Don plans on setting up the following test environment.
The players
Don – The Principal system administrator for Gateway Administrator.
Lee and Paul – Company employees with delegated file transfer management rights.
Joe – A Customer
The systems
Reflection Gateway server – For this evaluation all Reflection Gateway Services run on this single server.
Report file server – Runs in the internal network. Reflection for Secure IT Server for Windows is installed on this server. Company employees will drop reports into a designated directory on this server.
Transfer Site file server – Runs in the DMZ. Reflection for Secure IT Server for Windows is installed on this server. Files are exchanged from subdirectories of a designated base Transfer Site directory.
The test plan
Don will create a Reflection Gateway Job that monitors files on the Report file server, runs the company's security software on each file, and transfers files automatically to the Transfer Site file server only if they pass this security test.
Once the Job is tested and running, Don will configure a Transfer Site and add the customer (Joe) to the system so that he can access files from the Transfer Site file server. With these settings in place, he can drop a file in the designated folder on the Report file server. With no further action on his part, the file will be tested and moved to the Transfer site server.
The customer (Joe) will receive an email notification with a link that enables him to connect to the Reflection Transfer Client, which he can use to download the file.
After the test transfers are working as designed, Don will test features for delegating administrative tasks and limiting the access rights of delegated administrators. Finally, he will enable audit logging to provide a full record of all transfers.
The evaluation process
Don’s evaluation will include the following procedures from this evaluation guide.
Install Reflection for Secure IT Gateway.
The procedure provided in this guide uses a basic configuration, with all services Reflection Gateway Services on a single server (called the Reflection Gateway server in the diagram). Using this approach helps expedite preliminary testing. Multiple distributed configurations are also supported to meet the needs of your environment.
Configure the Report and Transfer Site file servers.
This guide provides instructions for using the RSIT Server for Windows, which is included with the Reflection Gateway installer. Reflection Gateway also supports any SFTP-enabled SSH server. These can be UNIX as well as Windows servers.
Perform initial Reflection for Secure IT Gateway system setup.
Create a Job to run on the Report server.
This job will monitor the analyst’s drop-off directory for new or changed PDF files. It will run the security screening test on these files. After this test passes, the PDF files will be transferred to the Transfer Site server in the DMZ.
Create a Transfer Site and add the customer to this site.
The file will be available to the customer from this site. An email notification will be sent to the customer with a link to use to download files using the Reflection Transfer Client. Don will receive an email notification when the customer downloads a new report.
Add delegated administrators and limit the rights of these users.
Configure file transfer audit logging on the Reports and Transfer Site servers.