Optional Configurations for Sterling B2B Integrator and WebSphere MQ File Transfer Edition

Once you verify that you can transfer files between WebSphere® MQ File Transfer Edition and Sterling B2B Integrator, you can add SSL and/or set up multi instances for fail over.

SSL

SSL can be enabled at three different locations to secure socket connections:

  • On client mode connections between the WebSphere MQ File Transfer Edition Agent Adapter and the agent queue manager
  • On the FTP connection between the WebSphere MQ File Transfer Edition Agent Adapter and the FTP Server adapter
  • On the client mode connections between the WebSphere MQ File Transfer Edition Create Transfer service and the command queue manager

To enable SSL on the client mode connections to the agent or command queue managers, first configure the channels to use SSL according to the WebSphere MQ documentation. To enable SSL on the FTP connection between the WebSphere MQ File Transfer Edition Agent adapter and the FTP Server adapter, first enable SSL on the FTP Server adapter according to the Sterling B2B Integrator documentation.

Note that the WebSphere MQ File Transfer Edition Agent Adapter and the WebSphere MQ File Transfer Edition Create Transfer service both utilize components that can only read certificates from JKS format key stores located on disk and cannot access certificates within the Sterling B2B Integrator certificate stores.
IF you want to enable SSL on the ... THEN ...
Connection to the agent queue manager
  1. Follow the directions in the WebSphere MQ File Transfer Edition online documentation to configure the Agent Queue Manager to use SSL and to generate the truststore and optionally the keystore files to be used by the WebSphere MQ File Transfer Edition Agent Adapter.
  2. Copy the truststore and optional keystore files onto the server running Sterling B2B Integrator.
  3. Set the WebSphere MQ File Transfer Edition Agent Adapter's “SSL On Connection To Agent Queue Manager” field to Must.
  4. Populate the WebSphere MQ File Transfer Edition Agent Adapter's SSL parameters as you would the SSL properties in the agent.properties file as described in the WebSphere MQ File Transfer Edition documentation.
Sterling B2B Integrator UI Field command.properties property name
SSL Cipher Specification agentSslCipherSpec
SSL Peer Name agentSslPeerName
SSL Trust Store Location agentSslTrustStore
SSL Trust Store Password agentSslTrustStorePassword
SSL Key Store Location agentSslKeyStore
SSL Key Store Password agentSslKeyStorePassword
Connection to the FTP Server Adapter
  1. Enable SSL on the FTP Server Adapter used by the WebSphere MQ File Transfer Edition Agent Adapter.
  2. Create a JKS truststore file with the appropriate certificates needed to trust the certificate presented by the FTP Server Adapter. The Sterling B2B Integrator Certificate Capture can be used to capture the certificates needed in the truststore. The truststore can be built and certificates imported using a number of certificate-generating tools.
  3. Copy the truststore file onto the server running Sterling B2B Integrator.
  4. Set the WebSphere MQ File Transfer Edition Agent Adapter's “SSL On Connection To FTP Server” to Must.
  5. Set the “Trust Store Location” field on the ‘FTPS Configuration' screen to the file copied from step 3.
  6. Set the “Trust Store Password” field on the ‘FTPS Configuration' screen to the trust store's password.
  7. Optional. If you want to enable client authentication:
    1. Create a JKS keystore file with a certificate and private key that identifies the WebSphere MQ File Transfer Edition Agent Adapter. The keystore can be built and certificates imported using a number of certificate-generating tools.
    2. Copy the keystore file onto the server running Sterling B2B Integrator.
    3. Set the “Key Store Location” field on the ‘FTPS Configuration' screen to the file copied from step b.
    4. Set the “Key Store Password” field on the ‘FTPS Configuration' screen to the key store's password.
    5. Export the certificates required to trust the certificate from step 7 and import it into the Sterling B2B Integrator CA Certificate Store (Trading Partner->Digital Certificates->CA)
    6. Update the SSL configuration of the FTP Server Adapter used by the WebSphere MQ File Transfer Edition Agent Adapter, selecting the Certificate(s) imported in step b in the CA Certificate field.
    7. Restart the FTP Server Adapter and then the WebSphere MQ File Transfer Edition Agent Adapter.
WebSphere MQ File Transfer Edition Create Transfer Service
  1. Follow the directions in the WebSphere MQ File Transfer Edition online documentation to configure the Command Queue Manager to use SSL and to generate the truststore file and optionally the keystore file to be used by the WebSphere MQ File Transfer Edition Create Transfer Service.
  2. Copy the truststore and optional keystore files onto the server running Sterling B2B Integrator.
  3. Set the WebSphere MQ File Transfer Edition Agent Adapter's “SSL On Connection To Agent Queue Manager” field to Must.
  4. Populate the WebSphere MQ File Transfer Edition Create Transfer service's SSL parameters as you would the SSL properties in the command.properties file as described here:
Sterling B2B Integrator UI Field command.properties property name
SSL Cipher Specification connectionSslCipherSpec
SSL Peer Name connectionSslPeerName
SSL Trust Store Location connectionSslTrustStore
SSL Trust Store Password connectionSslTrustStorePassword
SSL Key Store Location connectionSslKeyStore
SSL Key Store Password connectionSslKeyStorePassword

High Availability

If two separate agent processes (could be two stand alone agents or two agent adapters in Sterling B2B Integrator ) both are configured to use the same agent name and both are started at the same time, they will compete for access to the queues that correspond to this agent name. Only one of the agent processes will get exclusive access to the queues, and the other will enter a polling mode where it will periodically attempt to establish exclusive access to the associated queues.

This configuration creates an active/standby situation. The active agent process will be the one that obtained exclusive access to the queues and will process all transfers. The standby agent process will be the one that failed to get exclusive access, and it will periodically retry to get this access. If the active agent process is stopped or dies, the standby agent process will obtain exclusive access to the queues and will start processing any pending or new transfers.

To configure this within Sterling B2B Integrator, you need:
  1. a Sterling B2B Integrator cluster with at least two adapter containers (AC).
  2. a WebSphere MQ File Transfer Edition Agent Adapter instance configured on each AC. Each adapter must have a different adapter name but call the same agent name.