A Sample Evaluation Scenario
Reflection Gateway is a flexible, secure way to manage file transfers. The evaluation scenario described in this guide touches on some of its key features. The procedures provided include step-by-step instructions for using each feature.
Meet Don
Don is in charge of evaluating Reflection Gateway for a growing financial services firm. Because secure encryption and authentication are built into every Reflection Gateway transfer, it is the ideal solution for ensuring the security of information exchanged with customers. The company requirements include the following:
-
Don is looking for a secure method for analysts to use to distribute regular reports to customers.
Reflection Gateway will be used to automate this process. Once the system is in place, all an analyst will need to do is drop a file into a specified folder on a server running in the internal network. Automated Reflection Gateway Jobs will handle the rest. Reflection Gateway's centralized management will make it easy for Don to add new employees to the system, and delegated administration will enable these employees to add new customers.
-
Every document leaving the company network must first be scanned to ensure that outgoing content meets all security requirements of the company.
The company has a working application that does this scanning, but the system is currently managed using scripts running on an increasing number of servers. Reflection Gateway will enable Don to set up centralized management of this process. This will simplify the process of updating scripts and adding new servers.
-
To ensure the security of the company servers, analysts with access to the Reflection Gateway administrative tool should have limited rights.
Reflection Gateway provides group configuration options to limit which administrative tasks users can perform and which servers they have access to.
-
The company requires a complete audit log with of record of all transfer activity on the Transfer Site server.
Don's Evaluation Plan
Don plans on setting up the following test environment.
The Players
-
Don - The Principal system administrator for Gateway Administrator.
-
Lee and Paul - Company employees with delegated file transfer management rights.
-
Joe - A Customer
The Systems
-
Reflection Gateway server - For this evaluation all Reflection Gateway Services run on this single server.
-
Report file server - Runs in the internal network. Reflection for Secure IT Server for Windows is installed on this server. Company employees will drop reports into a designated directory on this server.
-
Transfer Site file server -- Runs in the DMZ. Reflection for Secure IT Server for Windows is installed on this server. Files are exchanged from subdirectories of a designated base Transfer Site directory.
The Test Plan
Don will create a Reflection Gateway Job that monitors files on the Report file server, runs the company's security software on each file, and transfers files automatically to the Transfer Site file server only if they pass this security test.
Once the Job is tested and running, Don will configure a Transfer Site and add the customer (Joe) to the system so that he can access files from the Transfer Site file server. With these settings in place, he can drop a file in the designated folder on the Report file server. With no further action on his part, the file will be tested and moved to the Transfer site server.
The customer (Joe) will receive an email notification. He can then use an SFTP client to download the file.
After the test transfers are working as designed, Don will test features for delegating administrative tasks and limiting the access rights of delegated administrators. Finally, he will enable audit logging to provide a full record of all transfers.
The Evaluation Process
Don's evaluation will include the following procedures from this evaluation guide.
-
Install Reflection for Secure IT Gateway.
The procedure provided in this guide uses a basic configuration, with all services Reflection Gateway Services on a single server (called the Reflection Gateway server in the diagram). Using this approach helps expedite preliminary testing. Multiple distributed configurations are also supported to meet the needs of your environment.
-
Configure the Report and Transfer Site file servers.
This guide provides instructions for using the RSIT Server for Windows, which is included with the Reflection Gateway installer. Reflection Gateway also supports any SFTP-enabled SSH server. These can be UNIX as well as Windows servers.
-
Perform initial Reflection for Secure IT Gateway system setup.
-
Create a Job to run on the Report server.
This job will monitor the analyst's drop-off directory for new or changed PDF files. It will run the security screening test on these files. After this test passes, the PDF files will be transferred to the Transfer Site server in the DMZ.
-
Create a Transfer Site and add the customer to this site.
The file will be available to the customer from this site. An email notification will be sent to the customer telling them that they can use an SFTP client to download the file. Don will receive an email notification when the customer downloads a new report.
-
Add delegated administrators and limit the rights of these users.
-
Configure file transfer audit logging on the Reports and Transfer Site servers.