• open panel
  • Home
  • Posts Tagged'mail express'

Posts Tagged ‘mail express’

Globalscape Mail Express and EFT Disaster Recovery Practices

By Eric Hall – Globalscape Channel Engineer Executive

How to maximise uptime of Globalscape solutions, especially EFT and Mail Express, when dealing with a disaster in the Production data centre. This is an important topic that either doesn’t get enough attention or is discussed in terms limited to either Disaster Recovery or uptime within a single data centre, one or the other only. I want to make sure the topic of Disaster Recovery is addressed as thoroughly as possible, and hope you will find this useful to keep for later reference.

With the current generation of Globalscape solutions, we strongly recommend either an Active-Active configuration made possible by the EFT Sync Tools or an automated Active-Passive (failover) cluster. Both options minimise downtime in the Production data centre during any interruptions in service due to failure or maintenance of the hardware, software, or OS. The Active-Passive configuration is supported out of the box, and it’s easy for EFT to be installed into this kind of failover cluster once it’s been set up. The installer will actually prompt you to specify whether it’s being installed in a cluster and will generally walk you through the extra steps required.

Some organisations have a high tolerance for downtime and are very unusual in that they have a seamless, high-bandwidth, low-latency integration of a secondary data centre with their primary data centre (often separated by only short distances over dark fibre, for instance). Those organisations may choose to get away with using their “disaster recovery” environment as the fail-over instance in lieu of a proper cluster. In reality, it’s rare that customers actually have the infrastructure to make this a reality. Even more rarely does this work in a manner that’s nearly as neat and tidy as they might expect, but it is theoretically possible.

For actual disaster recovery, where the primary data centre has been rendered unusable due to some natural disaster or otherwise a massive power or connectivity outage, there are two primary approaches.

 
1)      Warm (some would call it “Hot”) – As a reminder, Globalscape now offers its EFT Sync Tools to regularly synchronise configurations between EFT installations, which is ideal for those who need a more seamless and “Warm” DR implementation. If there is a constant connection between the Production and DR data centres, then you can use the EFT Sync Tools to keep the DR installation up to date with the Production configuration. Some would call this a “Hot” backup, but that requires all of the surrounding services to also be up and running, and you typically do not want an EFT Enterprise continually attempting to accomplish Scheduled or Folder Monitor tasks against resources that may not be active and up to date. The EFT Sync Tools allow you to specify on which EFT installation various rules run, so that you can be sure any rules you don’t want running on the DR server are left alone until the appropriate time.

Using this approach intended for a Disaster Recovery scenario is what may allow you to potentially use it as a failover for simple maintenance or failure occurrences, but it is still not the kind of seamless and automatic failover achieved with MSCS on Server 2008 R2 and 2012 nor an Active-Active approach made possible by the EFT Sync Tools.

This option is often the best, offering a high degree of confidence and value.

 
2)      Cold – Without the EFT Sync Tools, the next best option is a “cold” DR implementation, which is workable but more complicated. For this you would configure EFT Enterprise to periodically make a backup of the configuration not just locally but also to the remote server (ideally it will have connectivity to drop the file off through a shared folder on the DR EFT Enterprise server’s hard drive). This can be once a day or every 5 minutes, depending on how extreme the requirement and how often changes are realistically going to be applied to the production server’s configuration. This is one of the many reasons larger organisations should invest in EFT Enterprise, as the Standard version does not offer this kind of enterprise-minded capability.

When such a disaster occurs, the otherwise idle or sleeping EFT Enterprise in the DR data centre would need to be restored to the latest known-good configuration from the production environment. Keep in mind that for all the operations that require other resources (ARM, authentication sources, DMZ Gateways, shared folders to monitor, etc.) the DR environment must be well configured to appear functionally the same, which is a good reason for the use of name resolution rather than manually typing in hardcoded IP addresses. Additionally, remember that EFT will not replicate user data, database content, or anything other than configuration and operational data.

There are two ways to “restore” the latest production configuration onto the DR server. First, a human administrator can start the service, log into the administrative interface, and select File > Restore Server Configuration to start the wizard. Once it’s completed, it will be up and running with the production server’s configuration, and you can start directing incoming connections to that server.

Second, you can automate the process by creating a script or application to programmatically restore the configuration in a predetermined way. We’ve actually done some of that work by throwing together a hypothetical example script (Backup and BackupEx) we provide for free from our Help File. You would need to edit that script for it to be applicable to your particular environment, but we’ve gotten the ball rolling to help that process along.

Again, I advise against trying to use a DR site as a substitute for a proper highly available implementation (Active-Active via EFT Sync Tools or Active-Passive via MSCS), but it is do-able to create a very well groomed and orderly configuration and environment replication, as long as you can tolerate the additional downtime required to kick off and complete the process.

Please do not hesitate to contact Pro2col should you wish to discuss the design or implementation of DR in your environment.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Globalscape Mail Express Integration with EFT

By Eric Hall – Globalscape Channel Engineer Executive

What does Mail Express integration really mean? What benefits does it offer to those looking for both a back-end automated MFT solution as well as a solution to make available large or sensitive file sharing between people via email? Might it make sense in some cases to combine EFT Server with Mail Express? I’ll address the Top 3 key points below.

Globalscape Mail Express Reporting Window1)    Reporting – All the information required by IT personnel on their users’ activities is already available in the Mail Express database. Mail Express includes some reporting and auditing capabilities out of the box. However, those reports are more suited to drilling down to individual packages for auditing and spot-checking, and if you have EFT already, then it’s an additional place you have to go to for reports. Many of our existing EFT customers voiced that they preferred EFT’s Auditing and Reporting Module (ARM) reporting style and capabilities, especially as integrated with EFT’s ability to generate reports on a scheduled basis and either store them in PDF format or embed them as HTML into an email sent periodically to the appropriate parties. So we expanded Mail Express to communicate its activities to EFT so that they can be recorded to ARM and reported on in the same set of reports already available for SAT. If you have EFT 6.5 with ARM, and you add Mail Express 3.3, you can optionally integrate the two together for consolidated reporting. These reports are all available under the list of built-in reports as “Activity – Ad Hoc …” with the various flavours supporting it. If the customer has not completed the upgrade to Mail Express and is still running SAT somewhere in their organisation, these reports will be combined, ensuring a smooth transition.

Globalscape Mail Express Automation2)     Automation – One piece of functionality not offered out of the box by Mail Express on its own is the ability to automate processes on files being sent via Mail Express. Unlike EFT, where files tend to be moving through EFT to their final destination on, files sent via Mail Express are effectively parked in the Mail Express storage, waiting for the recipients to authenticate themselves and retrieve the individual files or complete package. This makes it well situated to allow antivirus and Data Loss Prevention solutions to passively scan the files on writing or reading from disk.

However, not all storage systems are so conveniently configured. Therefore you now have the ability to leverage EFT’s simple and powerful Event Rule system to automate processes as required by company or regulatory policy. Do files need to be retained for a period of time? Copy them to an eDiscovery or archival storage area. You can even encrypt and sign them to compress the files for long-term storage and ensure the file integrity to both protect the contents and avoid tampering. Do AV or DLP scans need to be run? Use EFT to call the appropriate utilities either directly via command line using a Command or invoke their DLLs programmatically with the Advanced Workflow Engine (AWE).

Whatever the requirement, you can now leverage EFT to make sure that need is fulfilled. And of course all such automated activity will also be recorded by EFT to the auditing database with ARM.

For example, as in the screenshot shown here, I have:

  1. Created an “On File Uploaded Rule”
  2. Added the condition so that it is only triggered if the upload has occurred where the Protocol is “Ad hoc Over HTTP/S Protocol” which is how it defines an upload through Mail Express
  3. Execute a “DLP Scan” command invoking a command line DLP tool
  4. As long as the scan does not fail, copy the uploaded file to an archive directory
  5. Encrypt (and compress) the archive copy

3)      Configuration – In the spirit of avoiding the duplication of effort, having to make the same changes multiple times or in multiple places, Mail Express can now synchronise its configuration with EFT, if desired. You do not have to do this at all, of course, but it’s available for those who find it valuable.

NOTE: Only 32-bit Mail Express installations can communicate with EFT. Mail Express is now included in the EFT installer, and that included version is the 32-bit version for precisely that reason.

There are three key configuration areas that Mail Express can synchronise with EFT: SMTP server details, DMZ Gateway connections, and SSL certificates. These configurations may be synchronised wholesale, or the administrator may pick and choose the specific aspects of the configuration that will be appropriate. For example, for the SMTP settings, you may wish to synchronise the host address, port, and so on, so that if it ever changes for EFT it will automatically change for Mail Express, but you may want to modify the “From” address so that email notifications sent by Mail Express do not appear to be sent by EFT. Or for another example, the DMZ Gateway configuration may need to use the same host address that EFT is using but use a different port in order to attach to the Mail Express specific DMZ Gateway profile. Each aspect of the various configurations is available to be synchronised or not, as desired. See the Mail Express help page for more information.

This integration helps make Mail Express and EFT even more complete and powerful duo when implemented together, and we intend to continue expanding this integration and leveraging the dynamic capabilities of Mail Express to increase the value of our solutions.

Have any questions? Would you like some further clarification? Please don’t hesitate to let Pro2col know on 0333 123 1240.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Dropbox Alternative – Day Two at InfoSecurity Europe

With the sun beating down outside you could have been mistaken in thinking the IT community would stay away from Earls Court, but day two of InfoSec was packed.

Pro2col had the pleasure of assisting on the Globalscape stand, on what is traditionally the busiest day. With Chaz and Chris Thacker both providing demos the stand was busy and the message was coming through loud and clear; IT Professionals want a Dropbox Alternative.

A study by security distributor e92plus that I read at the show highlighted that some 76% of IT Professionals in the UK had Dropbox at the top of its list of banned Globalscape and Pro2col at Infosec
technologies. This was very much reflected by the conversations we had and the demonstrations of Globalscape solutions provided.

The most popular solution by far was Mail Express. Visitors loved the web based functionality and MicroSoft Outlook plugin. The Drop Off Portal also proved a big success as IT admins learned how they could provide a hands off facility for large files to come into the business without the need for setting up FTP accounts or clogging up email servers with attachments.

If you’d like to learn more about how Globalscape solutions could help your business Replace Dropbox, contact Globalscape’s UK Master Partner here.

Share on TwitterShare on FacebookShare on LinkedIn+1
 
© Pro2col Ltd 2012 | Terms of Sale | Privacy Policy | Sitemap
Part of the Pro2col Group