The protocol bridge

The protocol bridge enables your Managed File Transfer (MFT) network to access files stored on a file server outside your MFT network, either in your local domain or a remote location. This file server can use the FTP, FTPS, or SFTP network protocols. Each file server needs at least one dedicated agent. The dedicated agent is known as the protocol bridge agent. A bridge agent can interact with multiple file servers.

The protocol bridge is available as part of the Service component of Managed File Transfer. You can have multiple dedicated agents on a single system running MFT that connect to different file servers.

You can use a protocol bridge agent to transfer files to multiple endpoints simultaneously. MFT provides a file called ProtocolBridgeProperties.xml that you can edit to define the different protocol file servers that you want to transfer files to. The fteCreateBridgeAgent command adds the details of the default protocol file server to ProtocolBridgeProperties.xml for you. This file is described in Protocol bridge properties file format.

You can use the protocol bridge agent to perform the following actions:
  • Upload files from the MFT network to a remote server using FTP, FTPS, or SFTP.
  • Download files from a remote server, using FTP, FTPS, or SFTP, to the MFT network
Note: The protocol bridge agent can support only FTP, FTPS, or SFTP servers that allow files to be accessed by their absolute file path. If a relative file path is specified in a transfer request, the protocol bridge agent will attempt to convert the relative path into an absolute file path based on the home directory used to login to the protocol server. Those protocol servers that allow access to files based only on the current directory are not supported by the protocol bridge agent.
The diagram shows two locations which use FTP servers, which communicates with a protocol bridge agent, which in turn is communicating with two MQMFT agents. The FTP servers can also communicate with FTP clients that are based both external, and internal.

The diagram shows two FTP servers, at different locations. The FTP servers are being used to exchange files with the Managed File Transfer agents. The protocol bridge agent is between the FTP servers and the rest of the MFT network, and is configured to communicate with both FTP servers.

Ensure that you have another agent in your MFT network in addition to the protocol bridge agent. The protocol bridge agent is a bridge to the FTP, FTPS, or SFTP server only and does not write transferred files to the local disk. If you want to transfer files to or from the FTP, FTPS, or SFTP server you must use the protocol bridge agent as the destination or source for the file transfer (representing the FTP, FTPS, or SFTP server) and another standard agent as the corresponding source or destination.

When you transfer files using the protocol bridge, the bridge must have permission to read the source or destination directory containing the files you want to transfer. For example, if you want to transfer files from the directory /home/fte/bridge that has execute permissions (d--x--x--x) only, any transfers you attempt from this directory fail with the following error message:
BFGBR0032E: Attempt to read filename from the protocol file server 
  has failed with server error 550. Failed to open file.

Configuring a protocol bridge agent

A protocol bridge agent is like a standard MFT agent. Create a protocol bridge agent by using the fteCreateBridgeAgent command. You can configure a protocol bridge agent using the ProtocolBridgeProperties.xml file, which is described in Protocol bridge properties file format. If you are using an earlier version, configure the agent using the specific protocol bridge properties described in Advanced agent properties. For all versions, you can also configure a credential mapping as described in Mapping credentials for a file server. After you have configured a protocol bridge agent for a particular protocol file server, you can then use that agent for that purpose only.

Protocol bridge recovery

If the protocol bridge agent is unable to connect to the file server because the file server is unavailable, all file transfer requests are queued until the file server becomes available. If the protocol bridge agent is unable to connect to the file server because the agent is using the wrong credentials, the transfer fails and the transfer log message reflects this error. If the protocol bridge agent is ended for any reason, all requested file transfers are retained and continue when the protocol bridge is restarted.

During file transfer, files are typically written as temporary files at the destination and are then renamed when the transfer is complete. However, if the transfer destination is a protocol file server that is configured as limited write (users can upload files to the protocol file server but cannot change those uploaded files in any way; effectively users can write once only), transferred files are written to the destination directly. This means that if a problem occurs during the transfer, the partially written files remain on the destination protocol file server and Managed File Transfer cannot delete or edit these files. In this situation, the transfer fails.