct servers that enables you to monitor and manage your resources
from a central location, including the capability of managing your Sterling
Connect:Direct server configurations.
v Sterling Connect:Direct Browser User Interface allows you to create, submit, and
monitor Sterling Connect:Direct Processes from an Internet browser, such as
Microsoft Internet Explorer or Mozilla Firefox. You can also perform Sterling
Connect:Direct system administration tasks, such as viewing and changing the
network map or initialization parameters (with the appropriate authority level).
The specific administration tasks that you can perform depend on the Sterling
Connect:Direct platform that your browser is signed on to and your security
level.
Sterling Connect:Direct Browser User Interface can be used as a client for
Sterling Connect:Direct for Microsoft Windows, UNIX, z/OS, and HP NonStop
servers.
v Command Line Interface allows you to issue Sterling Connect:Direct commands
and monitor Sterling Connect:Direct Processes. CLIs are available in Sterling
Connect:Direct for Microsoft Windows, UNIX, HP NonStop, and OpenVMS.
v Some platforms contain panel-driven user interfaces, such as the Sterling
Connect:Direct for z/OS ISPF Interactive User Interface.
Chapter 1. What is IBM Sterling Connect:Direct? 3
 v Application programming interfaces (APIs) in Sterling Connect:Direct enable
customers to tie-in their applications to Sterling Connect:Direct.

4 IBM Sterling Connect:Direct 5.3 Overview: Documentation

Chapter 2. Working With Sterling Connect:Direct
To perform work in your enterprise, Sterling Connect:Direct relies on building
blocks of information that define the local and remote nodes, users who can access
those nodes, and the functions they can perform.

Local Node Definition

During installation, you define a local node for Sterling Connect:Direct. The local
node definition specifies information, such as the operating system, default user
ID, TCP/IP address, and port number. After installation, you can change the local
node’s settings and define remote nodes. In addition to the default user ID you
specify for a local node, you can add other users who will access that node.

Local User Authorities

After you define a user ID for each user who has access to the local node, you can
restrict the ability of each user to perform certain tasks by defining user authorities
for each user ID. For example, you can permit a user to submit a Process but not
to monitor or delete Processes.

Sterling Connect:Direct has two types of users: administrators and general users,
and each type has a set of default privileges. You can use these user templates to
assign user authorities and restrict user privileges. Local user authorities provide
one type of authentication in Sterling Connect:Direct. An alternative method of
authentication is available using remote user proxies. For a listing of the default
authorities for each type, see the product documentation for your Sterling
Connect:Direct platform.

Remote User Proxies

User proxy definitions (referred to as secure point of entry on the mainframe)
contain remote user information for operations initiated from remote Sterling
Connect:Direct nodes. These definitions identify a proxy relationship between a
user ID at a remote Sterling Connect:Direct node and a local user ID. This
mapping of remote and local user IDs enables users at remote Sterling
Connect:Direct nodes to submit work to the local Sterling Connect:Direct node
without explicitly defining user IDs and passwords in the Processes, eliminating
the need to share passwords with your trading partners. User proxies also define
what each user ID can do on the local Sterling Connect:Direct node.

Configuration Settings for the Local Node

Initialization parameters determine various Sterling Connect:Direct settings that

control system operation. The initialization parameters are created when you install
Sterling Connect:Direct and can be updated as needed. Some of these settings may
be overwritten in the netmap, user authorities, user proxies, and Processes.

© Copyright IBM Corp. 1993, 2016 5

Remote Node Definitions
The Network Map, or netmap, is created during the Sterling Connect:Direct
installation that identifies the remote nodes that each local node can communicate
with and the communication information needed to establish a connection. You
create a remote node entry in the network map for each remote node that the local
node communicates with. Each network map entry contains information about the
remote node, such as the remote node name, operating system, session
characteristics for a protocol, and transfer and protocol information about the
available communications paths and their attributes.

Netmap Checking

In addition to defining the remote nodes that communicate with the Sterling
Connect:Direct node, the network map can be used to perform a security function.
Netmap checking verifies that inbound sessions are from a node defined in the
network map; if the node is not in the network map, the connection fails.

Defining the Work Sterling Connect:Direct Will Perform

The Sterling Connect:Direct Process language provides instructions that tell Sterling
Connect:Direct the work to perform in your enterprise. A Sterling Connect:Direct
Process contains special statements and parameters that perform data movement
and manipulation activities such as:
v Moving files between different Sterling Connect:Direct servers
v Running jobs, programs, and commands on the Sterling Connect:Direct server
v Starting other Processes
v Monitoring and controlling Processes
v Handling processing errors

Processes can be linked to network and application activities, generating a

continuous cycle of processing. For example, a network message can trigger a file
transfer that is used by another application. As a Process executes and after it
completes, audit information is available to analyze and use for future processing.

Processes contain parameters that control Process attributes such as:

v Scheduling information—Setting a Process to run at a specific day and time.
Processing can be scheduled to run automatically at a specified date or interval,
without any operator intervention.
v Integration with existing security systems—Specifying user IDs and passwords
within a Process that allow it to work within your existing network security
system.
v Data transmission integrity—Specifying checkpoint and restart intervals within a
file transmission so that if a transmission fails, it restarts automatically from the
most recent checkpoint.
v Compression—Performing data compression for Copy operations for shorter
transfer times.
v User notification—Automatically notifying users of successful and unsuccessful
transfers.

These parameters can be specified within the actual Process or you can specify
them when you submit the Process. Any parameters you provide when you submit
a Process override the parameters coded in the Process.

6 IBM Sterling Connect:Direct 5.3 Overview: Documentation

Process Language
A Sterling Connect:Direct Process uses its own scripting language that defines the
work that you want the Process to do. The following are the statements used in
Sterling Connect:Direct Processes:

Statement Description
PROCESS Defines general Process characteristics. This statement is always the first
statement in a Process. Among the items the Process statement specifies
are:
v The name of the secondary node in the Process
v The Process priority
v When to start the Process
v Who to notify upon completion
v Whether Sterling Connect:Direct should keep a copy of the Process to
execute in the future
COPY Performs a data transfer. The COPY statement also specifies various file
transfer options, including:
v File allocation
v File disposition options
v File renaming
v Data compression options
RUN JOB Submits a job or application to the host operating system. The Process
continues running and does not wait for the submitted job or application
to complete. This is known as asynchronous processing.
RUN TASK Submits a job or application to the host operating system. The Process
waits for the job or application to complete before continuing. If the job or
application does not complete, the rest of the Process does not run. This is
known as synchronous processing.
SUBMIT Submits a Process from within another Process. The SYMBOL statement
enables Processes to be modular. This enhances processing flexibility, as
you can modify Process modules as necessary without altering the master
Process.
SYMBOL Replaces symbolic strings within a Process with parameter values. The
SYMBOL statement eliminates the need to hardcode file names and values
within a Process. Instead, the SYMBOL statement allows values to be
substituted within a Process, enabling a Process to be reused for different
file transfers.
Conditional Controls Process execution by testing Process step return codes with
(IF, EIF, ELSE, conditional logic statements. For example, if a file transfer successfully
EXIT, GOTO) completes, the Process can use the SUBMIT statement to initiate a second
Process. If the file transfer fails, the Process can send an error message to
the operator.
pend Indicates the end of a Process. This statement is only valid for Sterling
Connect:Direct for UNIX, OpenVMS, and Microsoft Windows.

The Process statement must be the first statement in a Process. The statements after
the Process statement can follow in any sequence. Each statement uses parameters
to control Process activities such as execution start time, user notification, security,
or accounting data. These parameters can be specified within the Process or you
can specify them when you submit the Process. The parameters for a statement
vary according to platform.

Chapter 2. Working With Sterling Connect:Direct 7

 The following example shows a Process that copies a file from UNIX to z/OS. The
Process was initiated from the UNIX node. The ckpt parameter specifies that no
checkpoints will be taken:

zOSxx process snode=zOS.node

startt = (Monday, 08:30:00 am)
notify = unixuser@unixhost
step01 copy from (file=file1
pnode)
ckpt=no
to (file=file2
dcb=(dsorg=PS,
recfm=FB,
lrecl=80,
blksize=2400)
space=(TRK,(1,,))
snode
disp=rpl)
pend

Detailed information about Sterling Connect:Direct Processes is available in the

IBM Sterling Connect:Direct Process Language Reference Guide.

Creating Sterling Connect:Direct Processes

After you define your business need, you can create a Process for execution in the
following ways:
v Through the Process Builder feature of the Sterling Connect:Direct Browser User
Interface, a Web-based interface to a Sterling Connect:Direct server. The Sterling
Connect:Direct Browser User Interface is distributed with Sterling Connect:Direct
and Sterling Control Center.
The Process Builder is a GUI that enables you to build, modify, and save
Processes. The Process Builder handles Sterling Connect:Direct Process syntax
rules automatically. The Process Builder eliminates the typographical mistakes
made when creating Processes with a text editor. You can also validate Process
syntax and submit completed Processes from the Process Builder.
You can use the Process Builder to modify Processes created with a text editor.
Likewise, Processes created with the Process Builder feature can be edited with a
text editor.
v Through the Sterling Connect:Direct Requester for Microsoft Windows, which is
a graphical interface to Sterling Connect:Direct for Microsoft Windows.
v A text file that is submitted to a Sterling Connect:Direct server through a batch
utility, command line, or a user written program through the Sterling
Connect:Direct Application Program Interface (API).
v Through the Sterling Connect:Direct for z/OS IUI. See the Sterling Connect:Direct
for z/OS User Guide for information about the IUI.

8 IBM Sterling Connect:Direct 5.3 Overview: Documentation

Managing the Work
After you create Processes, you submit them for execution. The following
illustration shows how a Process executes:

The following table explains the Process steps:

Step Description
Process submitted A user submits a Process from a Sterling Connect:Direct Process
library or from the Sterling Connect:Direct Browser User Interface.
Process syntax The parser within Sterling Connect:Direct verifies the Process syntax.
parsed

Chapter 2. Working With Sterling Connect:Direct 9

 Step Description
Process sent to If the Process passes syntax checking, it is placed in the appropriate
Transmission work queue according to Process parameters, such as priority, class,
Control Queue and start time. The Sterling Connect:Direct work queues are jointly
(TCQ) referred to as the TCQ. A Process is in one of the following states in
the TCQ:
v EXECUTION—The Process is executing.
v WAIT—The Process is waiting until a connection with the SNODE
is established or available. Processes in the WAIT queue state may
also be waiting for their turn to execute on an existing session.
v HOLD—Process execution is on hold. The Process may have been
submitted with a HOLD or RETAIN parameter. The Process is
held on the queue until released by an operator or the SNODE
connects with a request for held work. The HOLD queue state
also applies to Processes that stop executing when an error occurs.
v TIMER—The Process was submitted with a STARTT parameter
that designates the time, date, or both that the Process should
execute. Processes that initially failed due to inability to connect
with the SNODE or because of a file allocation failure can also be
in this queue state waiting for their retry interval to expire. Such
Processes will retry automatically.

A queued Process can be queried and manipulated through Sterling

Connect:Direct commands such as SELECT, CHANGE, DELETE,
FLUSH, and SUSPEND PROCESS. For complete information on the
Sterling Connect:Direct commands and the various queues, refer to
the Sterling Connect:Direct user's guide for your platform.

A message indicating that the Process was submitted successfully is

created when the Process is placed into the TCQ. The Process
statements have been checked for syntax, but the Process may not
have been selected for execution.
Process Executes The Process is selected for execution based on Process parameters
and the availability of the SNODE.

Tools to Help You Manage Processes

Sterling Connect:Direct provides tools to allow you to manage Processes. These
tools include:
v Process Monitor—Use this tool to view Processes in the Transmission Control
Queue (TCQ), release held Processes, change the status of a Process, and delete a
Process.
v Process Notification Utility—Use this utility to change the notification method
you defined when you installed Sterling Connect:Direct to notify users of
Process execution.
v Message Lookup—If you need to troubleshoot the meaning of an error message,
use this utility to view more explanation about an error message.
v SNMP—If you want to use SNMP to capture messages, you can identify which
messages you want to include and determine if messages are trapped or logged
to the event log.
v CRC checking—A cyclic redundancy check (CRC) determines whether the data
that Sterling Connect:Direct receives over the network has been altered in
transmission or not. To ensure data integrity during the transmission, a CRC is
generated for the entire buffer, including the header. CRC checking works by
calculating a short, fixed-length binary sequence for each block of data and

10 IBM Sterling Connect:Direct 5.3 Overview: Documentation

 sending/storing them together. When a block is read or received, the calculation
is repeated. If the new CRC does not match the one calculated earlier, Sterling
Connect:Direct stops the Process execution and restarts the Process from the last
checkpoint record. CRC checking can only be performed for TCP/IP Processes
and cannot be enabled when running Sterling Connect:Direct Secure Plus,
because data integrity is a native part of Sterling Connect:Direct Secure Plus.
v CLI—The command line interface (CLI) provides commands to access queues
and manage Processes. These commands enable you to control Process
execution, view Process status and results, and affect the Sterling Connect:Direct
server. Issue these commands through or in a native command text format
through the Applications Programming Interface (API).
v Sterling Connect:Direct Browser User Interface—Sterling Connect:Direct Browser
User Interface allows you to build, submit, and monitor Sterling Connect:Direct
Processes from an Internet browser, such as Microsoft Internet Explorer. You can
also perform Sterling Connect:Direct system administration tasks, such as
viewing and changing the network map or initialization parameters, from
Sterling Connect:Direct Browser User Interface. The specific administration tasks
that you can perform depend on the Sterling Connect:Direct platform that your
browser is signed on to and your security level.
v —Sterling Connect:Direct File Agent is a feature of Sterling Connect:Direct that
provides unattended file management. Sterling Connect:Direct File Agent
monitors watched directories to detect new files. When Sterling Connect:Direct
File Agent detects a new file, it either submits a default Process or evaluates the
file using rules to override the default Process and to determine which Process
to submit. You create rules to submit different Processes based on the following
properties:
– Specific or partial file names
– File size
– System events

Chapter 2. Working With Sterling Connect:Direct 11

12 IBM Sterling Connect:Direct 5.3 Overview: Documentation
Chapter 3. Extending the Capabilities of Sterling
Connect:Direct
You can extend capabilities of Sterling Connect:Direct through the IBM Sterling
Managed File Transfer (MFT) suite of products and options, including:
v IBM Sterling Connect:Direct Secure Plus
v IBM Sterling Secure Proxy
v IBM Sterling External Authentication Server
v IBM Sterling Certificate Wizard
v IBM Sterling Control Center
v IBM Sterling B2B Integrator
v IBM Sterling Connect:Direct File Agent
v IBM Sterling File Accelerator
v IBM Sterling Connect:Direct Select
v IBM Sterling Connect:Direct FTP+
v IBM Sterling Connect:Direct for SWIFTNet for Microsoft Windows and IBM
Sterling Connect:Direct for SWIFTNet for UNIX

Enhanced Security
Sterling Connect:Direct contains basic security consisting of user authentication and
user proxies that enable you to control who has access to the Sterling
Connect:Direct server and what actions they are allowed to perform. Enhanced
security is available through the following additional MFT products.

Sterling Connect:Direct Secure Plus

For a more complete, full-security solution, the Sterling Connect:Direct Secure Plus
is available. This option of Sterling Connect:Direct enables you to select the
security protocol to use to secure data during electronic transmission: Transport
Layer Security (TLS) or Secure Sockets Layer protocol (SSL). These protocols
provide three levels of security:
v The first level of security is server authentication. It is activated when a trading
partner connects to a Sterling Connect:Direct server. After the initial handshake,
the Sterling Connect:Direct server sends its digital certificate to the trading
partner. The trading partner checks that it has not expired and that it has been
issued by a certificate authority the trading partner trusts.
v The second level of security, called client authentication, requires that the trading
partner send its own certificate. If enabled, the Sterling Connect:Direct server
requests certificate information from the trading partner, after it returns its
certificate information. If the client certificate is signed by a trusted source, the
connection is established.
v The third level of security requires that a certificate common name be verified.
The Sterling Connect:Direct Secure Plus server searches the certificate file it
receives from the trading partner and looks for a matching certificate common
name. If the server cannot find the certificate common name, communication
fails.

Sterling Connect:Direct Secure Plus includes the following encryption algorithms:

© Copyright IBM Corp. 1993, 2016 13

 v Symmetric—AES, DES, 3DES, RC4
v Asymmetric—RSA
v FIPS—Leverages Crypto-C, which is IBM's FIPS 140-2 validated security module
on the UNIX, Microsoft Windows, and z/OS platforms and leverages the IBM
eServer™ cryptographic coprocessor on the mainframe. The following
FIPS-validated algorithm implementations are supported in Sterling
Connect:Direct Secure Plus:
– DES, FIPS 46-3, NIST Certificate #160
– 3DES, FIPS 46-3, NIST Certificate #100
– SHA-1, FIPS 180-1, NIST Certificate #89
– AES, FIPS 197, NIST Certificate #5
– DSA, FIPS 186-2, NIST Certificate #70
FIPS compliance can be achieved with Sterling Connect:Direct only by installing
Sterling Connect:Direct Secure Plus and enabling FIPS mode on the supported
platforms.

Sterling Secure Proxy

For further security of your Sterling Connect:Direct network, you can use IBM
Sterling Secure Proxy as an application proxy in your DMZ. When used as a
reverse proxy, Sterling Secure Proxy ensures that the node has the authority to
connect. If the node is authorized, the proxy provides a session break and
establishes a new connection to connect to the Sterling Connect:Direct node inside
the company.

As a forward proxy, it allows an internal node to connect to a Sterling

Connect:Direct node outside of your secure environment. The internal node
connects to the forward proxy in the DMZ. The forward proxy then sends
connection information to the external Sterling Connect:Direct node. The session
break ensures that the company node is protected and does not have a direct
connection to the external node. The external Sterling Connect:Direct node is
unaware that Sterling Secure Proxy is deployed and believes it is connecting to the
internal Sterling Connect:Direct node.

Sterling Secure Proxy also provides user authentication to ensure that the external
node is authorized to connect to Sterling Secure Proxy. As an extension of user
authentication, you can use IBM Sterling External Authentication Server to make
use of an external database, such as Active Directory or Lightweight Directory
Access Protocol (LDAP), to perform Sterling Connect:Direct node authentication
and certificate authentication.

Sterling Secure Proxy also provides the following security features:

v SSL or TLS using certificates—Ensures that the connection between Sterling
Secure Proxy and the internal and external nodes uses SSL or TLS.
v Support for Hardware Security Modules (HSM)—Stores and protects your
certificates.
v Support for connection routing—Allows you to route incoming connections
using the following methods:
– Direct Routing—Routes incoming connections directly to the trusted company
server.
– PNODE routing—Allows the inbound node to determine what SNODE it
connects to.

14 IBM Sterling Connect:Direct 5.3 Overview: Documentation

 – Certificate-based routing—Allows Sterling Secure Proxy to determine the
internal server to route the connection to, based on the distinguished name in
the certificate.
v Support for step injection—Allows you to insert Sterling Connect:Direct Process
statements into the communications session with the SNODE independent of the
PNODE Process statements. These injected statements can provide real-time
notification of file delivery, invoke applications, run operating system jobs and
commands, and submit other Sterling Connect:Direct Processes, all without the
need to provide an exit program on the SNODE or without changing the
PNODE Process. The results of these steps are logged in the statistics file of the
SNODE.

In addition to providing proxy services for Sterling Connect:Direct, Sterling Secure

Proxy also provides proxy support to for FTP, SFTP (SSH), HTTP, and HTTPS,
allowing you to extend your managed file transfer enterprise to IBM Sterling B2B
Integrator and IBM Sterling File Gateway.

IBM Sterling External Authentication Server

You can use Sterling External Authentication Server together with Sterling Secure
Proxy to implement extended authentication and validation services for your IBM
products. The Sterling External Authentication Server is a separate,
GUI-configurable application that allows you to validate certificates against
certificate revocation lists (CRLs). You can also configure multifactor authentication
using SSL client certificates, SSH keys, user ID and password, and client IP address
as factors. You can enable application outputs to allow you to map attributes, such
as login credentials that are returned to a query, to outputs you specify.

Enterprise Management with Sterling Control Center

Sterling Control Center provides centralized management and monitoring of
large-scale, distributed Sterling Connect:Direct server environments. It enables you
to enhance operational productivity and improve the quality of service for Sterling
Connect:Direct file transfers and activities in your environment from one central
location through:

Service Level Management

v Helps answer the questions, “Where is my file?” and “Are my service level
agreements being met?” by providing a system-wide view of all your Sterling
Connect:Direct servers across different platforms and locations in real time
v Allows you to monitor the overall health of the environment through server
status indicators
v Allows you to setup an early warning system for exceptions regarding critical
processing windows and server events in the form of proactive notifications
(e-mails, SNMP traps, and GUI alerts)
v Helps you ensure that your file transfer environment is functioning at the level
you need it to by consolidating information for throughput analysis, capacity
planning, post-processing operational or security audits, and workload analysis
v Allows you to release or delete Sterling Connect:Direct Processes from a central
location

Asset Management
v Helps answer the questions, “Where is my Sterling Connect:Direct software
installed and running?” and “Is it in compliance with license agreements?”

Chapter 3. Extending the Capabilities of Sterling Connect:Direct 15

 v Helps you track network assets by capitalizing on its server monitoring
capabilities. A feature called Guided Node Discovery (also called Node
Discovery) lets you find all Sterling Connect:Direct servers that a managed
Sterling Connect:Direct server communicates with.
v Helps you ensure that your server licenses are up to date and facilitates license
distribution to the managed Sterling Connect:Direct servers in your
environment.

Configuration Management
v Helps you answer the questions, “Are my Sterling Connect:Direct servers
configured correctly?” and “Do they comply with our security policy?”
v Provides a centralized, simplified means of managing the configurations of your
Sterling Connect:Direct for UNIX, Microsoft Windows, and z/OS servers by:
– Providing a common interface for managing and auditing Sterling
Connect:Direct server configurations
– Normalizing parameters across platforms that might have different names
and value pairs
– Providing platform-specific syntax checking and easy-access tooltip help
– Providing a means for updating, viewing, auditing, and tracking versions
(including rollback functionality) of configuration data for Sterling
Connect:Direct servers, such as netmap nodes, functional authorities, and
initialization parameters
– Generating an audit log that identifies all changes that are made to the
configuration and who makes them

Process Integration with Sterling B2B Integrator

Sterling B2B Integrator enables a business to define business processes in a
software application and route data between enterprise systems using different
protocols and formats.

The IBM Sterling B2B Integrator - Connect:Direct Service Adapter is a component

of Sterling B2B Integrator that allows Sterling B2B Integrator to act like a Sterling
Connect:Direct server, sending and receiving data using the Sterling Connect:Direct
protocol. The adapter enables you to use files from a Sterling Connect:Direct server
in a Sterling B2B Integrator business process and to create business processes that
exchange files with a Sterling Connect:Direct server.

Sterling Connect:Direct and Sterling B2B Integrator Processes

Sterling Connect:Direct and Sterling B2B Integrator each have their own version of
a process. Sterling Connect:Direct uses a Process statement to initiate a session
with another Sterling Connect:Direct node and then uses specific statements to
perform tasks and make requests on that node.

Sterling B2B Integrator uses business process services to initiate a session with
another Sterling Connect:Direct node to perform tasks and make requests on that
node. It is possible to use Sterling B2B Integrator business processes to handle
complex processes such as order fulfillment, invoicing, inventory, and other
processes that require data exchange and business integration.

These business processes enable you to transfer your files, or business documents,
to internal processing activities and to trading partners, exchanges, and customers.

16 IBM Sterling Connect:Direct 5.3 Overview: Documentation

Unattended File Management with Sterling Connect:Direct File Agent
Sterling Connect:Direct File Agent is a component of Sterling Connect:Direct that
provides unattended file management. It provides monitoring and detection
capabilities that enhance the automation you accomplish with Sterling
Connect:Direct Processes.

You can configure Sterling Connect:Direct File Agent to operate in either of the
following ways:
v Watch for any file to appear in one or more watched directories and submit a
default Sterling Connect:Direct Process after detecting the newly added file.
v Override the default Sterling Connect:Direct Process specified and apply either
watched file event rules or system event rules that are enabled for the
configuration. If the criteria for a rule are met, Sterling Connect:Direct File Agent
submits the Sterling Connect:Direct Process associated with that rule.
v You can create Sterling Connect:Direct File Agent rules based on the following
properties:
– Full or partial name of the file detected in a watched directory. The watched
directory can be a local directory on the Sterling Connect:Direct server or a
network drive.
– Size of the file detected in a watched directory
– System event title or contents

File Agent is distributed with Sterling Connect:Direct for UNIX, Microsoft

Windows, and z/OS.

Other Tools/Options to Extend Capabilities

There are several tools/options that extend the functionality available in Sterling
Connect:Direct, including:
v Amazon S3 Cloud Storage support
v Connect:Direct Web Services
v IBM® Aspera® High-Speed Add-on for Connect:Direct®
v Connect:Direct Application Interface for Java
v Microsoft Windows SDK
v SNMP Agent
v Clustering Solutions

Sterling File Accelerator

The IBM Sterling File Accelerator is a UDT (UDP-based Data Transfer) solution
that provides faster file transfers for high-volume files than TCP over high-speed
networks with high latency.

Please consider the following known restriction when using UDT:

v Under conditions of high CPU usage, a Sterling Connect:Direct Process running
over UDT may be interrupted by a lost connection. If the connection is lost, the
Process is retried. The frequency of connections lost due to high CPU usage can
be reduced by restricting the number of concurrent UDT sessions through
netmap session limits.
v All UDT SNODE connections must be defined in your netmap so that the node
name can be used to specify the SNODE in a Process statement. You cannot use

Chapter 3. Extending the Capabilities of Sterling Connect:Direct 17

 an IP address and port number to specify the SNODE in a Process statement if
you want to connect to a remote node using UDT.
v UDT is not supported in a load balancing environment.
v UDT is not supported with FASP.

Microsoft Windows SDK

The Software Development Kit can be used to integrate Sterling Connect:Direct

operations into your company's applications. The SDK uses a 32-bit interface for C
and C++ as well as an OLE automation server for Visual Basic applications. The
SDK also provides ActiveX controls for Submit Process and Select Statistics
commands. The tools available in the SDK include: C API functions, C++ Class
interface, ActiveX control interface, direct automation servers, and user exits.

SNMP Agent

The SNMP Agent is a proxy agent that enables a Sterling Connect:Direct server to
provide information to SNMP network management stations, which provides
access to the following information:
v General condition of the Sterling Connect:Direct server
v Alerts for events requiring further investigation, such as possible security
violations, failing Processes, and session failure.

Clustering Solutions

IBM provides support for clustered environments such as IBM Sysplex, Symantic
Veritas, Sun Solaris Cluster, and Microsoft Cluster Server.

Additional Sterling Connect:Direct Products

You can extend the capabilities of a single Sterling Connect:Direct server with IBM
Sterling Connect:Direct Select and IBM Sterling Connect:Direct FTP+.

Sterling Connect:Direct Select

Sterling Connect:Direct Select provides reliable and secure unattended data

delivery between remote sites where Sterling Connect:Direct is installed.

In its basic configuration, a Sterling Connect:Direct Select node sends files from a
watch directory or e-mail inbox to a Sterling Connect:Direct server and receives
files from the Sterling Connect:Direct server. You can also configure Sterling
Connect:Direct Select to send files to other computers as e-mail attachments, to
route files to multiple destinations, and to perform additional processing on
received files.

Sterling Connect:Direct FTP+

Sterling Connect:Direct FTP+ is a solution that is designed to operate as simply as

common FTP. It provides a simple, reliable, and secure way to transfer files
between a Sterling Connect:Direct server at a central processing center and remote
sites. Sterling Connect:Direct FTP+ operates like an FTP client. It can initiate send
or receive operations with the Sterling Connect:Direct server, but the server cannot
initiate transfers with Sterling Connect:Direct FTP+. The complete FTP command

18 IBM Sterling Connect:Direct 5.3 Overview: Documentation

 set is supported, whether from a command line or a script. Commands that do not
have equivalent Sterling Connect:Direct operations are accepted and an appropriate
message is generated.

While Sterling Connect:Direct FTP+ is as simple to use as common FTP, it provides

additional benefits not available in FTP. These include:
v Assured, reliable data delivery. Sterling Connect:Direct FTP+ has checkpoint and
restart capability. All activity and statistics are logged, so there are verifiable
audit trails of all actions.
v Secure data delivery. Sterling Connect:Direct FTP+ is compatible with Sterling
Connect:Direct Secure Plus, so that data can be safely sent in an encrypted
format, safe from hackers and data thieves.
v Data integrity checking. Sterling Connect:Direct ensures the integrity of the
transferred data and verifies that no data is lost during transmission.
v Seamless integration into Sterling Connect:Direct environments. Because Sterling
Connect:Direct FTP+ is an IBM product, it is easily integrated into existing
Sterling Connect:Direct networks, with minimal changes required to the Sterling
Connect:Direct server.

You can install Sterling Connect:Direct FTP+ on Microsoft Windows, UNIX, or

Linux computers.

Speciality Product: SWIFTNet

IBM Sterling Connect:Direct for SWIFTNet for UNIX and IBM Sterling
Connect:Direct for SWIFTNet for Microsoft Windows are special Sterling
Connect:Direct solutions that were developed to work with SWIFTNet, which is a
highly secure, proprietary network in Europe used by financial institutions. The
Sterling Connect:Direct for SWIFTNet solution supports the FileAct (real-time file
transfer service) SWIFT service.

Chapter 3. Extending the Capabilities of Sterling Connect:Direct 19

20 IBM Sterling Connect:Direct 5.3 Overview: Documentation
Notices
This information was developed for products and services offered in the US. This
material might be available from IBM in other languages. However, you may be
required to own a copy of the product or product version in that language in order
to access it.

IBM may not offer the products, services, or features discussed in this document in
other countries. Consult your local IBM representative for information on the
products and services currently available in your area. Any reference to an IBM
product, program, or service is not intended to state or imply that only that IBM
product, program, or service may be used. Any functionally equivalent product,
program, or service that does not infringe any IBM intellectual property right may
be used instead. However, it is the user's responsibility to evaluate and verify the
operation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matter
described in this document. The furnishing of this document does not grant you
any license to these patents. You can send license inquiries, in writing, to:

IBM Director of Licensing

IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
US

For license inquiries regarding double-byte character set (DBCS) information,

contact the IBM Intellectual Property Department in your country or send
inquiries, in writing, to:

Intellectual Property Licensing

Legal and Intellectual Property Law
IBM Japan Ltd.
19-21, Nihonbashi-Hakozakicho, Chuo-ku
Tokyo 103-8510, Japan

INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS

PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of
express or implied warranties in certain transactions, therefore, this statement may
not apply to you.

This information could include technical inaccuracies or typographical errors.

Changes are periodically made to the information herein; these changes will be
incorporated in new editions of the publication. IBM may make improvements
and/or changes in the product(s) and/or the program(s) described in this
publication at any time without notice.

Any references in this information to non-IBM websites are provided for

convenience only and do not in any manner serve as an endorsement of those

© Copyright IBM Corp. 1993, 2016 21

 websites. The materials at those websites are not part of the materials for this IBM
product and use of those websites is at your own risk.

IBM may use or distribute any of the information you provide in any way it
believes appropriate without incurring any obligation to you.

Licensees of this program who wish to have information about it for the purpose
of enabling: (i) the exchange of information between independently created
programs and other programs (including this one) and (ii) the mutual use of the
information which has been exchanged, should contact:

IBM Director of Licensing

IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
US

Such information may be available, subject to appropriate terms and conditions,

including in some cases, payment of a fee.

The licensed program described in this document and all licensed material
available for it are provided by IBM under terms of the IBM Customer Agreement,
IBM International Program License Agreement or any equivalent agreement
between us.

The performance data and client examples cited are presented for illustrative
purposes only. Actual performance results may vary depending on specific
configurations and operating conditions.

Information concerning non-IBM products was obtained from the suppliers of

those products, their published announcements or other publicly available sources.
IBM has not tested those products and cannot confirm the accuracy of
performance, compatibility or any other claims related to non-IBMproducts.
Questions on the capabilities of non-IBM products should be addressed to the
suppliers of those products.

Statements regarding IBM's future direction or intent are subject to change or

withdrawal without notice, and represent goals and objectives only.

All IBM prices shown are IBM's suggested retail prices, are current and are subject
to change without notice. Dealer prices may vary.

This information is for planning purposes only. The information herein is subject to
change before the products described become available.

This information contains examples of data and reports used in daily business
operations. To illustrate them as completely as possible, the examples include the
names of individuals, companies, brands, and products. All of these names are
fictitious and any similarity to actual people or business enterprises is entirely
coincidental.

COPYRIGHT LICENSE:

This information contains sample application programs in source language, which

illustrate programming techniques on various operating platforms. You may copy,
modify, and distribute these sample programs in any form without payment to

22 IBM Sterling Connect:Direct 5.3 Overview: Documentation

 IBM, for the purposes of developing, using, marketing or distributing application
programs conforming to the application programming interface for the operating
platform for which the sample programs are written. These examples have not
been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or
imply reliability, serviceability, or function of these programs. The sample
programs are provided "AS IS", without warranty of any kind. IBM shall not be
liable for any damages arising out of your use of the sample programs.

Each copy or any portion of these sample programs or any derivative work must
include a copyright notice as shown in the next column.

© 2015.
Portions of this code are derived from IBM Corp. Sample Programs.
© Copyright IBM Corp. 2015.

Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of
International Business Machines Corp., registered in many jurisdictions worldwide.
Other product and service names might be trademarks of IBM or other companies.
A current list of IBM trademarks is available on the web at "Copyright and
trademark information" at www.ibm.com/legal/copytrade.shtml.

Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered
trademarks or trademarks of Adobe Systems Incorporated in the United States,
and/or other countries.

IT Infrastructure Library is a registered trademark of the Central Computer and

Telecommunications Agency which is now part of the Office of Government
Commerce.

Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo,
Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or
registered trademarks of Intel Corporation or its subsidiaries in the United States
and other countries.

Linux is a registered trademark of Linus Torvalds in the United States, other

countries, or both.

Microsoft, Windows, Windows NT, and the Windows logo are trademarks of
Microsoft Corporation in the United States, other countries, or both.

ITIL is a registered trademark, and a registered community trademark of the Office

of Government Commerce, and is registered in the U.S. Patent and Trademark
Office.

UNIX is a registered trademark of The Open Group in the United States and other
countries.

Java™ and all Java-based trademarks and logos are trademarks or registered
trademarks of Oracle and/or its affiliates.

Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the

United States, other countries, or both and is used under license therefrom.

Notices 23
 Linear Tape-Open, LTO, the LTO Logo, Ultrium and the Ultrium Logo are
trademarks of HP, IBM Corp. and Quantum in the U.S. and other countries.

Connect Control Center®, Connect:Direct®, Connect:Enterprise®, Gentran®,

Gentran®:Basic®, Gentran:Control®, Gentran:Director®, Gentran:Plus®,
Gentran:Realtime®, Gentran:Server®, Gentran:Viewpoint®, Commerce™, Information
Broker®, and Integrator® are trademarks, Inc., an IBM Company.

Other company, product, and service names may be trademarks or service marks
of others.

Terms and conditions for product documentation

Permissions for the use of these publications are granted subject to the following
terms and conditions.

Applicability

These terms and conditions are in addition to any terms of use for the IBM
website.

Personal use
You may reproduce these publications for your personal, noncommercial use
provided that all proprietary notices are preserved. You may not distribute, display
or make derivative work of these publications, or any portion thereof, without the
express consent of IBM.

Commercial use

You may reproduce, distribute and display these publications solely within your
enterprise provided that all proprietary notices are preserved. You may not make
derivative works of these publications, or reproduce, distribute or display these
publications or any portion thereof outside your enterprise, without the express
consent of IBM.

Rights

Except as expressly granted in this permission, no other permissions, licenses or

rights are granted, either express or implied, to the publications or any
information, data, software or other intellectual property contained therein.

IBM reserves the right to withdraw the permissions granted herein whenever, in its
discretion, the use of the publications is detrimental to its interest or, as
determined by IBM, the above instructions are not being properly followed.

You may not download, export or re-export this information except in full
compliance with all applicable laws and regulations, including all United States
export laws and regulations.

IBM MAKES NO GUARANTEE ABOUT THE CONTENT OF THESE

PUBLICATIONS. THE PUBLICATIONS ARE PROVIDED "AS-IS" AND WITHOUT
WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING
BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY,
NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE.

24 IBM Sterling Connect:Direct 5.3 Overview: Documentation

Notices 25
IBM®

Product Number: 5655-X01

Printed in USA