Feature Availability
The tables below describe which features are available in EFT Express, Enterprise, and Arcus.
Protocols
| Feature | Express | Enterprise | Arcus |
|---|---|---|---|
|
FTP protocol (RFC 959) |
Included |
Included |
Included |
|
FTP extensions (multi-part, resume, parallel threads, file integrity checking, custom commands, S-Key, PASV port range, UTF-8, customizable banner, command blocking, EBCDIC mode, PASV port range controls, plus more) |
Included |
Included |
Included |
|
Included |
Included |
Included |
|
|
SSL certificate management |
Included |
Included |
Included |
|
SSL control over ciphers, algorithms, and protocols |
Included |
Included |
Included |
|
All protocols: Real-time session monitoring |
Included |
Included |
Included |
| Included | |||
|
SFTP protocol (https://filezilla-project.org/specs/draft-ietf-secsh-filexfer-02.txt et. al) |
Included |
Included | |
|
SFTP advanced options (multiple auth methods) |
Included |
Included | |
|
SFTP key management |
Included |
Included | |
|
SFTP control over ciphers, algorithms, and protocols |
Included |
Included | |
|
FIPS - FIPS 140-2 certified cryptographic module |
Included | ||
|
HTTPS protocol |
Included |
Included | |
|
HTTPS extensions (various auths including IWA/SSO, configurable headers, compliance with OWASP security guidelines, HSTS support, many other headers,) |
Included |
Included | |
|
Web client – Built-in web client adds a rich set of features compared to script-driven HTTP/S transfers |
Included |
Included | |
|
HTTP->HTTPS auto-redirect |
N/A | ||
|
Included |
Included | ||
|
Accelerate file transfers using EFT Event Rule Actions (not available after 8.0.5.7) |
N/A |
N/A |
N/A |
|
AS2 protocol |
N/A |
HTTPS and AS2 | |
|
AS2 extensions (Message Level Security (MLS), Reliability Profile, Multiple Attachments (MA) profile. |
Authentication (Access Controls)
| Feature | Express | Enterprise | Arcus |
|---|---|---|---|
|
EFT-managed accounts |
Included |
Included |
Included |
|
Active Directory (AD) – native Windows integration (In EFT Arcus, "AD impersonation" is available, but not authentication.) |
Included |
Included |
N/A |
|
ODBC - leverage any ODBC data source |
Included |
Included |
N/A |
|
LDAP - authenticate against LDAP sources, including AD |
N/A |
Included |
Included |
|
SAML (WebSSO) - including Just In Time (JIT) provisioning |
N/A |
Included | |
|
RADIUS - often used as a two-factor authentication source |
N/A |
Available in the Premium Tier and configured by Support | |
|
SMS authentication - two-factor authentication (2FA) for WTC and Workspaces (In EFT Arcus, the "out-of-bad" passcode to pick up files is available. "SMS Config" is coming soon.) |
Available in the Premium Tier and configured by Support | ||
|
RSA SecurID® (native and Steel-Belted Radius (SBR)) |
N/A |
Available in the Premium Tier and configured by Support | |
|
CAC - Common Access Card authentication |
N/A |
Available in the Premium Tier and configured by Support | |
| Secrets module | Included | Included | N/A |
Authorization (Resource Controls)
| Feature | Express | Enterprise | Arcus |
|---|---|---|---|
|
AD Impersonation - Active Directory manages permissions |
Included |
Included |
N/A |
|
EFT managed folder permissions |
Included |
Included |
Included |
|
Permission groups – templatize sets of permissions |
Included |
Included |
Included |
|
Virtual folders - map virtual to physical folders including network shares |
Included |
Included |
N/A |
|
Home folders - designate a home folder and optionally make it the user's root folder |
Included |
Included |
Included |
|
Set limits - number of logins, connections, file sizes, transfer speeds, disk quotas |
Included |
Included |
Included |
|
DoS detection algorithms and auto-IP ban logic |
Included |
Included |
Included |
|
IP access rules - full featured IP access rule manager |
Included |
Included |
Included |
|
Banned file types - prevent upload of unwanted file types |
Included |
Included |
Included |
|
Monitor and kick offending users from the server |
Included |
Included |
Included |
|
Included |
Included |
Included | |
|
Invalid passwords - controls to auto-lockout, disable, or ban IP |
Included |
Included |
Included |
|
Password complexity - configure a number of password complexity options |
Included |
Included |
Included |
|
Password reset - user-initiated or on initial login |
Included |
Included |
Included |
|
Password reuse - disallow historical (previously used) passwords |
Included |
Included |
Included |
|
Expire accounts - disable account on a given date |
Included |
Included |
Included |
| Expire inactive accounts - disable or remove account after N days of inactivity | ESM | ASM | Included |
| Expire passwords - expire passwords after N days | ESM | ASM | Included |
| Expiration reminder - email user reminder to change their password | ESM | ASM | Included |
| Data sanitization - securely clean deleted data using military grade wiping | ESM | ASM | Included |
|
Encrypted folders - EFT built-in, secure-data-at-rest Solution |
N/A |
Included |
Included |
|
EFS - encrypt data at rest using Windows' Streaming repository encryption (EFS) |
N/A | ||
| Override VFS credentials | Included | Included | N/A |
|
OpenPGP - use OpenPGP to encrypt, sign, and decrypt data |
Included | ||
|
PCI DSS - Site settings to facilitate PCI DSS and other compliance mandates |
Included | ||
|
DMZ Gateway®- securely proxy transfers through the DMZ |
DMZ
Gateway® |
N/A |
Administration
| Feature | Express | Enterprise | Arcus |
|---|---|---|---|
|
Silent installation - unattended setup |
Included |
Included |
N/A |
|
Administrator GUI - Windows based Graphical User Interface (GUI) |
Included |
Included |
Included |
|
Remote administration - administrate from other systems in the network |
Included |
Included |
Included |
|
Secure remote administration - SSL encrypted administration communications |
Included |
Included |
Included |
|
Multiple administrators - allow concurrent administration |
Included |
Included |
Included |
|
Secure administration - same password complexity options available for administrators as for users |
Included |
Included |
Included |
|
Flexible authentication - leverage native, NTLM, or AD to authenticate administrators |
Only LDAP supported | ||
|
Forensics - audit and report on all administrator activity and changes |
Included | ||
|
COM API - programmatic administration |
Limited |
Included |
N/A |
|
Delegated administration - role based administrator accounts with granular permissions |
Server and Site administrator only |
Included |
ServerAdmin N/A |
|
REST endpoint for querying administrative info and server status |
Included |
Included |
Included |
|
Backup and Restore - one-click backup and easy restore of entire configuration |
N/A |
Included |
N/A |
|
Batch account management - perform actions to multiple accounts simultaneously (such as multi-select users to reset their passwords) |
N/A |
Included |
Included |
|
Specify personal data and privacy settings on a Site and per user |
Included | ||
|
Generate GDPR DPIA report |
N/A |
Auditing and Visibility
| Feature | Express | Enterprise | Arcus |
|---|---|---|---|
|
Logging - flat file log in W3C and other formats |
Included |
Included |
Included |
|
Monitor transfers in real time |
Included |
Included |
Included |
|
View historical transfers in the administration interface |
Included |
Included | |
|
Audit to SQL - audit transactions to a SQL database |
Included | ||
|
View reports (predefined) |
Included | ||
|
Create custom reports |
N/A | ||
|
Audit to Oracle - audit transactions to an Oracle database |
N/A |
N/A | |
|
Business Activity Monitoring (BAM) - real-time visibility, dashboard, and analytics (Requires ARM) |
N/A |
Automation (Integration with Other Systems)
| Feature | Express | Enterprise | Arcus |
|---|---|---|---|
|
React to stimuli - trigger workflows based on file uploads and other server events |
Included |
Included |
Included |
|
Send email to users or administrators as part of a workflow |
Included |
Included |
Included |
|
Execute a process, including scripts, as part of a workflow (Custom Commands only in Express and Enterprise) |
Included |
Included |
N/A |
|
Context variables - use transaction values inside of workflows |
Included |
Included |
Included |
|
Folder monitor - trigger workflows immediately after files arrive in a monitored folder |
Included |
Restricted to Arcus Site root folder share only | |
|
Schedule events - trigger workflows on a recurring basis |
Included |
Included | |
|
Web Services - trigger workflows using Web Service calls; Invoke Web Service from URL |
N/A |
Included |
Included |
|
Conditional logic - build fine-grained business logic into workflows |
Included |
Included |
Included |
|
Cleanup Action - securely remove old files based on your organization’s data retention policies |
N/A |
Included |
Included |
|
Upload and download - push or pull files to remote servers as part of a workflow |
Included |
Included | |
|
Send pre- and post- commands to mainframe during copy/move actions |
N/A |
Included |
Included |
|
N/A |
Included |
Included | |
|
Compress/Decompress files |
Included |
Included |
Included |
|
User Account Action - for tasks like re-enabling user accounts and compliance requests (for example, HIPAA, GDPR) in which users might ask that an organization remove all traces of their account. |
Included |
Included |
Included |
|
Advanced workflows - tap into the Advanced Workflow Engine to build sophisticated workflows |
N/A |
Included | |
|
Integration with antivirus and DLP (Data Loss Prevention) tools to permit or prevent transfers based on policies. NOTE:
|
Included
|
||
|
Integration with cloud (AWS and Azure) storage; Copy, move, and download from cloud storage |
Included |
Included | |
|
Ability to monitor and act upon AWS S3 and Azure blob storage activity |
Included |
Included | |
|
Centralized control for automating transactions originating from distributed systems (Remote Agents), including provisioning, management and Event Rules |
N/A |
Included | |
|
Reusable connection profiles for use in Event Rules |
N/A |
Included |
Included |
|
Run PowerShell scripts in Event Rules |
Included |
Included |
N/A |
|
Move tabular data between programs using Get/Loop from Host Action, and Import/Export to/from Dataset |
Included |
Included |
Coming soon |
Person-to-Person (P2P) File Transfer
| Feature | Express | Enterprise | Arcus |
|---|---|---|---|
|
Ad hoc file transfer – Allow authorized users to share files or folders with guest users via Outlook or using EFT’s web interface, for secure P2P file exchange |
Included | ||
|
Two-way file sharing - recipients provided with multiple methods to securely send files to each other |
Included | ||
|
Receipt notification - email notification when files are picked up by the recipient |
Included | ||
|
Pick-up authentication - recipients can be required to verify their identity before downloading files |
Included | ||
|
Full file tracking - Users and administrators can view complete history of files sent and received |
Included | ||
|
Centralized policy controls - administrator can set defaults and mandate policies or let authorized users decide |
Included | ||
|
Mixed mode authentication - optionally authenticate internal employees against AD, while maintaining guest isolation |
LDAP only | ||
|
Integration with EFT - monitor all ad hoc file transfer activity from EFT |
Included | ||
|
Request files – Authorized users can generate a request link that guests follow to securely upload files. |
Included | ||
|
Drop-off files to internal users with no attachment limits |
Included | ||
|
Manage personal data and privacy settings for GDPR and other privacy rules in the Workspaces client |
Included | ||
|
Multifactor authentication via email or SMS for client logins |
N/A | ||
|
Gather metadata for uploads in the client via upload forms |
N/A | ||
| Coming soon! |
Architecture
| Feature | Express | Enterprise | Arcus |
|---|---|---|---|
|
IPv6 - Full dual stack (IPv4/6 mixed) support |
Included |
Included |
Included |
|
Virtual - Install on virtual machines, e.g. VMware and Hyper-V |
Included |
Included |
N/A |
|
Unicode - UTF-8 encoding of filenames and other fields where applicable |
Included |
Included |
Included |
|
Included |
Included |
Included | |
|
I/O Completion Ports - Technology that allows for fast performance on Windows systems |
Included |
Included |
Included |
|
Active-passive clustering - Failover for high availability |
Included |
Included |
N/A |
|
Active-active, high availability (HA) clustering with two or more EFT servers |
N/A |
Included |
Included |