HSAO 2: Using Connect:Direct with IBM Aspera faspio Gateway

Edit online

The IBM Aspera faspio Gateway provides a transport layer proxy between TCP and Aspera FASP. Connect:Direct supports the IBM Aspera faspio Gateway without requiring any modifications. Security is handled by the Connect:Direct Secure+ feature. Both Secure+ and plaintext protocols pass transparently through the FASP Gateway.

Note: Secure+ is used to secure FASP transfers exactly the same way it is used for TCP/IP transfers.

Here’s an example of using two faspio Gateways to bridge TCP connections between a TCP client and a TCP server over FASP:

Prerequisites

A faspio Gateway is required at each endpoint between trading partners. For installation instructions, see IBM Aspera fasp.io gateway documentation.

A supported version of IBM Sterling Connect:Direct also required at both endpoints.

Example Configuration

In this example, IBM Sterling Connect:Direct is installed and operational between two trading partners using Secure+.

To use the IBM Aspera faspio gateway, a gateway must be installed at each trading partner's site.

  • Step 1: Location FASP-GW1 Server:
    To establish an outgoing connection to node_b using the faspio Gateway, a gateway configuration for node_b must be added to the gateway.toml file. The example below shows a TCP Listener on FASP-GW1, which forwards the connection to the remote gateway on FASP-GW2.
    /usr/local/etc/faspio/gateway.toml
...
### Outgoing connections.
[[bridge]]
    name = "gw_node_b"

    ### CD Remote Node Listener
    [bridge.local]
          protocol = "tcp"
      bind_address = "FASP-GW1"
              port = 61364
       tls_enabled = false

    ### Forward to FASP GW2
    [bridge.forward]
          protocol = "fasp"
              host = "FASP-GW2"
              port = 12345
       tls_enabled = false
  • Step 2: Location FASP-GW2 Server:

    A configuration must be added to the local gateway.toml file to accept and forward connections from node_a. The example below demonstrates an incoming connection on FASP port 12345 being forwarded to the Connect:Direct server IRVGGN-2111B;1364(node_b), which completes the connection to Connect:Direct.

    /usr/local/etc/faspio/gateway.toml
...
### Incomming connections.
[[bridge]]
    name = "gw_node_a"

    ### FASP GW Listener
    [bridge.local]
          protocol = "fasp"
      bind_address = "FASP-GW2"
              port = 12345
       tls_enabled = false

    ### Forward to CD Local Node
    [bridge.forward]
          protocol = "tcp"
              host = "IRVGGN-2111B"
              port = 1364
       tls_enabled = false
  • Step 3: Update Netmap for node_a:
    In the netmap.cfg file for node_a, update the remote node entry for node_b using the IP address and port configured on the gateway. The comm.info should be set to FASP-GW1;61364.
    Figure 1. Incoming/Outgoing faspio gateway configuration example
IBM Sterling Connect:Direct remote nodes typically use a unique IP address along with the well-known Connect:Direct port: 1364. When supporting multiple Connect:Direct trading partners over the faspio gateway, a unique port number is assigned to each partner. For example:
CD Unix netmap.cfg example.
node_a:\
 :comm.info=FASP-GW1;61364:
node_b:\
 :comm.info=FASP-GW1;61365:
node_c:\
 :comm.info=FASP-GW1;61366:

For more information about IBM Aspera faspio, refer to IBM Aspera faspio gateway