Using the WebSphere DataPower SOA appliance to send files to an SFTP back-end

Answer

Yes, with the latest firmware, 3.8.1.x, this can easily be done because of the new SSH Client Profile and SFTP Client Policies features.

Create a Multi-Protocol Gateway Service

A DataPower multi-protocol gateway service using any of its varied front-side handlers can send files to an SFTP back-end. To begin configuring for the most basic case, you could specify a static back-end that will write to a single file. For example if you choose to use a static back-end, the specification can be as such: sftp://myftpserverhostname/home/myuserid/extracts/myfile.zip.

Once the multi-protocol gateway has been created, the next steps are to:

1. Create an SSH client profile
2. Create a new XML Manager and User Agent that use the SSH client profile
3. Modify the multi-protocol gateway to use the new XML Manager
4. Save and test
5. Consider reconfiguring your SSH client profile to use a public key

An SSH Client Profile object, new with the 3.8.1.x firmware, defines the userid and password, or the key, used to access an SFTP backend. See the SSH client profiles section in the Information Center for more detail. This object can be navigated via Objects->Crypto Configuration->SSH Client Profile. Once you are on the SSH Client Profile web page, after clicking on the Add button, there will be two modes of user authentication that can be done. The user authentication can be via a password and/or a public key.

Configuring for the password user authentication mode is quite straightforward. Specify the userid that you would use to log into your back-end server, and then supply its password. We recommend beginning with user authentication mode set to password in your development environment and completing a simple successful test. For the steps required to reconfigure your SSH client profile using a public key, refer to the additional resources section below in this technote.

The final pieces for the multi-protocol gateway configuration are within the User Agent object specified by the XML Manager. That is, the multi-protocol gateway specifies an XML Manager object, and the XML Manager specifies a User Agent. The User Agent properties apply to outgoing requests from the multi-protocol gateway service. It is recommended that you create a new XML Manager and User Agent, but you can also modify the default XML Manager and User Agent to specify the basic-auth and SFTP Client policies.

User Agent – Basic-Auth Policy

Once in the User Agent, select the Basic-Auth Policy tab. Create a matching expression for the SFTP back end, for example, sftp://*, and specify the User Name and Password for the SFTP server.

User Agent – SFTP Client Policies

Navigate to the new SFTP Client Policies tab. This tab is again new, with the 3.8.1.x firmware. Specify the same URL matching expression used for the Basic-Auth Policy tab, and then, in the SSH Client Profile drop-down, choose the profile that you have created as described above. This step associates the SSH Client Profile with the SFTP server.

Modify the multi-protocol gateway to use the new XML Manager (and therefore the new User Agent you have created. Click the Apply button and save the configuration.

For the steps required to reconfigure your SSH client profile using a public key, see How to configure a public key authentication mode for a DataPower SFTP service