What is Oracle MFT??
@Source:Oracle Documentations
Oracle Managed File Transfer (MFT) is a high performance, standards-based, end-to-end managed file gateway. It features design, deployment, and monitoring of file transfers using a lightweight web-based design-time console that includes transfer prioritization, file encryption, scheduling, and embedded FTP and sFTP servers. Security is maintained with security policies such as OWSM. This chapter describes basic Oracle Managed File Transfer concepts.
What you can do with it??
· Scheduling
· Resubmitting
· Attaching inline or referencing
· Compression and decompression
· Encryption and decryption
· Archiving, renaming, and deletion
· Purging transfer instances and files
· Pausing and resuming
· Securing with OWSM policies
Instance Tracking & Troubleshooting:
· Success, frequency, and failure statistics
· Metrics, recent errors, file finder, and active deliveries
· Error information table
· Active delivery progress table
· Reports for individual deliveries
Oracle Managed File Transfer lets you transfer files to and from many endpoint types:
· File and FTP based endpoints:
· File: Transfer files from or to directories accessible to the Oracle Managed File Transfer server.
· FTP Embedded: Transfer files from the embedded MFT FTP (File Transfer Protocol) or FTPS (FTP with Secure Socket Layer) server by copying the file into one of the embedded server directories.
· sFTP Embedded: Transfer files from the embedded sFTP (Secure Shell FTP or SSH-FTP) server by copying the file into one of the embedded server directories.
· FTP Remote: Transfer files from or to a remote FTP or FTPS server.
· sFTP Remote: Transfer files from or to a remote sFTP server.
· SOAP web-services based endpoints:
· SOAP: Transfer files from or to Simple Object Access Protocol web service endpoints inline or by reference to a folder location.
· SOA: Transfer files from or to Oracle SOA (Service-Oriented Architecture) web service endpoints.
· Service Bus (OSB): Transfer files from or to Oracle Service Bus web service endpoints.
· ODI: Transfer files from or to Oracle Data Integrator web service endpoints.
· B2B based endpoints:
· B2B: Transfer files from or to Oracle B2B (Business to Business) trading partners.
· Healthcare: Transfer files from or to Oracle B2B for Healthcare endpoints.
· Cloud endpoints:
· Oracle Cloud Service: Transfer files from or to Oracle Cloud Service.
Oracle WebCenter Content: Transfer files from or to Oracle WebCenter Content.
Now we will see how to create oracle Cloud MFT SOA Instance and how we can use it in our applications.
Click on create SOA instance.
We are going to create single node MFT server, Select SSH public key that we generated at the first time of SOA instance creation, You can create/generate new private/public key pair for this MFT server but it’s good to use existing public/private key pair.
Provide all details of previously created DB and Storage container, Specify whether or not you want to use the load balancer.
The confirmation page displays the configuration values you choose in the provisioning wizard. Review the service details. If you need to change the service details, use the navigation bar or Previous button at the top of the wizard to step back through the pages in the wizard. Click Cancel to cancel out of the wizard without creating a new service instance. If you are satisfied with your choices on the Confirmation page, click Create.
You will see a new instance is created with “MFT Server”, Wait for next 30-40 minutes while cloud will finishes with it’s instance creation process.
Once instance creation completed, Click on MFTServer.
Open MFT Console.
Sign in MFT Console with login details.
URL: https://CLOUD PUBLIC IP/mftconsole/faces/login
After Successful login you can see MFT dashboard.
Cross check all access level for ports and IP.
If any one them is disabled, make it enable.
Before you start working with MFT server, There are some post instance creation steps, which need to be done for correct use of MFT server.
Now we need to do some extra configuration so this MFT server can be access as FTP/SFTP and we can make it secure.
We need to do two below configurations (Refer link: http://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/sscs/MFTCS_PostProvision_SFTP/MFT_PP_SFTP.html
And
1. Setting up the MFT embedded sFTP server.
2.Configuring Oracle Compute and Oracle Traffic Director (OTD) for the MFT Embedded Servers.
Background information (Source Oracle):
MFT includes an embedded sFTP server. However by default, the sFTP server is disabled after Oracle MFT Cloud Service provisioning. You need to enable the sFTP server so that it can receive encrypted messages from partners using public/private key encryption. In this encryption and connection process, the private key decrypts messages that were encrypted using the associated public key. As illustrated in the diagram below, the private key is placed in the embedded sFTP server, and the partners/sFTP clients get a copy of the public key.
In Oracle MFT Cloud service, you need to configure SSH keystore to enable embedded sFTP server secured connection. The configuration includes importing the private key of the SSH key pair and entering the password in the SSH keystore if the private key has a passphrase.
For this tutorial, the following information will be used throughout the post-provisioning tasks:
· MFT Cluster instance name: MFTServer
· WebLogic administrator user name: weblogic
· Password: welcome1
· Host of WebLogic admin server and managed server: mftserver-wls-1
· IP address of admin server and managed server: CLOUD PUBLIC IP
Importing the Private Key
Open WINSCP, and provide public IP and user name as opc (You need to connect with your VM using your private key which is provided at the time of designing MFT instance).
Click on advance and select your private key.
Click Ok, You will be connected with your MFT server.
Copy private key in “tmp/anyfoldername” folder
Close WINSCP.
Open putty in same way with private certificate and connect with your server using public IP and same user name which is used in WINSCP.
change to user oracle.
In the oracle user shell, start MFT WLST:
You are now at the wlst prompt.
Run MFT WLST commands to import the private key.
Connect to the MFT managed server:
wls:/offline> import os
wls:/offline> connect ("weblogic","welcome1","t3://mftserver-wls-1:9073")
Note that you need to connect to the MFT managed server with port 9073, not the Admin server. You can found MFT server port by login into Weblogic console.
Now you are connected with your MFT server, Now we need to bind private key with MFT server so SFTP can work.
Command sample:importCSFKey("key_format", "key_type", "alias", "key_file_path")
Exit MFT WLST..
exit()
Exit the oracle user:
$ exit
You have now imported the private key by using MFT WSLT the command line.
Entering the Private Key Password in the SSH Keystore
Open MFT Console.
Click the Administration tab on the top of the console page.
To set the SSH Keystore password, select the Keystores management node in the left navigator tree and enter the WebLogic admin password from the provisioning process in the SSH Keystore section. For this tutorial, the password is sshwelcome1.
Click Save to save changes.
Next enable the embedded sFTP server, configure its security settings, and then restart the sFTP Server.
To enable the sFTP server and configure it with the private key alias, complete the following:
1. Select the Embedded Servers node in the left navigator tree.
2. Click the sFTP tab.
3. Enable sFTP by checking the checkbox.
4. Choose Password as Authentication Type.
5. Set Host Key Alias to the private key alias you just imported (In our case it was “privateKey”).
Restart MFT server from weblogic console, so changes can take place.
Login into weblogic console & restart it.
For verifying that server is started or not, Click on “Ports” under “Embedded Servers”, Before restart you will not show any port here.
After restarting, You will be able to see SFTP MFT ports.
To test the sFTP connection, use an sFTP client or a command line tool on your local machine.
$sftp -oPort=7522 weblogic@CLOUDPUBLICIP
It will ask for password, Enter your weblogic password.
You can test more.
For this release of Oracle MFT Cloud Service, you must open the required port(s) in the pod compute configuration to allow sFTP traffic to Oracle MFT. By default, the MFT embedded sFTP server uses port 7522 rather than the SSH port 22, though sFTP is an extension of the SSH protocol.
We need to do below task for MFT access in Jdev so we can configure it in our project.
1. Add a security application that defines port 7522 to be opened.
2. Define a security rule that allows anyone coming from the public internet to connect to OTD with the above defined security application.
3. Define another security rule that allows OTD to connect to all the managed servers with the same security application.
a. Create a security application: A security application, in this context, is a mapping between a port number and port type (TCP, UDP, or ICMP). To open port 7522, you must create a security application for that port in Oracle Compute Cloud Service.
In the Service Console of Oracle Compute Cloud Service, click the Network tab and then click the Security Applications tab in the left pane.
Click Create Security Application.
b. Create a security rule for security application: Create a security rule to allow TCP traffic from the internet to OTD through port 7522.
In the Oracle Compute Cloud Service console, under the Network tab, click the Security Rules tab in the left pane.
Click Create Security Rule.
As we are not using any load balancer so our destination will be MFT managed server.
You can verify these changes by connection to your SFTP server in WINSCP with your public IP and 7522 Port.
If rule or security application is not working then you can’t connect with your server, For testing you can delete your security application and rule then connect with WINSCP and you will not be any more able to connect with SFTP server.
There is an optional configuration for “OTD configuration”, This is an optional process.
Oracle doc link:
SOA MFT Integration:Before starting development with MFT adapter in SOA, you need to create some source, targets and transfer so end to end file uploading in MFT can work.
Go to design mode of MFT Console.
Create two sources.
Create one target:
Create one transfer which will transfer SOA to file.
Go to transfer and add SOA source and File target.
Click Save & deploy.
Go to monitoring tab and you can see deployed components.
Configuration in JDEV:
- Create a new SOA Application and project in Oracle JDeveloper.
- With the project open, display the Technology section of the Component Palette.
- Drag and drop the MFT component icon into the right Partner Link swimlane. The MFT Configuration Wizard opens.
- On the MFT Adapter Reference page, specify a name or accept the default name of mftReferencenumber. Reference is selected as the binding. Click Next.
- On the Adapter Interface page, select Define using a new MFT Reference. Click Next.
- On the Service Connection page, select the connection to the Oracle WebLogic Server on which Oracle Managed File Transfer is installed from the AppServer Connection drop-down list. Select the managed server on which Oracle Managed File Transfer runs from the SOA Server drop-down list if it does not autofill. Click Test MFT to test the communication with Oracle Managed File Transfer. Click Next.
- On the Reference Configuration page, select the MFT source name from the Source drop-down list. The endpoint location autofills in the Endpoint field. Click Finish.
- The MFT component appears in the BPEL process. Work with it as you would any external reference.
Weblogic Adapter Configuration:
Click on “Test MFT”......
If you see any errors like any of two:
SEVERE: javax.xml.ws.WebServiceException: java.net.UnknownHostException: mftserver-wls-1
For this issue you need to make entry in your system HOST file with your public IP.
Go to:
C:\Windows\System32\drivers\etc
Edit hosts file & make an entry in last of file.
PUBLIC IP CLOUD mftserver-wls-1
When you again try to test your MFT cloud server, you can face below error.
SEVERE: javax.xml.ws.WebServiceException: java.net.ConnectException: Connection timed out: connect
This time error is related SOA MFT adapter is not able to make a connection with MFT server, Need to add MFT node port for public access, as we added SFTP port in security application & security roles.
SSL Listen Port:9074
Need to add Port 9074 in cloud firewall so internet access can be enabled. You need to first create security application then security rule.
After this we you need to test it again, A new issue will come.
SEVERE: javax.xml.ws.WebServiceException: java.net.SocketException: Unexpected end of file from server
This is another issue which is pending from while with oracle, so you need to move with SOAP implementation for it.
Thanks .
ReplyDeleteOracle Integration Cloud Service Online Training
Thank You for Posting such a great Post. data backup and disaster recovery
ReplyDelete