Securing FTP operations

On a DPM-enabled system, administrators can use their choice of protocol for file transfers: standard FTP, FTP Secure (FTPS), and Secure File Transfer Protocol (SFTP). Standard FTP requires an FTP server to be on the same network as your DPM-enabled system. In contrast, with FTPS or SFTP, you can keep your system on an isolated network for maximum security.

FTPS and SFTP work through a proxy feature on the Hardware Management Console (HMC) through which you manage your DPM-enabled system. To use these secure protocols, you must first prepare at least one of the HMCs through which you manage the Support Element of the DPM-enabled system. For instructions, see Setting up FTPS or Setting up SFTP.

Setting up FTPS

FTPS uses the Secure Socket Layer (SSL) protocol to secure data through certificates that authenticate the FTP servers. To use the FTPS protocol, complete the following steps to import an FTPS server certificate.

  1. Open the Certificate Management task, click the arrow for the Advanced list, and select Manage Trusted Signing Certificate from the list.
  2. On the Manage Trusted Signing Certificate page, click the arrow for the Import list, and select From Remote Server.
  3. On the Import Remote Certificate page, provide an IP/Host address and a valid port number, then click OK.
  4. Confirm the request. When processing completes, view the resulting message to determine whether the operation was successful.
  5. Repeat, as necessary, on other managing HMCs. When you acquire the appropriate SSL certificates, you can use the FTPS or SFTP selections that are available for all the tasks that support FTP or removable media as options to import or export files.

Setting up SFTP

SFTP uses the Secure Shell (SSH) protocol to secure data through SSH keys that authenticate the FTP servers. To use the SFTP protocol, complete the following steps to import SSH server keys.

  1. Open the Manage SSH Keys task.
  2. In the Address field, provide the SFTP server ID or host name, and click Add to add the SSH key.
  3. When processing completes, view the resulting message to determine whether the operation was successful.
  4. Repeat, as necessary, on other managing HMCs. When you acquire the appropriate SSH keys, you can use the FTPS or SFTP selections that are available for all the tasks that support FTP or removable media as options to import or export files.