Introduction to EFT Managed File Transfer
More than just a managed file transfer (MFT) solution, Globalscape Enhanced File Transfer (EFT) extends beyond standard MFT to allow you to connect with any industry-standard file-transfer client. With powerful security for meeting business and regulatory requirements, EFT ensures that encrypted transactions occur only with the appropriate entities, and that data confidentiality and integrity are preserved during transport and storage. EFT modular form makes it affordable by allowing you to purchase just the functionality you need, and add advanced features as your business needs change. That is, all module features are available during the trial.
EFT managed file transfer is available for the large enterprise, EFT Enterprise, and for small-to-medium businesses, EFT Express. EFT Arcus is our cloud implementation. You can also deploy EFT in a hybrid environment (both on premises and in the cloud), and deploy EFT Enterprise on an Amazon EC2 instance (virtual server in the cloud).
In EFT v7.4.7- v8.0.6:
-
EFT SMB is now EFT Express
-
The High Security Module is now the Advanced Security Module in EFT Enterprise and the Express Security Module in EFT Express.
-
The Advanced Authentication module features are now part of the Advanced Security Module.
-
The Cloud Connector module (Requires license in Express) and Content Integrity Control features are now part of EFT Enterprise (in Event Rules), rather than separate modules.
Available Modules (Refer to table below to see which features are available in EFT Express, EFT Enterprise, and EFT Arcus)
-
Accelerate module uses a patented implementation of UDP to accelerate file transfers using EFT Event Rule Actions (Copy/Move and Download). (only available in EFT Enterprise, requires additional license)
-
The Advanced Security Module (ASM) achieves or exceeds security practices mandated by government and industry standards such as PCI DSS, HIPAA, and Sarbanes-Oxley for data transfer, access, and storage. The ASM protects data in transit by enforcing the use of secure protocols, strong ciphers and encryption keys, and maintaining strict password policies, and enables organizations to centralize their user access controls, improve productivity, and increase adherence to security policies, and provides administrators with the ability to easily maintain password security in one location to quickly commission and decommission user provisions in one central location. The ASM also provides SAML (WebSSO), RSA SecurID, RADIUS, and CAC support, which allows EFT Enterprise to fit in seamlessly with existing authentication measures, and the Content Integrity Control Action, which uses profiles that contain the antivirus or DLP server connection information. (only available in EFT Enterprise, requires additional license)
-
Advanced Workflow Engine adds additional automation capabilities, allowing you to add scripting and variables to Workflow Tasks, then add these reusable Workflows to Event Rules. A Workflow is a series of steps that can perform file transfers, batch data processing, application testing, and so on, and are defined to run automatically when started by some event. (only available in EFT Enterprise, requires additional license)
-
AS2 module supports the exchange of structured business data securely on top of the HTTP or HTTP/S protocol. (only available in EFT Enterprise, requires additional license)
-
Auditing and Reporting Module (ARM) captures all of the transactions passing through EFT. You can query the data and create/view reports from within EFT's administration interface. (requires additional license)
-
DMZ Gateway® is used in combination with EFT to create a multi-tier security solution for data storage and retrieval. The DMZ Gateway resides at the edge of the network, brokering data between EFT residing behind your corporate firewall and your clients in the outside world. (requires additional license)
-
Express Security Module (ESM) achieves or exceeds security practices mandated by government and industry standards such as PCI DSS, HIPAA, and Sarbanes-Oxley for data transfer, access, and storage. The ESM protects data in transit by enforcing the use of secure protocols, strong ciphers and encryption keys, and maintaining strict password policies. For a list of features in the ESM, refer to Features of the Express Security Module. (Only available in EFT Express, requires additional license)
-
Cloud Connector Module enables you to transfer files to/from cloud services such as AWS and Azure. (Included in EFT Enterprise; requires additional license in EFT Express.)
-
File Transfer Clientmodule enables you to define Copy/Move and Download actions in Event Rules. For example, you could define a rule to trigger when a file is downloaded, so that EFT moves it to another folder. (Included in EFT Enterprise; requires additional license in EFT Express.)
-
Folder Monitor module creates an Event Rule trigger used to detect the creation, deletion, and renaming of files in a monitored folder and to perform Actions based on these triggers. For example, perhaps a weekly report is uploaded to a specific folder. You can define an Event Rule so that when EFT detects that a file has been added to the folder, an email is sent to notify one or more users that the report is available for download. (Included in EFT Enterprise; requires additional license in EFT Express.)
-
HTTPS module allows you to set up a secure connection to anyone in minutes using any Web browser. The HTTPS module adds the HTTP and HTTPS protocols to EFT, enabling you to support browser-based transfers without having to install a Web server. HTTPS encrypts the session data using the SSL (Secure Socket Layer) protocol, which provides protection from eavesdroppers and man-in-the-middle attacks. The Web Transfer Client (WTC) can deploy automatically upon client connection to EFT and can be used by any trading partner using virtually any Web browser. (Included in EFT Enterprise; requires additional license in EFT Express.)
-
Mobile Transfer Client (MTC) mobile application (app) provides a way for your iOS and Android phone and tablet users to connect securely to EFT to upload and download files while providing a number of centrally managed security controls for safeguarding your corporate data. (Included in EFT Enterprise; requires additional licenses in EFT Express.)
-
OpenPGP safeguards data at rest. The OpenPGP data encryption or decryption process is directed by Event Rules that specify how data files are treated in a particular context. EFT uses OpenPGP to encrypt uploaded data and the off-load capabilities of EFT to move the file to another location. (industry-standard, RFC 4880 compliant) (requires additional license)
-
Remote Agent module (RAM) provides centralized control for automating transactions from distributed systems. RAM enables automatic interactions between branch offices, point-of-sale terminals, business partners, field agent laptops, or other remote systems and your EFT server residing in a central location. (available in EFT Enterprise, requires additional license)
-
SFTP is a subset of the popular SSH protocol and is a platform independent, secure transfer protocol. SFTP provides a single connection port for easy firewall navigation, password and public key authentication, and strong data encryption, to prevent login, data, and session information from being intercepted and/or modified in transit. The SFTP module enables EFT to authenticate and transfer data securely with SFTP-ready FTP clients, such as CuteFTP®. (Included in EFT Enterprise; requires additional license in EFT Express.)
-
Timer module allows you to execute a specified Action only one time or repeatedly at specified intervals. For example, you could schedule an Action (e.g., generate and send a report) to occur on July 8 at midnight, or every Monday morning, or on the last Friday of every month at 2 a.m. (Included in EFT Enterprise; requires additional license in EFT Express.)
-
Workspaces allows you to share folders and their files with internal and external users. (requires additional license)
-
Web Transfer Client (WTC) can deploy automatically upon client connection to EFT. The WTC can be used by any trading partner using virtually any Web browser. (Included; requires HTTP/S module in EFT Express)
Additional modules/tools:
-
Insight is a web-based dashboard tool that takes data from the Auditing and Reporting module to provide full visibility into the flow of data through your EFT system. Insight facilitates better governance, with the knowledge and depth of information gleaned from business and operational intelligence. Evaluate data trends over time and gain instantaneous knowledge about the current state of your system.
-
Business Activity Monitoring (BAM) is a web-based monitoring tool that gives you real-time visibility into EFT Enterprise transactions.
-
COM API allows you to interact directly with EFT from your own custom applications using any COM-enabled programming language such as Visual Basic (VB), Java, or C++. You can create a script with the development IDE of your choice.
Feature Availability
The table below describes which features are available in EFT Express, Enterprise, and Arcus.
Click here for a PDF of this table.
| Feature | Express | Enterprise | Arcus |
|---|---|---|---|
|
Protocols |
|||
|
SSL/TLS - secure FTP communications |
Included |
Included |
Included |
|
SSL key manager - manage, import, export, and create SSL certificates |
Included |
Included |
Included |
|
SSL Config - specify ciphers and versions allowed (SSL v2, v3, and TLS v1) |
Included |
Included |
Included |
|
Checkpoint restart - resume interrupted transfers |
Included |
Included |
Included |
|
Compression - inline compression of ASCII files |
Included |
Included |
Included |
|
Reduce transfer time over poor connections by allowing uploaded files to be split apart and transferred in multiple segments simultaneously (COMB) |
Included |
Included |
Included |
|
Verification - guarantee integrity by comparing checksums |
Included |
Included |
Included |
|
Command blocking - prevent unwanted behavior |
Included |
Included |
Included |
|
S-key OTP - One-time-password scheme for plain-text FTP |
Included |
Included |
Included |
|
PASV port range - facilitate FTP connections behind network firewalls |
Included |
Included |
Included |
|
EBCDIC - Used for communicating with legacy systems |
Included |
Included |
Included |
|
UTF-8 - Transfer Unicode filenames over FTP |
Included |
Included |
Included |
|
Session tools - Real-time session monitoring |
Included |
Included |
Included |
|
Customizable - Modify various FTP banners to suit your specific needs |
Included |
Included |
Included |
|
FIPS - FIPS 140-2 certified SSH cryptographic module |
ESM |
Included |
|
|
Key manager - manage, import, export, and create SSH key pairs |
Included |
Included |
|
|
Key types - OpenSSH and SSH.COM (SECSH format) supported |
SFTP |
Included |
Included |
|
Authentication - Any combination of password and/or public key |
SFTP |
Included |
Included |
|
Strong ciphers - 256-bit Twofish, 256-bit AES CBC, and 256-bit AES CTR mode |
SFTP |
Included |
Included |
|
Configurable SSH-protoversion-softwareversion - lower attack footprint |
SFTP |
Included |
Included |
|
FIPS - FIPS 140-2 certified SSH cryptographic module |
SFTP, ESM |
Included |
|
|
Customizable landing portal - Login page can be branded |
Included |
Included |
|
|
Form-based auth - sessions are managed securely by the server |
HTTP/S |
Included |
Included |
|
Basic-auth - standard browser authentication (fallback auth mechanism) |
HTTP/S |
Included |
Included |
|
Session management in accordance with OWASP guidelines |
HTTP/S |
Included |
Included |
|
Password reset in accordance with OWASP guidelines |
HTTP/S |
Included |
Included |
|
Lost username retrieval in accordance with OWASP guideline |
HTTP/S |
Included |
Included |
|
SSO - use the Integrated Windows Authentication (IWA) in Internet Explorer |
HTTP/S |
Included |
Included |
|
Accelerate file transfers using EFT Event Rule Actions |
N/A |
N/A |
|
|
HTTP->HTTPS auto-redirect - increased security through implicit redirection of non-secure connections |
HTTP/S, ESM |
N/A |
|
|
HTTP Strict Transport Security (HSTS) - web security policy to protect websites against protocol downgrade attacks and cookie highjacking |
Included |
Included |
|
|
Web client - Optional web client adds a rich set of features compared to script-driven HTTP/S transfers |
HTTP/S, WTC |
Included |
Included |
|
Mobile client - Provides secure, remote access to your EFT files through HTTPS |
HTTP/S, MTC |
Included |
Included |
|
Multi-directional - service inbound and initiate outbound AS2 transactions |
N/A |
Included |
|
|
Drummond certified - 3rd-party certified equals superior interoperability. |
N/A |
AS2 module |
Included |
|
Message Level Security (MLS) - certificate-based authentication |
N/A |
AS2 module |
Included |
|
Reliability Profile - AS2 extension that increases interoperability |
N/A |
AS2 module |
Included |
|
Multiple Attachments (MA) Profile - AS2 extension that facilitates multiple concurrent transactions |
N/A |
AS2 module |
Included |
|
Authentication (Access Controls) |
|||
|
Native - (proprietary) authentication (EFT-managed authentication) |
Included |
Included |
Included |
|
Active Directory (AD) authentication |
Included |
Included |
N/A |
|
ODBC - leverage any ODBC data source for user authentication |
Included |
Included |
N/A |
|
NTLM - authenticate local system accounts (Choose "Windows AD Authentication" when creating the Site.) |
Included |
Included |
N/A |
|
LDAP - authenticate against LDAP sources, including AD |
N/A |
Included |
Included |
|
SAML (WebSSO) - user interface controls for enabling and configuring SAML for achieving Single Sign On (SSO) for Web-based authentication; associate the IdP-authenticated users with pre-provisioned accounts; Just In Time (JIT) provisioning to create an account for authenticated users, if they do not already exist in EFT |
N/A |
Included |
|
|
RADIUS - often used as a two-factor authentication source |
N/A |
RADIUS, ASM |
Supported |
|
SMS authentication - two-factor authentication using a mobile device to receive a login code (requires SMS software) |
N/A |
Supported |
|
|
RSA SecurID® - 3rd-party access manager that provides two-factor authentication |
N/A |
Included |
|
|
CAC - Common Access Card authentication |
N/A |
Included |
|
|
Authorization (Resource Controls) |
|||
|
AD Impersonation - leverage Active Directory ACLs |
Included |
Included |
Not Supported |
|
Permissions - set folder level permissions or inherit from parent |
Included |
Included |
Included |
|
Permission groups - assign users to permission groups or templates |
Included |
Included |
Included |
|
Virtual folders - map virtual to physical folders including network shares |
Included |
Included |
Included |
|
Home folders - designate a home folder and optionally make it the user's root folder |
Included |
Included |
Included |
|
Set limits - number of logins, connections, file sizes, transfer speeds, disk quotas |
Included |
Included |
Included |
|
Invalid passwords - controls to auto-lockout, disable, or ban IP |
Included |
Included |
Included |
|
Invalid account names - controls to auto-ban offender IP |
Included |
Included |
Included |
|
DoS detection - controls to temporarily or permanently ban suspect IPs |
Included |
Included |
Included |
|
IP access rules - full featured IP access rule manager |
Included |
Included |
Included |
|
Banned file types - prevent upload of unwanted file types |
Included |
Included |
Included |
|
Monitor and kick offending users from the server |
Included |
Included |
Included |
|
Password complexity - configure a large number of complexity options |
Included |
Included |
Included |
|
Password reset - user-initiated or on initial login |
Included |
Included |
Included |
|
Password reuse - disallow historical (previously used) passwords |
Included |
Included |
Included |
|
Expire accounts - disable account on a given date |
Included |
Included |
Included |
|
Expire inactive accounts - disable or remove account after N days of inactivity |
ESM |
Included |
|
|
Expire passwords - expire passwords after N days |
ESM |
Included |
|
|
Expiration reminder - email user reminder to change their password |
ESM |
Included |
|
|
Data sanitization - securely clean deleted data using military grade wiping |
ESM |
Included |
|
|
Encrypted folders - EFT built-in, secure-data-at-rest Solution |
N/A |
Included |
Included |
|
EFS - encrypt data at rest using Windows' Streaming repository encryption (EFS) |
ESM |
Not Supported |
|
|
OpenPGP - use OpenPGP to encrypt, sign, and decrypt data |
OpenPGP |
Included |
|
|
PCI DSS monitor - actively monitor and alert on violations |
ESM, ARM |
ASM, ARM |
Included |
|
PCI DSS report - generate a compliance with a single mouse click |
ESM, ARM |
ASM, ARM |
Included |
|
PCI DSS compensating controls (CCs) - capture and report admin-provided CCs |
ESM, ARM |
ASM, ARM |
Included |
|
PCI DSS setup wizard - walkthrough configuration with PCI DSS in mind |
ESM, ARM |
ASM, ARM |
Included |
|
DMZ Gateway - securely proxy transfers through the DMZ |
DMZ Gateway® |
N/A |
|
|
Administration |
|||
|
Silent installation - unattended setup |
Included |
Included |
N/A |
|
Administrator GUI - Windows based Graphical User Interface (GUI) |
Included |
Included |
Included |
|
Remote administration - administer from other systems in the network |
Included |
Included |
Included |
|
Secure remote administration - SSL encrypted administration communications |
Included |
Included |
Included |
|
Multiple administrators - allow concurrent administration |
Included |
Included |
Included |
|
Secure administration - same password complexity options available for admins |
Included |
Included |
Included |
|
Flexible authentication - leverage native, NTLM, or AD to authenticate administrators |
ESM |
Only LDAP is supported |
|
|
Forensics - audit and report on all administrator activity and changes |
ESM, ARM |
ASM, ARM |
Included |
|
COM API - programmatic administration |
Limited |
Included |
N/A |
|
Delegated administration - role based administrator accounts with granular permissions |
Server and Site admin only |
Included |
Server admin not applicable |
|
REST endpoint for querying administrative info and server status |
Included |
Included |
Included |
|
Backup and Restore - one-click backup and easy restore of entire configuration |
N/A |
Included |
N/A |
|
Batch account management - perform actions to multiple accounts simultaneously |
N/A |
Included |
N/A |
|
Auditing and Visibility |
|||
|
Logging - flat file log in W3C and other formats |
Included |
Included |
Included |
|
Monitor inbound transfers in real time |
Included |
Included |
|
|
Audit to SQL - audit transactions to a SQL database |
ARM |
ARM |
Included |
|
View reports - choose from pre-built or build your own |
ARM |
ARM |
Included |
|
Audit to Oracle - audit transactions to an Oracle database |
N/A |
ARM |
Included |
|
Monitor outbound transfers in real time |
N/A |
Included |
Included |
|
Business Activity Monitoring (BAM) - real-time visibility, dashboard, and analytics (Requires ARM) |
N/A |
N/A |
|
|
Automation (Integration with other systems) |
|||
|
React to stimuli - trigger workflows based on file uploads and other server events |
Included |
Included |
Included |
|
Send email to users or administrators as part of a workflow |
Included |
Included |
Included |
|
Execute a process, including scripts, as part of a workflow |
Included |
Included |
Included |
|
Context variables - use transaction values inside of workflows |
Included |
Included |
Included |
|
Hot folders - trigger workflows when files arrive in a monitored folder |
Folder Monitor |
Included |
Included |
|
Schedule events - trigger workflows on a recurring basis |
Timer Module |
Included |
Included |
|
Web Services - trigger workflows using WS calls; Invoke Web Service from URL |
N/A |
Included |
Included |
|
Conditional logic - build fine-grained business logic into workflows |
N/A |
Included |
Included |
|
Clean up - securely clean target folders from within a workflow |
N/A |
Included |
Included |
|
Offload and download - push or pull files to remote servers as part of a workflow |
File Transfer Client module |
Included |
Included |
|
Send pre- and post- commands to mainframe during copy/move actions |
N/A |
Included |
Included |
|
N/A |
Included |
Included |
|
|
Compress/Decompress files |
N/A |
Included |
Included |
|
User Account Action - for things like compliance (e.g., HIPAA, GDPR) requests in which users might ask that an organization remove all traces of their account. |
Included |
Included |
Included |
|
Advanced workflows - tap into the Advanced Workflow Engine to build sophisticated workflows |
N/A |
Included |
|
|
Integration with antivirus and DLP (Data Loss Prevention) tools to permit or prevent transfers based on policies. |
N/A |
Included |
|
|
Integration with cloud (AWS and Azure) storage; Copy, move, and download from cloud storage |
Cloud Control Module |
Included |
Included |
|
Ability to monitor and act upon AWS S3 and Azure blob storage activity |
Cloud Control Module |
Included |
Included |
|
Centralized control for automating transactions from distributed systems (Remote Agents), including provisioning, management and Event Rules |
N/A |
Included |
|
|
Reusable connection profiles for use in Event Rules |
N/A |
Included |
Included |
|
Automatic interactions between branch offices, point-of-sale terminals, business partners, field agent laptops, or other remote systems and your EFT server residing in a central location. |
N/A |
Included |
|
|
Logging for AWS S3 and Azure blog storage to EFT.log |
N/A |
Included |
Included |
|
Person-to-person file transfer |
|||
|
Ad hoc file transfer - secure file transfer available either via Outlook Add-in or web interface |
HTTP/S, Workspaces |
Included |
|
|
Two-way file sharing - recipients provided with multiple methods to send files back |
HTTP/S, Workspaces |
Workspaces |
Included |
|
Receipt notification - email notification when files are picked up by the recipient |
HTTP/S, Workspaces |
Workspaces |
Included |
|
Pick-up authentication - recipients can be required to verify their identity before downloading files |
HTTP/S, Workspaces |
Workspaces |
Included |
|
Full file tracking - Users and administrators can view complete history of files sent and received |
HTTP/S, Workspaces |
Workspaces |
Included |
|
Centralized policy controls - administrator can enforce varying levels of required usage policies |
HTTP/S, Workspaces |
Workspaces |
Included |
|
Active directory authentication - authentication internal users using AD |
HTTP/S, Workspaces |
Workspaces |
LDAP |
|
Integration with EFT - monitor all ad hoc file transfer activity from EFT |
HTTP/S, Workspaces |
Workspaces |
Included |
|
Complete customization - easily customize ad hoc web interface |
HTTP/S, Workspaces |
Workspaces |
Included |
|
Share folders/files with others; invite others to share (Workspaces via browser and EFT Outlook Add-In) |
HTTP/S, Workspaces |
Workspaces |
Included |
|
Request files via Workspaces |
HTTP/S, Workspaces |
Workspaces |
Included |
|
Send file in email from Workspaces with Secure Message Body |
HTTP/S, Workspaces |
Workspaces |
Included |
|
Architecture |
|||
|
IPv6 - Full dual stack (IPv4/6 mixed) support |
Included |
Included |
Included |
|
Virtual - Run on virtual machines, e.g. VMware and Hyper-V |
Included |
Included |
N/A |
|
Unicode - UTF-8 encoding of filenames and other fields where applicable |
Included |
Included |
Included |
|
IDN - Internationalized domain name support |
Included |
Included |
Included |
|
I/O Completion Ports - Technology that allows for tremendous performance on Windows systems |
Included |
Included |
Included |
|
Active-passive clustering - Failover for high availability |
N/A |
Included |
N/A |
|
Active-active, high availability (HA) clustering with 3 or more EFT Enterprise licenses |
N/A |
Included |
Included |
|
Supported on Windows Server 2012, 2016, 2019 |
Included |
Logo certified |
N/A |