GlobalSCAPE EFT Server Authentication does not rely on outside sources for user information. All information in the authentication database is:
Protected from the operating system
Contained within the .aud file located in the EFT Server installation folder (by default, stored in C:\Program Files\GlobalSCAPE\EFT)
Encrypted, and can only be modified through EFT Administrator
To create a Site
The Site Setup wizard appears after you complete the Server Setup wizard; otherwise, in EFT Administrator, click Configuration > Create New Site, or right-click anywhere in the Server's tree, then click Create New Site.
Do one of the following:
To create a PCI DSS HS-enabled Site, refer to Creating a PCI DSS-Enabled Site
To create a standard Site, click Use default security level for this Site.
If PCI DSS compliance is not a requirement, use the default security level. You manually configure advanced security options later, if needed.
Click Next. The Site Setup wizard Welcome page appears.
In the Site Name box, type a name a distinguishing name for the Site. MySite appears by default, but you can change this to anything you want.
In the Listening IP box, select a specific IP address or keep the (less secure) default of All Incoming if you are unsure of the IP addresses that will be allowed to connect. You can specify IP addresses later.
Click Next. The Site Root Folder page appears.
In the Site root box, click Browse to specify the root folder, or keep the default displayed in the box.
In the Additional options area, select the check boxes as needed:
Select the Create UNIX-style subfolders check box to create Usr, Pub, Bin, and Incoming folders with appropriate permissions under the root folder. This is only necessary if you are trying to mimic a typical default *nix EFT Server setup.
Select the Automatically assign home folders to newly created users to automatically create a user folder under \Site Root\Usr\ when a new user is added, named with their username. For example, a new username jbug has the folder \Site Root\Usr\jbug.
Click Next. The User Authentication page appears.
In the Authentication type list, keep the default of GlobalSCAPE EFT Server Authentication.
Click Next. The EFT Server Authentication page appears.
The default path to store the user database appears in the box. If you want to store the user database in a different location, type the path in the box or click the open icon to find and select or create it.
Click Next. The Perimeter Network Security page appears.
Specify whether to connect the Site to EFT Server's DMZ Gateway.
If you choose to connect to DMZ Gateway, specify its IP address and port, then click Test Connection. If the DMZ Gateway is properly configured, the test is successful. If the test is not successful, click and I'm not using the DMZ Gateway configure it later.
If you have not yet installed or configured DMZ Gateway, click I'm not using the DMZ Gateway - or I'll configure it later.
Click Next. The Connection Protocols page appears.
Select one or more check boxes for the protocol(s) that this Site will use to connect to EFT Server and specify the port number for each protocol. The default ports appear in the boxes.
Click SSL options to define the allowed SSL versions and ciphers or skip this step and leave the defaults.
Click SSL certs to specify the SSL certificate to use for this Site. The SSL Certificate Options page appears.
To create a certificate, click Create certificate and follow the prompts in the wizard. (Refer to Creating Certificates for details, if necessary.)
To use an existing certificate:
In the Certificate box, type the path to the .crt file or click the open icon to find and select it.
In the Private key box, type the path to the .key file or click the open icon to find and select it.
In the Certificate passphrase and Confirm passphrase boxes, type and confirm the passphrase for the certificate pair.
Click Next to return to the Protocols page.
If you do not enable SSL, you will not be able to connect to EFT Server from a remote EFT Administrator. See SSL Certificate-Based Login, Creating Certificates, Importing a Certificate into the Trusted Certificate Database, and Importing Certificates from Microsoft IIS 5 for information regarding certificates. If you are using Secure Ad Hoc Transfer, you need to configure remote access to EFT Server. |
If you choose SFTP, the SFTP options are configured automatically. Optionally, click SFTP options and SFTP keys to configure a different SFTP key pair, encryption algorithms, and MAC algorithms. (All algorithms are selected by default.)
If you choose AS2 over HTTP/S, click Configure to specify your AS2 identifier and certificate information. You can keep the default, click the open icons to specify a different certificate pair, or click Create certificate to create a new certificate pair, then click OK.
Click Next. The Site Setup Completed page appears.
You are offered the option of continuing to the User Creation wizard or quitting the wizard. Click an option, then click Finish.
If you chose Run New User Creation wizard, the User Creation wizard Welcome page appears.
You can run the Site Setup wizard again at any time to create additional Sites. You can view and modify Site configuration in EFT Administrator.