EBICS Banking Server Architecture
EBICS Banking Server enables you to transact with partners and users using EBICS.
Its features include creating and managing profiles (bank, partner, and user), associating partners and users with order types and file formats, assigning user permissions, creating and managing certificates, processing of order data, storing and retrieving profile information, certificates, and messages, managing message flows and transaction flows, transferring files using secure protocols, and so on.
The following diagram illustrates the EBICS Banking Server architecture:
- Profile Management - For creating and managing bank, partner, and user profiles
- Order Type Configuration - For configuring order types and file formats
- Offer Configuration - For grouping a set of order types and file formats to a list of customers
- User Permission Configuration - For assigning order types and file formats to users
- Import of Subscription Manager Information - For importing configuration details related to bank, partner, user, offer, user permissions, order types, and file formats into the EBICS Banking Server from an external repository
- Export of Subscription Manager Information - For exporting configuration details related to bank, partner, user, offer, user permissions, order types, and file formats into an external repository from the EBICS Banking Server
Subscriber's upload and download mailboxes are configured in Subscription Manager during the user subscription setup.
Key Management interfaces mainly with Subscription Manager to create, update, delete, and query certificates.
- Self-Signed certificates - For generating and managing self-signed certificates using 2048-key length
- CA certificates - For managing CA certificates
- Key storage - For providing the key stores for the certificates and managing the renewal and expiration of certificates
- Import and Export certificates - For importing and exporting certificates
- Subscriber key validation - For validating user certificate hash values
- Certificate hash value - For supporting the creation of certificate hash value using SHA256
EBICS Server Service interfaces with Subscription Manager to retrieve the profile information of banks, partners, users, and order types necessary for verification and authentication of messages and transactions. It works in close collaboration with Transaction Manager to manage all the EBICS transactions.
- Request and Response - For handling incoming EBICS requests (through HTTP and HTTPS) according to EBICS protocol specifications, and generating an appropriate response back to the requestor
- Message Flow - For managing the message flow for the initialization and file transfer phases of the EBICS transactions
- Authentication and Authorization - For performing message authentication and user authorization checks
Transaction Manager interfaces closely with the EBICS Server Service to manage the upload and download flow of system order types and bank-technical order types.
- Asynchronous Transaction - For managing the asynchronous transaction flow for upload bank-technical order type (FUL). It manages the authorized order processing flow in collaboration with the Order Data Processor to unpack the order data and deliver the unpacked order data to the destination upload mailbox as defined in the user profile settings.
- Synchronous Transaction - For managing the synchronous transaction flow for upload and download system order and bank-technical order types. It manages the system order processing, report processing (FDL, PSR) and download bank-technical order (FDL) processing flows.
- Segmentation and Recovery - For managing no-replay, segmentation, and error recovery
System Order Manager is responsible for updating and querying key management information and user referential information.
System Order Manager works closely with Transaction Manager and Subscription Manager to update and query the user's key certificates and referential information, and to download bank parameters and bank certificates.
Authorized Order Manager is responsible for initiating the Order Data Processor to unpack the order data received from the FUL order type request, routing the unpacked order data to the backend subscriber's upload mailbox, and renaming it according to a defined naming convention.
VEU Order Manager is responsible for handling VEU orders (order types HVD, HVE, HVS, HVT, HVU, or HVZ).
- Packing - For packing order data such as signing, compression, encryption, and base64 encoding depending on the requirement of the order type
- Unpacking - For unpacking order data such as verification, decompression, decryption, and base64 decoding depending on the requirement of the order type
Reporting Service is responsible for generating the Payment Status Report (PSR) associated with the unpacking of order data during an asynchronous upload of bank-technical order transaction flow.
VEU State Management is responsible for maintaining information regarding VEU orders which are not completely authorized (e.g have pending signatures).
Sterling File Gateway uses templates to describe how each EBICS transaction is interpreted to determine how and where it should be delivered and provides visibility into the details of the transfers for auditing and troubleshooting.
- File or File Name Transformations - For mapping input to output file names, system-wide, group, and partner-specific policies, common file processing tasks such as compression and decompression, PGP encryption and decryption, and signing
- File Transfer Visibility - Events are recorded for monitoring and reporting; detailed tracking for input-output file structure processing and dynamic route determination; ability to view and filter data flows for all users
- Broad Communications Protocol Support - FTP, FTP/S, SSH/SFTP, SSH/SCP, and Sterling Connect:Direct are supported upon installation, and additional protocols (such as AS2, AS3, or Odette FTP) can be configured using the extensibility feature
- Partner Interface (myFileGateway) - Web browser-based interface that enables partners to upload and download files, subscribe to notifications about events, manage passwords, search and view file transfer activity, and generate reports about file transfer activity
- Flexible Mailbox Structures - Ability to specify mailbox structures that leverage pattern-matching policies and specify attributes that must be true for all partners or a subset of partners
- Dynamic Routing - Consumer derived at run time, either through mailbox structure, file name, business process-derived consumer name, or map-derived consumer name