Embed Size (px)
DESCRIPTION
DEDS Migration to a New Architecture. Impact for Openreach CPs. Guide for CPs using DEDS for downloading/uploading files. Agenda. Introduction to DEDS Need for Change What is changing? How will this happen? What are benefits? As a CP what do I need to change? How can I go about it? - PowerPoint PPT Presentation
Citation preview
DEDS Migration to a New Architecture.Impact for Openreach CPs
Guide for CPs using DEDS for downloading/uploading files.
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the consequences of any action taken by customers in relation to the contents of these slides.
Agenda Introduction to DEDS Need for Change What is changing? How will this happen? What are benefits? As a CP what do I need to change? How can I go about it? What are benefits for CPs? Time ScalesThis presentation does not cover changes for CPs where BT pushes/pulls data from CP server
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the consequences of any action taken by customers in relation to the contents of these slides.
Introduction DEDS – Data Exchange & Distribution Service It provides secure means to exchange data between
BT and CP systems outside BT network. Acts like a post box.
Currently FTP over ISDN or VPN are the means of data exchange with DEDS from CP systems.
DEDS services are used by about 800+ CP accounts and there is growing demand for such service going forward.
New DEDS is under development to replace the existing old and exhausted method of connection to a secure and strategic mechanism .
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the consequences of any action taken by customers in relation to the contents of these slides.
Need for Change ISDN access to DEDS is slow due to limited
bandwidth.
Being older technology, ISDN setup is difficult and costly to maintain in terms of availability of equipment and skills to maintain them.
VPN access is limited by availability of VPN ports on BT firewall. Ports are almost exhausted.
Existing DEDS hardware has scalability limitations.
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the consequences of any action taken by customers in relation to the contents of these slides.
What is changing?
DEDS hardware will be migrated to new scalable Architecture. This hardware will be accessed by CP systems using standard Internet URL calls instead of an IP address.
FTP Secure access with one-way SSL to DEDS is the default mechanism.
DEDS will be exposed to internet with IP filtering applied on BT firewall to accept calls only from registered IPs.
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the consequences of any action taken by customers in relation to the contents of these slides.
What are benefits for CPs? Data transfer through a strategic, secure and Fast channel.
Move from an old ISDN set up to a scalable secured FTP channel which is exposed to the internet. ISDN call charges borne by CP’s would be eliminated.
Maintenance of ISDN, which is an old technology is not required.
Secured FTP clients/server are readily available and many of them are freeware.
Better and faster failover capabilities for DEDS which would ensure minimal loss of service.
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the consequences of any action taken by customers in relation to the contents of these slides.
Background on choosing FTPS
FTPS is a widely used standard alongside SFTP. Each has its own advantages and disadvantages.
Few specific reasons for choosing FTPS:– Chrooting – Required to ensure each CP has isolated working area on DEDS server for Data
Security.– Time bound login – Like CPS, there are other BTW services which are not available 24 * 7. It is
necessary to restrict CP access to DEDS outside of agreed service hours. – Logging – To generate MIS of CP’s upload/download activities. – Command Execution – To ensure CP can execute only certain commands necessary for
transfer of files and restrict potentially harmful commands for health of DEDS.
BT has experience on implementing SSL over HTTP on B2B Gateways and necessary infrastructure for issuance and management of SSL certificates (server or client) is already built.
X509 certificates will be used by BT on DEDS server as Server Certificate. CPs will be provided with necessary CA (certifying authority) certificates and keys to authenticate the same.
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the consequences of any action taken by customers in relation to the contents of these slides.
How will this happen? The change has been planned in phases for
smooth transition from existing system to the new one.
Phase I – The New DEDS to be built on Strategic architecture. It will be accessible over internet using FTPS over one-way
SSL. OLD DEDS and NEW DEDS will co-exist during the agreed
transition period Data synchronization mechanism will be implemented
between old and new DEDS servers. CP transition to new DEDS system will start in this phase (Please refer to following diagram)
How will this happen? Continued…
CP1
Existing DEDS
ISDN / VPN
FTP
Existing Setup
CP2
NEW DEDS
Proposed Setup
FTP Secure
INTERNET
IP FILTERING
Data synchronisation
BT System 1
BT System n
XFB / BDS / FTP
Phase - I
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the consequences of any action taken by customers in relation to the contents of these slides.
How will this happen? Continued…
Phase II – BT systems within BT Intranet will be re-pointed to new DEDS
server. This phase has no CP impact.– Phase III – Data Synchronization mechanism will be disabled/removed. Old DEDS will be de-commissioned and entire service will be
on NEW DEDS only.
How will this happen? Continued…
CP1
Existing DEDS
ISDN / VPN
FTP
Existing Setup
CP2
NEW DEDS
Proposed Setup
FTP Secure
INTERNET
IP FILTERING
Data synchronisation
BT System 1
BT System n
XFB / FTP/FTPS
Phase - II
This phase has NO impact for CP systems
How will this happen? Continued…
CP1
Existing DEDS
ISDN / VPN
FTP
Existing Setup
CP2
NEW DEDS
Proposed Setup
FTP Secure
INTERNET
IP FILTERING
Data synchronisation
BT System 1
BT System n
XFB / FTP/FTPS
Phase - IIPhase - III
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the consequences of any action taken by customers in relation to the contents of these slides.
As a CP what do I need to change? Installation of FTPS clients on the CP server’s. These clients
should as a minimum support one-way SSL.
CPs can use any FTP secure client of their choice. There are many commercially available or freeware clients.(List of samples is available in this slide pack later.)
CP programs executing these downloads/uploads would need a change to integrate with the newly deployed FTP secure client.
CP would access DEDS via Internet connection.
New DEDS server will have a registered DNS URL. This is to improve the failover process. CP programs will need to change so that they FTPS onto new DEDS using this URL.
Decommission the existing ISDN setup.
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the consequences of any action taken by customers in relation to the contents of these slides.
FTP secure client samples CoreFTP Lite (Windows) URL: http://www.coreftp.com
SmartFTP (Windows) URL: http://www.smartftp.com
IglooFTP Pro (Windows, Linux) URL: http://www.iglooftp.com
FlashFXP (Windows) URL: http://www.flashfxp.com
SDI FTP (Windows) URL: http://www.sdisw.com
LFTP (Unix, MacOS X) URL: http://lftp.yar.ru/
RBrowser (MacOS X) URL: http://www.rbrowser.com
FTPTLS (OpenBSD, possibly other Unix as well) URL: http://www-user.tu-chemnitz.de/~grmo/ftptls/ Port: http://www-user.tu-chemnitz.de/~grmo/ftptls/port/ftptls-port.tar.gz
Glub Tech Secure FTP Client (at least Unix, MacOS X and Windows) URL: http://secureftp.glub.com/
NOTE: BT does not recommend any specific product. The list above is for reference only. CPs are requested to take their own informed decision.
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the consequences of any action taken by customers in relation to the contents of these slides.
How can I go about it?
Approach BT account manager/BT front door contact to schedule migration to NEW DEDS.
Complete FTPS client installation & configuration.
FTPS clients are available either commercially or as free-ware.
Test connectivity to BT system with on-ramp server. (Support team will make this available)
Test connectivity to NEW DEDS (Live)
Start using new DEDS!
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the consequences of any action taken by customers in relation to the contents of these slides.
Time scales
Phase-I : This is expected to be ready by end of May-2010
Phase-II : This will start by end of May-2010. No CP impact.
Phase-III : Plan is to start decommission of OLD DEDS by end September 2010, but this is subject to the CP transition plans to be discussed between CPs and BT Account Managers / Product Line leads.
Thank You!
