IBM Support

Enhanced Customer Data Repository (ECuRep) - Send data (FTP)

General Page

FTP is the protocol of choice to send data over the Internet. A wide range of command lines and GUI clients are available. Most operating systems install an FTP client by default. A plain FTP server is still available but will be discontinued for upload other than using the Java utility or the z/OS utility on 5 October 2020. We strongly recommend using the new server enforcing encryption. After disabling of plain FTP, only FTPS (FTP over TLS) and SFTP (FTP over SSH) will be supported for manual uploads. The two upload utilities (Java utility - SDDUU and z/OS utility - PDUU) will still be able to upload data to ftp.ecurep.ibm.com, testcase.boulder.ibm.com and ftp.ap.ecurep.ibm.com.

On 5 October 2020 we will disable cipher suites that use SHA-1 hashing algorithms. Make sure that your FTP client is supporting current encryption options.

All secure FTP servers enforce authentication. An IBM Support File Transfer ID is required to use these servers.

FTPS instructions (FTP over TLS)

FTP is the protocol of choice to send data over the Internet. A wide range of command lines and GUI clients are available. Most operating systems have an FTP client installed by default. ECuRep does only support FTPS (explicit) to meet legal requirements. Transfers should always use "binary" mode to make sure that file integrity is kept. You should consider the use of "passive" mode (port range 65024 - 65535) to avoid connection issues. 

For a certain period, anonymous FTP uploads using tools that enforce encryption of the content, will be supported. In order to use this, your FTP client must support TLS and your firewall must be transparent for secure FTP.

Addresses

Note: Please use the server closest to your physical location.

Americas
testcase.boulder.ibm.com
(170.225.15.31)
Asia Pacific
ftps.ap.ecurep.ibm.com
(169.56.38.162, 169.56.38.163)
 
Europe
ftps.ecurep.ibm.com
(192.109.81.10)

Please notice, that testcase.boulder.ibm.com leverages RFC4217 DRAFT level, ftps.ecurep.ibm.com and ftps.ap.ecurep.ibm.com leverages full RFC4217 level, which differs in sub commands AUTH and CCC) For z/OS FTPS implementation, please refer to information in our Help - FTP section.

Information about the encryption use can be found in the "Encryption" tab.

For additional information regarding certificates and IBM ID and Transfer ID usage, please refer to FAQs About GDPR-related Changes to ECuRep and Testcase FTP File Uploads.

If the upload to one of the servers is failing, please try uploading to another server. 

Active versus passive transfer mode

The FTP protocol supports two transfer modes: active and passive. Both are supported by the ECuRep FTP server. The active mode is the default for many FTP clients. If you encounter problems after logging on to the ECuRep's FTP server, try to switch to the passive mode. This is needed because most corporate firewall policies only allow the use of the passive mode. If your client does not support the passive mode, please use another client. If you are in doubt, try a ls command right after login. If nothing is returned and a timeout occurs passive FTP is required. All three upload servers are using the port range 65024 - 65535 for data connections.

ASCII versus binary transfer mode

One of the least-understood aspects of FTP transfers is the difference between ASCII and binary mode data transfers. ASCII stands for American Standard Code for Information Interchange, and is a type of character encoding based on the English language used on devices that handle information stored in text. It includes 33 non-printed control characters and 94 printed characters such as letters and punctuation.

When files are transferred in ASCII mode, the transferred data is considered to contain only ASCII formatted text. The party that is receiving the transferred data is responsible for translating the format of the received text to one that is compatible with their operating system. The most common example of how this is applied pertains to the way Windows and UNIX handle newlines. On a Windows computer, pressing the "enter" key inserts two characters in an ASCII text document - a carriage return (which places the cursor at the beginning of the line) and a line feed (which places the cursor on the line below the current one). On UNIX systems, only a line feed is used. ASCII text formatted for use on UNIX systems does not display properly when viewed on a Windows system and vice versa.

Binary mode refers to transferring files as a binary stream of data. Where ASCII mode may use special control characters to format data, binary mode transmits the raw bytes of the file being transferred. In binary mode, the file is transferred in its exact original form.
For our FTP server transfer must be done in binary mode.

Upload (toibm) directories

On each server there are different upload directories organized in two levels. To upload data you need to change to "toibm", choose the sub directory matching your product best like "websphere" and change to that directory. Data uploads are only possible in these directories. Uploads to the first level "toibm" are not possible. The upload directories have 'write only' permissions which means that they cannot be listed. Some graphical clients do not allow changing to these directories but you can still drag & drop data to the directory. 

Examples

To help you use our FTP server, we provide several operating system-specific descriptions. For more information, please go to the description of your operating system.

SFTP instructions (secure)

Secure FTP over SSH is based on the Secure Shell protocol. In contrast to standard FTP, only one port is used for session handling and data transfer. Therefore, the implementation is firewall-friendly.

In general, the directory structure of the SFTP server is the same as on the standard FTP server except that only the toibm directory is available.

Address

Note: Please use the server closest to your physical location.

Americas testcase.boulder.ibm.com (170.225.15.31)
Asia sftp.ap.ecurep.ibm.com (169.56.38.162, 169.56.38.163)
Europe sftp.ecurep.ibm.com (192.109.81.25)
Information about the encryption use can be found in the "Encryption" tab.

Examples

We have successfully tested different implementations of SFTP clients. The tests included command line and GUI clients. Some Windows FTP clients support FTP, FTPS and SFTP. Please have a look at the documentation of your client. If you have problems configuring secure FTP on your system, contact your local support or the provider of your FTP client. Secure Copy is not supported.


Related links

FTP example

The following is an example of performing an anonymous FTP upload of a file to IBM Enhanced Customer Data Repository using a line mode FTP client. Of course you can use any FTP client.

Command/Response Description
C:\> ftp ftp.ecurep.ibm.com The customer enters the FTP command to invoke the FTP client and begin an FTP session with Testcase Data Exchange.
Connected to ftp.ecurep.ibm.com. 220-FTPD1 IBM FTP CS V1R5 at MCEFTP, 17:14:35 on 2005-06-22.
220-Welcome to the IBM Centralized Customer Data Repository (ECuRep)
The customer receives verification that the session has been established and that the Testcase Data Exchange FTP server is ready
User (ftp.ecurep.ibm.com:(none)): anonymous The customer is prompted for their user name. They should enter the keyword anonymous indicating that this will be an anonymous FTP session.
331 Send email address as password please. The FTP server responds that anonymous access is permitted and prompts the customer to enter any text as a password.
Password: test@anyone The customer should enter any text as a password. In this case, the customer entered the password test@anyone.
230-Here you can deliver/get support material to/from IBM.
230-Directories for:
230- deliver  use command 'cd toibm'
230- get      use command 'cd fromibm'.
The FTP server responds that the login was successful.
ftp> cd toibm/windows The customer should then change to the directory where they will upload the file using the cd FTP subcommand. You need to inform the customer of the directory to use here.
250 HFS directory /toibm/windows is the current working directory. The FTP server responds that the change (working) directory command was successful.
ftp> binary
200 Type set to I.
ftp> put your_data_at_the_workstation 12345.123.724.DUMP.ZIP
The customer may then upload the file using the put FTP subcommand. In this case, the customer is uploading a file called your_data_at_the_workstation. Depending on your requirements, you may want them to upload the file in binary format by first specifying the binary subcommand.
200 PORT command successful.
150 Opening binary mode connection for your_data_at_the_workstation
226 Transfer complete.
The FTP server responds that the connection has started and also responds when the upload is complete. Upload times will vary depending on network connection speed and file size.
ftp> quit The customer then terminates the FTP session by using the quit subcommand.

FTPS example (AIX command prompt)

$ ftp -s ftps.ecurep.ibm.com
Connected to ftps.ecurep.ibm.com.
220-Welcome to the IBM Enhanced Customer Data Repository (ECuRep)
220-
220-Before using this service refer to the terms of use for exchanging diagnostic
220-data with IBM (see https://ibm.com/support/docview.wss?uid=ibm10739407)!
220-
220-For Documentation and FAQ please see the ECuRep homepage
220-https://ibm.com/support/docview.wss?uid=ibm10739631
220-
220-   LOGIN
220-     user     : [transfer id]
220-     password: [password_of_transferid]
220-
220-Please report questions to: contact@ecurep.ibm.com
220-Connection closed after 15 minutes idle
220 FTPS server ftps.ecurep.ibm.com ready
234 AUTH TLS successful
TLS Auth Entered.
TLS handshake succeeded, though Server signed it's own cert!
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:a1:10:d8:f6:0d:30:6e:6c:ad:10:7b:66:ae:61:93
        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1
        Validity
            Not Before: Jan 25 00:00:00 2018 GMT
            Not After : Jan 25 12:00:00 2020 GMT
        Subject: businessCategory=Private Organization/jurisdictionC=DE/jurisdictionST=Baden-W\xC3\xBCrttemberg/jurisdictionL=Stuttgart/serialNumber=HRB 14562, C=DE, ST=Baden-W\xC3\xBCrttemberg, L=Ehningen, O=IBM Deutschland GmbH, CN=ftps.ecurep.ibm.com
TLSv1/SSLv3 ( ECDHE-RSA-AES256-GCM-SHA384 ), 256 bits
Name (ftps.ecurep.ibm.com:(none): E-ABCD12345f
331 Password required for E-ABCD12345f
Password:
230-Here you can deliver/get support material to/from IBM.
230-Directories for:
230- deliver  use command 'cd toibm'
230- get      use command 'cd fromibm'
230-Please use command 'bin' prior transfer. See special instructions
230-displayed when changing to the sub directory.
230-Working directory is "/".
230-You are logged in as E-ABCD12345f
230 User E-ABCD12345f logged in
ftp> passiv
Passive mode on.
ftp> cd toibm
250-Please read toibm/0-README.txt for information.
250 CWD command successful
ftp> cd aix
250 CWD command successful
ftp> bin
200 Representation type is Image
ftp> put boot.ini 34143.055.000.test.nixx

227 Entering Passive Mode (192,109,81,10,255,223).
150 Opening BINARY mode data connection for boot.ini
TLSv1/SSLv3 ( ECDHE-RSA-AES256-GCM-SHA384 ), 256 bits
netout: write returned 0?
226 Transfer complete
ftp> bye

221 Goodbye.
$

FTPS and firewalls

When using Secure FTP (FTPS) it is possible that you will get problems with your firewall. This is due to the nature of the protocol and the different types of firewalls.

FTP uses two connections between the FTP client and FTP server. The control connection is used to exchange FTP commands and control information, and the data connection is used to transmit the files and for output of commands.

The control connection is established when an FTP client connects an FTP server. If data has to be transferred, the data connection is set up dynamically. There are no fixed TCP ports which are used for this connection. The FTP server tells the client the TCP port to be used within the control connection. The port changes for every data transmission. Modern firewalls read the port information exchanged within the control connection and dynamically create rules to allow the data transfer.

While FTPS is in use, the control and data connection is encrypted. A firewall can no longer read the content of the control connection and dynamic rule creation for the data connections is no longer possible.

There are also some firewalls which run more or less intensive checks on the traffic within the control connections. They drop the connection if they detect traffic which is not mentioned in the FTP protocol definition. Those checks must fail with encrypted connections.

In case of problems please read our help page.

FTPS example

EZA1736I FTP -a tls -n -v -p TCPIP (EXIT
EZY2640I Using dd:SYSFTPD=TCPIP.IVN.TCPPARMS(FTPCDATS) for local site configuration parameters.
EZYFT26I Using 7-bit conversion derived from 'ISO8859-1' and 'IBM-1047' for the control connection.
EZYFT32I Using the same translate tables for the control and data connections.
EZA1450I IBM FTP CS V1R4
EZA2807I Executing under single stack configuration. Specified TCPIP name TCPIP ignored.
EZA1772I FTP: EXIT has been set.
EZA1456I Connect to ?
EZA1736I 192.109.81.7
EZYFT18I Using catalog '/usr/lib/nls/msg/C/ftpdmsg.cat' for FTP messages.
EZA1554I Connecting to: 192.109.81.7 port: 21.
220-FTPD1 IBM FTP CS V1R2 at MCEFTP, 15:27:37 on 2004-03-17.
220-Welcome to the IBM Centralized Customer Data Repository (ECuRep)
220-INTERNET ADDRESS 192.109.81.7 ()
220-BBefore using this service refer to the terms of use for
220-Exhanging Diagnostic Data with IBM
220-(see https://www.ibm.com/de/support/ecurep/service.html )!
220-For FAQ/Documentation please see ECuRep - Homepage
220- https://www.ibm.com/de/support/ecurep/index.html
220- LOGIN user: anonymous pw: your_email_address
220-please report questions to: contact@ecurep.ibm.com
220 Connection will close if idle for more than 15 minutes.
EZA1701I >>> AUTH TLS
234 Security environment established - ready for negotiation
EZA2895I Authentication negotiation succeeded
EZA1701I >>> PBSZ 0
200 Protection buffer size accepted
EZA1701I >>> PROT P
200 Data connection protection set to private
EZA2906I Data connection protection is private

EZA1460I Command:
EZA1701I >>> USER anonymous
331 Send email address as password please.
EZA1789I PASSWORD:
EZA1701I >>> PASS
230-Here you can deliver/get support material to/from IBM.
230-Directories for:
230-deliver use command 'cd toibm'
230-get use command 'cd fromibm'
230-for CADCAM/CATIA/VPM/ENOVIA/SMARTEAM use command 'cd cadcam'
230-Please use command 'bin' prior transfer. See special instructions
230-displayed when changing to the sub directory.
230 'ANONYMOUS' logged on. Working directory is /.

Stat command example

If you cannot see the AUTH TLS command, you can check the status of the session with a remote stat command. The highlighted lines indicate a secure session.

EZA1736I stat
EZA1701I >>> STAT
211-Server FTP talking to host 195.212.29.163, port 21061
211-User: Anonymous Working directory: /
211-The control connection has transferred 707 bytes
211-There is no current data connection.
211-The next data connection will be actively opened
211-to host 195.212.29.163, port 21061,
211-using Mode Stream, Structure File, type Image, byte-size 8
211-Automatic recall of migrated data sets.
211-Automatic mount of direct access volumes.
211-Auto tape mount is allowed.
211-Inactivity timer is set to 900
211-VCOUNT is 59
211-ASA control characters in ASA files opened for text processing
211-will be transferred as ASA control characters.
211-Trailing blanks are not removed from a fixed format
211-data set when it is retrieved.
211-Data set mode. (Do not treat each qualifier as a directory.)
211-ISPFSTATS is set to FALSE
211-Primary allocation 450 tracks. Secondary allocation 45 tracks.
211-Partitioned data sets will be created with 50 directory blocks.
211-FileType SEQ (Sequential - default).
211-Number of access method buffers is 5
211-RDWs from variable format data sets are discarded.
211-Records on input tape are unspecified format
211-SITE DB2 subsystem name is DB2
211-Data not wrapped into next record.
211-Tape write is not allowed to use BSAM I/O
211-Truncated records will not be treated as an error
211-JESLRECL is 80
211-JESRECFM is Fixed
211-JESINTERFACELEVEL is 2
211-Xlate name is STANDARD
211-SMS is active.
211-Data sets will be allocated using unit SYSDA
211-New data sets will be catalogued if a store operation ends abnormally
211-Single quotes will override the current working directory.
211-UMASK value is 777
211-Process id is 50333504
211-Checkpoint interval is 0
211-Authentication type: TLS
211-Control protection level: Private
211-Data protection level: Private

211-Record format VB, Lrecl: 256, Blocksize: 27968
211 *** end of status ***
EZA1460I Command:

SFTP example

The following is an example of performing an anonymous SFTP upload of a file to IBM Enhanced Customer Data Repository using a line mode SFTP client. Of course you can use any SFTP client.

Command/Response Description
$ sftp E-ABcd12345E@sftp.ecurep.ibm.com The customer enters the SFTP command to invoke the SFTP client log into the SFTP server using the user ID E-ABcd12345E ..
The authenticity of host 'sftp.ecurep.ibm.com (192.109.81.25)' can't be established.
RSA key fingerprint is SHA256:YnqKGIUJ2WyjU0VG4si78wN5ah61bZlRnoHPWCHzavw.
Are you sure you want to continue connecting (yes/no)?
The connection is established. The SFTP clients asks for verification of the SFTP server key fingerprint. The fingerprint can be found on the ECuRep Web page. If the fingerprint is verified, it needs to be accepted by entering yes. Entering no will end the connection.
Depending on the SFTP client, this step is only required once. Most clients store the accepted fingerprint or they ask if the fingerprint should be remembered.
Welcome to the IBM Centralized Customer Data Repository (ECuRep).
Before using this service refer to the terms of use for exchanging diagnostic
data with IBM (see https://ibm.com/support/docview.wss?uid=ibm10739407)!
For Documentation and FAQ please see the ECuRep homepage
https://ibm.com/support/docview.wss?uid=ibm10739631
   LOGIN
     user     : [transferid]
     password: [password_of_transferid]
    - or -
     user     : [anonymous]
     password: [your_email_address]
Please report questions to: contact@ecurep.ibm.com
Connection closed after 15 minutes idle
The connection is established. A welcome message is posted. Not all SFTP clients display this message.
E-ABcd12345E@sftp.ecurep.ibm.com's password: The password for the IBM Support File Transfer ID E-ABcd12345E needs to be entered.
sftp> cd toibm/aix The customer should then change to the directory where they will upload the file using the cd FTP subcommand. You need to inform the customer of the directory to use here.
sftp> put your_data_at_the_workstation 12345.123.724.DUMP.ZIP The customer may then upload the file using the put FTP subcommand. In this case, the customer is uploading a file called your_data_at_the_workstation.
your_data_at_the_workstation 100% 591KB 197.1KB/s 00:03 Most client will show information about the transfer progress.
ftp>quit The customer then terminates the FTP session by using the quit subcommand.

[{"Business Unit":{"code":"BU050","label":"BU NOT IDENTIFIED"},"Product":{"code":"SWSUPORT","label":"IBM Support"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
07 August 2020

UID

ibm10739631