datasheet eft smb and eft enterprise feature … pdf/datasheet_eft... · globalscape eft™ is...
TRANSCRIPT
Globalscape EFT™ is available in small-to-medium business SMB and Enterprise platforms. Each is built on the same foundation and offers similar core functionality to enable organizations to receive files from business partners or end users over a variety of Internet standard protocols, such as FTP/S, SFTP, and HTTP/S. Add-on modules are available to both products that extend auditing from simple flat-file logging to database driven auditing and customizable reports; provide advanced security controls typically needed by organizations that must comply with security standards such as PCI DSS, HIPAA, or SoX; facilitate ad hoc provisioning of users; and provide a richer experience when transferring data over a web browser.
DATASHEET
EFT ™ SMB and EFT Enterprise Feature Comparison
During the evaluation period, all functionality is enabled and visible in the EFT administration interface. After the trial expires, the functions and modules that are enabled and visible depend on the license purchased. (EFT’s Web Services interface, Oracle support, AWE, and AS2 are available only in Enterprise.)
The tables below compare the features available in EFT SMB to EFT Enterprise. Certain features require the activation of one or more of the following modules, as indicated by one or more superscript numbers after “Optional.” For example, “Optional, 6,7” indicates that the feature requires the High Security module (6) and the Auditing and Reporting module (7).
SFTP module (Included in EFT Enterprise; optional module in EFT SMB)
HTTP/S module (Included in EFT Enterprise; optional module in EFT SMB)
OpenPGP Encryption/Decryption module
Mail Express ad hoc transfer
Web Transfer Client (Requires HTTP/S module; limited to maximum of 5 concurrent users in trial period)
High Security module (Requires ARM to run PCI DSS reports)
Auditing and Reporting (ARM) (Oracle support available in EFT Enterprise only)
DMZ Gateway (Outbound proxy support in EFT Enterprise only)
AS2 Module (Available in EFT Enterprise only; requires ARM module)
Advanced Workflow Engine (AWE module (Available in EFT Enterprise only)
Business Activity Monitoring (BAM) dashboard
Mobile Transfer Client (MTC) module
Content Integrity Control (CIC) (Available in EFT Enterprise only)
Workspaces
Folder Monitor Module (Included in EFT Enterprise; optional module in EFT SMB to add Folder Monitor event)
Timer module (Included in EFT Enterprise; optional module in EFT SMB to add Timer event)
File Transfer Client module (Optional module in EFT SMB to add Copy/Move Action and Download Action to Event Rule system in EFT SMB; included in EFT Enterprise)
1. 10.
11.
12.
13.
14.
15.
16.
17.
2.
3.
4.
5.
6.
7.
8.
9.
2
Feature SMB EnterpriseProtocols (Inbound Listeners)
FTP/S (File Transfer Protocol / Secure) - still used for communications with legacy systems. Included Included
SSL/TLS – secure FTP communications Included Included
SSL key manager – manage, import, export, and create SSL certificates Included Included
SSL Config – specify ciphers and versions allowed (SSL v2, v3, and TLS v1) Included Included
Checkpoint restart – resume interrupted transfers Included Included
Compression – inline compression of ASCII files Included Included
Acceleration – reduce transfer time over poor connections by allowing uploaded files to be split apart and transferred in multiple segments simultaneously
Included Included
Verification – guarantee integrity by comparing checksums Included Included
Command blocking – prevent unwanted behavior Included Included
S-key OTP – One-time-password scheme for plain-text FTP Included Included
PASV port range – facilitate FTP connections behind network firewalls Included Included
EBCDIC – Used for communicating with legacy systems Included Included
UTF-8 – Transfer Unicode filenames over FTP Included Included
Session tools – Real-time session monitoring Included Included
Customizable – Modify various FTP banners to suit your specific needs Included Included
FIPS – FIPS 140-2 certified SSH cryptographic module Optional, 6 Optional, 6 Included
SFTP (SSH2). The secure alternative to FTP, especially for system-to-system transfers. Optional, 1 Included Optional, 1 Included
Key manager – manage, import, export, and create SSH key pairs Optional, 1 Included
Key types – OpenSSH and SSH.COM (SECSH format) supported Optional, 1 Included
Authentication – Any combination of password and/or public key Optional, 1 Included
Strong ciphers – 256-bit Twofish, 256-bit AES CBC, and 256-bit AES CTR mode Optional, 1 Included
Configurable SSH-protoversion-softwareversion – lower attack footprint Optional, 1 Included
FIPS – FIPS 140-2 certified SSH cryptographic module Optional, 1, 6 Included
HTTP/S (Hyper Text Transfer Protocol / Secure) - Ideal for interactive person-to-system transfers Optional, 2 Optional, 2
Customizable landing portal – Login page can be branded Included Included
Form-based auth – sessions are managed securely by the server Optional, 2 Included
Basic-auth – standard browser authentication (fallback auth mechanism) Optional, 2 Included
3
Feature SMB EnterpriseSession management in accordance with OWASP guidelines Optional, 2 Included
Password reset in accordance with OWASP guidelines Optional, 2 Included
Lost username retrieval in accordance with OWASP guidelines Optional, 2 Included
SSO – using Integrated Windows Authentication (IWA) Optional, 2 Included
HTTP –> HTTPS auto-redirect – increased security through implicit redirection of non-secure connections Optional, 2 Included
Web client – Optional web client adds a rich set of features compared to script-driven HTTP/S transfers Optional, 2 Included
Mobile client – Provides secure, remote access to your EFT files through HTTPS Optional, 2 Included
AS2 (Applicability Statement 2) – used for transmission of EDI documents N/A Optional, 9
Multi-directional – service inbound and initiate outbound AS2 transactions N/A Optional, 9
Drummond certified – 3rd-party certified equals superior interoperability. N/A Optional, 9
Message Level Security (MLS) – certificate-based authentication N/A Optional, 9
Reliability Profile – AS2 extension that increases interoperability N/A Optional, 9
Multiple Attachments (MA) Profile – AS2 extension that facilitates multiple concurrent transactions N/A Optional, 9
Authentication (Access Controls) Included Included
Native – (Proprietary) Authentication (Eft-Managed Authentication) Included Included
Active Directory (AD) authentication Included Included
ODBC – leverage any ODBC data source for user authentication Included Included
NTLM – authenticate local system accounts (Choose “Windows AD Authentication” when creating the Site.) Included Included
LDAP – authenticate against LDAP sources, including AD N/A Included
RADIUS – often used as a two-factor authentication source N/A Included
SMS authentication – two-factor authentication using a mobile device to receive a login code (must have SMS softwaresuch as SMS PASSCODE®) N/A Requires
SMSPasscode®
RSA SecurID® – 3rd-party access manager that provides two-factor authentication N/A Requires
RSA SecurID®
CAC – Common Access Card authentication N/A Optional, 6
4
Feature SMB EnterpriseAuthorization (Resource Controls)
AD Impersonation – leverage Active Directory ACLs Included Included
Permissions – set folder level permissions or inherit from parent Included Included
Permission groups – assign users to permission groups or templates Included Included
Virtual folders – map virtual to physical folders including network shares Included Included
Home folders – designate a home folder and optionally make it the user’s root folder Included Included
Set limits – number of logins, connections, file sizes, transfer speeds, disk quotas Included Included
Security
Invalid passwords – controls to auto-lockout, disable, or ban IP Included Included
Invalid account names – controls to auto-ban offender IP Included Included
DoS detection – controls to temporarily or permanently ban suspect IPs Included Included
IP access rules – full featured IP access rule manager Included Included
Banned file types – prevent upload of unwanted file types Included Included
Monitor and kickoff ending users from the server Included Included
Password complexity – configure a large number of complexity options Included Included
Password reset – user-initiated or on initial login Included Included
Password reuse – disallow historical (previously used) passwords Included Included
Expire accounts – disable account on a given date Included Included
Expire inactive accounts – disable or remove account after N days of inactivity Optional, 6 Included
Expire passwords – expire passwords after N days Optional, 6 Optional, 6
Expiration reminder – email user reminder to change their password Optional, 6 Optional, 6
Data sanitization – securely clean deleted data using military grade wiping Optional, 6 Optional, 6
EFS – encrypt data at rest using Windows’ Streaming repository encryption (EFS) Optional, 6 Optional, 6
PGP – use OpenPGP to encrypt, sign, and decrypt data Optional, 3 Optional, 3
PCI DSS monitor – actively monitor and alert on violations
PCI DSS report – generate a compliance with a single mouse click Optional, 6,7 Optional, 6,7
PCI DSS compensating controls (CCs) – capture and report admin-provided CCs
Optional, 6,7 Optional, 6,7
PCI DSS setup wizard – walkthrough configuration with PCI DSS in mind Optional, 6,7 Optional, 6,7
DMZ Gateway – securely proxy transfers through the DMZ Optional, 8 Optional, 8
5
Feature SMB EnterpriseAdministration
Silent installation – unattended setup Included Included
Administrator GUI – Windows based Graphical User Interface (GUI) Included Included
Remote administration – administer from other systems in the network Included Included
Secure remote administration – SSL encrypted administration communications Included Included
Multiple administrators – allow concurrent administration Included Included
Secure administration –same password complexity options available for admins Included Included
Flexible authentication –leverage native, NTLM, or AD to authenticate administrators Optional, 6 Optional, 6
COM API – programmatic administration N/A Included
Delegated administration – role based administrator accounts with granular permissions
Server and Site admin
onlyIncluded
Backup and Restore – one-click backup and easy restore of entire configuration N/A Included
Batch account management – perform actions to multiple accounts simultaneously N/A Included
Forensics – audit and report on all administrator activity and changes N/A Optional, 6,7
Auditing and Visibility
Logging – flat file log in W3C and other formats Included Included
Monitor inbound transfers in real time Optional, 7 Included
Audit to SQL – audit transactions to a SQL database Optional, 7 Optional, 7
View reports – choose from pre-built or build your own Optional, 7 Optional, 7
Audit to Oracle – audit transactions to an Oracle database N/A Optional, 7
Monitor outbound transfers in real time N/A Included
Business Activity Monitoring (BAM) – real-time visibility, dashboarding, and analytics N/A Optional, 11
Automation (Integration with Back End Systems)
React to stimuli – trigger workflows based on file uploads and other server events Included Included
Send email to users or administrators as part of a workflow Included Included
Execute a process including scripts as part of a workflow Included Included
Context variables – use transaction values inside of workflows Included Included
Hot folders – trigger workflows when files arrive in a monitored folder Optional, 15 Included
Scheduled events – trigger workflows on a recurring basis Optional, 16 Included
Web Services – trigger workflows using WS calls; Invoke Web Service from URL N/A Included
6
Feature SMB EnterpriseConditional logic – build fine-grained business logic into workflows N/A Included
Clean up – securely clean target folders from within a workflow N/A Included
Offload and download – push or pull files to remote servers as part of a workflow Optional, 17 Included
Send pre- and post- commands to mainframe during copy/move actions N/A Included
Perform folder and file operations N/A Included
Compress/Decompress files N/A Included
Advanced workflows – tap into the Advanced Workflow Engine to build sophisticated workflows N/A Optional, 10
Integration with antivirus and DLP (Data Loss Prevention) tools to permit or prevent transfers based on policies. N/A Optional, 13
Ad Hoc (person-to-person file transfer)
Ad hoc file transfer – secure file transfer available either via Outlook Add-in or web interface Optional, 4 Optional, 4
Two-way file sharing – recipients provided with multiple methods to send files back Optional, 4 Optional, 4
Receipt notification – email notification when files are picked up by the recipient Optional, 4 Optional, 4
Pick-up authentication – recipients can be required to verify their identity before downloading files Optional, 4 Optional, 4
Full file tracking – Users and administrators can view complete history of files sent and received Optional, 4 Optional, 4
Centralized policy controls – administrator can enforce varying levels of required usage policies Optional, 4 Optional, 4
Active directory authentication – authentication internal users using AD Optional, 4 Optional, 4
Integration with EFT – monitor all Mail Express file transfer activity from EFT Optional, 4 Optional, 4
Complete customization – easily customize all Mail Express web interface Optional, 4 Optional, 4
www.globalscape.com
ABOUT GLOBALSCAPE
Globalscape is an innovative software company that secures mission-critical exchanges of data across multiple
platforms - including remote and mobility solutions - for businesses worldwide. Through superior software,
standards compliance and experienced, reliable support, Globalscape secures information exchange for
individuals, global enterprises, governments, and small and medium enterprises across a wide range of industries.
Feature SMB EnterpriseArchitecture
IPv6 – Full dual stack (IPv4/6 mixed) support Included Included
Virtual – Run on virtual machines, e.g. VMware and Hyper-V Included Included
Unicode – UTF-8 encoding of filenames and other fields where applicable Included Included
IDN – Internationalized domain name support Included Included
I/O Completion Ports –Technology that allows for tremendous performance on Windows systems Included Included
Active-passive clustering – Failover for high availability N/A Included
Active-active, high availability (HA) clustering with 3 or more EFT Enterprise licenses N/A Included
SaaS – Managed and hosted versions available N/A Included
Logo certified - Windows Server 2008 and 2012 Logo Certified N/A Included