Feature Availability
The tables below describe which features are available in EFT Express, Enterprise, and Arcus.
Protocols
Feature | Express | Enterprise | Arcus |
---|---|---|---|
FTP protocol (RFC 959) |
Included |
Included |
Included |
FTP extensions (multi-part, resume, parallel threads, file integrity checking, custom commands, S-Key, PASV port range, UTF-8, customizable banner, command blocking, EBCDIC mode, PASV port range controls, plus more) |
Included |
Included |
Included |
Included |
Included |
Included |
|
SSL certificate management |
Included |
Included |
Included |
SSL control over ciphers, algorithms, and protocols |
Included |
Included |
Included |
All protocols: Real-time session monitoring |
Included |
Included |
Included |
Included | |||
SFTP protocol (https://filezilla-project.org/specs/draft-ietf-secsh-filexfer-02.txt et. al) |
Included |
Included | |
SFTP advanced options (multiple auth methods) |
Included |
Included | |
SFTP key management |
Included |
Included | |
SFTP control over ciphers, algorithms, and protocols |
Included |
Included | |
FIPS - FIPS 140-2 certified cryptographic module |
Included | ||
HTTPS protocol |
Included |
Included | |
HTTPS extensions (various auths including IWA/SSO, configurable headers, compliance with OWASP security guidelines, HSTS support, many other headers,) |
Included |
Included | |
Web client – Built-in web client adds a rich set of features compared to script-driven HTTP/S transfers |
Included |
Included | |
HTTP->HTTPS auto-redirect |
N/A | ||
Included |
Included | ||
Accelerate file transfers using EFT Event Rule Actions (not available after 8.0.5.7) |
N/A |
N/A |
N/A |
AS2 protocol |
N/A |
HTTPS and AS2 | |
AS2 extensions (Message Level Security (MLS), Reliability Profile, Multiple Attachments (MA) profile. |
Authentication (Access Controls)
Feature | Express | Enterprise | Arcus |
---|---|---|---|
EFT-managed accounts |
Included |
Included |
Included |
Active Directory (AD) – native Windows integration (In EFT Arcus, "AD impersonation" is available, but not authentication.) |
Included |
Included |
N/A |
ODBC - leverage any ODBC data source |
Included |
Included |
N/A |
LDAP - authenticate against LDAP sources, including AD |
N/A |
Included |
Included |
SAML (WebSSO) - including Just In Time (JIT) provisioning |
N/A |
Included | |
RADIUS - often used as a two-factor authentication source |
N/A |
Available in the Premium Tier and configured by Support | |
SMS authentication - two-factor authentication (2FA) for WTC and Workspaces (In EFT Arcus, the "out-of-bad" passcode to pick up files is available. "SMS Config" is coming soon.) |
Available in the Premium Tier and configured by Support | ||
RSA SecurID® (native and Steel-Belted Radius (SBR)) |
N/A |
Available in the Premium Tier and configured by Support | |
CAC - Common Access Card authentication |
N/A |
Available in the Premium Tier and configured by Support | |
Secrets module | Included | Included | N/A |
Authorization (Resource Controls)
Feature | Express | Enterprise | Arcus |
---|---|---|---|
AD Impersonation - Active Directory manages permissions |
Included |
Included |
N/A |
EFT managed folder permissions |
Included |
Included |
Included |
Permission groups – templatize sets of permissions |
Included |
Included |
Included |
Virtual folders - map virtual to physical folders including network shares |
Included |
Included |
N/A |
Home folders - designate a home folder and optionally make it the user's root folder |
Included |
Included |
Included |
Set limits - number of logins, connections, file sizes, transfer speeds, disk quotas |
Included |
Included |
Included |
DoS detection algorithms and auto-IP ban logic |
Included |
Included |
Included |
IP access rules - full featured IP access rule manager |
Included |
Included |
Included |
Banned file types - prevent upload of unwanted file types |
Included |
Included |
Included |
Monitor and kick offending users from the server |
Included |
Included |
Included |
Included |
Included |
Included | |
Invalid passwords - controls to auto-lockout, disable, or ban IP |
Included |
Included |
Included |
Password complexity - configure a number of password complexity options |
Included |
Included |
Included |
Password reset - user-initiated or on initial login |
Included |
Included |
Included |
Password reuse - disallow historical (previously used) passwords |
Included |
Included |
Included |
Expire accounts - disable account on a given date |
Included |
Included |
Included |
Expire inactive accounts - disable or remove account after N days of inactivity | ESM | ASM | Included |
Expire passwords - expire passwords after N days | ESM | ASM | Included |
Expiration reminder - email user reminder to change their password | ESM | ASM | Included |
Data sanitization - securely clean deleted data using military grade wiping | ESM | ASM | Included |
Encrypted folders - EFT built-in, secure-data-at-rest Solution |
N/A |
Included |
Included |
EFS - encrypt data at rest using Windows' Streaming repository encryption (EFS) |
N/A | ||
Override VFS credentials | Included | Included | N/A |
OpenPGP - use OpenPGP to encrypt, sign, and decrypt data |
Included | ||
PCI DSS - Site settings to facilitate PCI DSS and other compliance mandates |
Included | ||
DMZ Gateway®- securely proxy transfers through the DMZ |
DMZ
Gateway® |
N/A |
Administration
Feature | Express | Enterprise | Arcus |
---|---|---|---|
Silent installation - unattended setup |
Included |
Included |
N/A |
Administrator GUI - Windows based Graphical User Interface (GUI) |
Included |
Included |
Included |
Remote administration - administrate from other systems in the network |
Included |
Included |
Included |
Secure remote administration - SSL encrypted administration communications |
Included |
Included |
Included |
Multiple administrators - allow concurrent administration |
Included |
Included |
Included |
Secure administration - same password complexity options available for administrators as for users |
Included |
Included |
Included |
Flexible authentication - leverage native, NTLM, or AD to authenticate administrators |
Only LDAP supported | ||
Forensics - audit and report on all administrator activity and changes |
Included | ||
COM API - programmatic administration |
Limited |
Included |
N/A |
Delegated administration - role based administrator accounts with granular permissions |
Server and Site administrator only |
Included |
ServerAdmin N/A |
REST endpoint for querying administrative info and server status |
Included |
Included |
Included |
Backup and Restore - one-click backup and easy restore of entire configuration |
N/A |
Included |
N/A |
Batch account management - perform actions to multiple accounts simultaneously (such as multi-select users to reset their passwords) |
N/A |
Included |
Included |
Specify personal data and privacy settings on a Site and per user |
Included | ||
Generate GDPR DPIA report |
N/A |
Auditing and Visibility
Feature | Express | Enterprise | Arcus |
---|---|---|---|
Logging - flat file log in W3C and other formats |
Included |
Included |
Included |
Monitor transfers in real time |
Included |
Included |
Included |
View historical transfers in the administration interface |
Included |
Included | |
Audit to SQL - audit transactions to a SQL database |
Included | ||
View reports (predefined) |
Included | ||
Create custom reports |
N/A | ||
Audit to Oracle - audit transactions to an Oracle database |
N/A |
N/A | |
Business Activity Monitoring (BAM) - real-time visibility, dashboard, and analytics (Requires ARM) |
N/A |
Automation (Integration with Other Systems)
Feature | Express | Enterprise | Arcus |
---|---|---|---|
React to stimuli - trigger workflows based on file uploads and other server events |
Included |
Included |
Included |
Send email to users or administrators as part of a workflow |
Included |
Included |
Included |
Execute a process, including scripts, as part of a workflow (Custom Commands only in Express and Enterprise) |
Included |
Included |
N/A |
Context variables - use transaction values inside of workflows |
Included |
Included |
Included |
Folder monitor - trigger workflows immediately after files arrive in a monitored folder |
Included |
Restricted to Arcus Site root folder share only | |
Schedule events - trigger workflows on a recurring basis |
Included |
Included | |
Web Services - trigger workflows using Web Service calls; Invoke Web Service from URL |
N/A |
Included |
Included |
Conditional logic - build fine-grained business logic into workflows |
Included |
Included |
Included |
Cleanup Action - securely remove old files based on your organization’s data retention policies |
N/A |
Included |
Included |
Upload and download - push or pull files to remote servers as part of a workflow |
Included |
Included | |
Send pre- and post- commands to mainframe during copy/move actions |
N/A |
Included |
Included |
N/A |
Included |
Included | |
Compress/Decompress files |
Included |
Included |
Included |
User Account Action - for tasks like re-enabling user accounts and compliance requests (for example, HIPAA, GDPR) in which users might ask that an organization remove all traces of their account. |
Included |
Included |
Included |
Advanced workflows - tap into the Advanced Workflow Engine to build sophisticated workflows |
N/A |
Included | |
Integration with antivirus and DLP (Data Loss Prevention) tools to permit or prevent transfers based on policies. NOTE:
|
Included
|
||
Integration with cloud (AWS and Azure) storage; Copy, move, and download from cloud storage |
Included |
Included | |
Ability to monitor and act upon AWS S3 and Azure blob storage activity |
Included |
Included | |
Centralized control for automating transactions originating from distributed systems (Remote Agents), including provisioning, management and Event Rules |
N/A |
Included | |
Reusable connection profiles for use in Event Rules |
N/A |
Included |
Included |
Run PowerShell scripts in Event Rules |
Included |
Included |
N/A |
Move tabular data between programs using Get/Loop from Host Action, and Import/Export to/from Dataset |
Included |
Included |
Coming soon |
Person-to-Person (P2P) File Transfer
Feature | Express | Enterprise | Arcus |
---|---|---|---|
Ad hoc file transfer – Allow authorized users to share files or folders with guest users via Outlook or using EFT’s web interface, for secure P2P file exchange |
Included | ||
Two-way file sharing - recipients provided with multiple methods to securely send files to each other |
Included | ||
Receipt notification - email notification when files are picked up by the recipient |
Included | ||
Pick-up authentication - recipients can be required to verify their identity before downloading files |
Included | ||
Full file tracking - Users and administrators can view complete history of files sent and received |
Included | ||
Centralized policy controls - administrator can set defaults and mandate policies or let authorized users decide |
Included | ||
Mixed mode authentication - optionally authenticate internal employees against AD, while maintaining guest isolation |
LDAP only | ||
Integration with EFT - monitor all ad hoc file transfer activity from EFT |
Included | ||
Request files – Authorized users can generate a request link that guests follow to securely upload files. |
Included | ||
Drop-off files to internal users with no attachment limits |
Included | ||
Manage personal data and privacy settings for GDPR and other privacy rules in the Workspaces client |
Included | ||
Multifactor authentication via email or SMS for client logins |
N/A | ||
Gather metadata for uploads in the client via upload forms |
N/A | ||
Coming soon! |
Architecture
Feature | Express | Enterprise | Arcus |
---|---|---|---|
IPv6 - Full dual stack (IPv4/6 mixed) support |
Included |
Included |
Included |
Virtual - Install on virtual machines, e.g. VMware and Hyper-V |
Included |
Included |
N/A |
Unicode - UTF-8 encoding of filenames and other fields where applicable |
Included |
Included |
Included |
Included |
Included |
Included | |
I/O Completion Ports - Technology that allows for fast performance on Windows systems |
Included |
Included |
Included |
Active-passive clustering - Failover for high availability |
Included |
Included |
N/A |
Active-active, high availability (HA) clustering with two or more EFT servers |
N/A |
Included |
Included |