Globalscape release EFT 8.0.4#37 TOP TIP
Globalscape have released version 8.0.4 of the EFT application and it brings with it a number of changes that make upgrading worthwhile.
First, it’s worth mentioning that Globalscape have continued to improve Event Rule functionality to match that of the Advanced Workflow Engine (AWE). To this end, they have added the ability to create datasets in Event Rules using actions:
How does this work?
You can see two ways of loading the dataset – as a ‘get listing from host’ process, or by importing a CSV file. You can then process this dataset one line at a time, treating each line as a unique variable. For example, to perform an action against every file in a local folder, you can do this:
You’ll also notice that in the list of available actions there is a loop break that you can reach out to if required. You might also notice that you can export the results of a dataset into a CSV file. Want to send someone a list of files that are in a folder? With this upgrade, it’s easily achievable. Potentially, you can export to CSV, modify the CSV with a Powershell step, then read back from the CSV to process the content in some way.
Now that Powershell is an integral part of an event rule (since 8.0), you have the ability to send the logging from the Powershell parts of an event rule into separate dedicated logs.
On the subject of Event Rules, there have been some improvements in optimising folder monitors. AWE tasks, which are now kept in the SQL Lite configuration database, can be exported into legacy file paths, which is useful if you routinely backup your rules. Also, the Event Rule import/exports have been set to JSON format. It is increasingly common in EFT to make use of JSON for configuration, as a precursor to improving the functionality of the REST API.
The REST API
The REST API has been improved to include extra endpoints for user configuration (list create, modify etc) and server status (number of connections, sites and actual performance metrics). Security around the permissions to use the REST API have been tightened a little so you can restrict the level of access administrators have when connecting via REST API.
From a security perspective, EFT has been updated to use OpenSSL 1.0.2u and the supported cipher list has been updated. You can enable some of the less secure ciphers if required. EFT will warn you if you do, so the risk of accidentally reducing your security is minimised. This does however address issues that some users encountered when EFT first moved from Bitvise libraries. There is no new SSH library, although when you create a new key, you can now select from RSA (previously the only option), DSA, ECDSA and ED25519. Key lengths have been ‘moved up’ – support for 1024 has been dropped, but 8192 has been added.
Workspaces has some new functions and features, the most interesting being the introduction of two factor authentication via SMS (or email if preferred), and the inclusion of a history log.
By far the most important component of the new release is the introduction of upload forms. This allows you to create a form for users to complete when they upload files using the Web Transfer Client. The form is very simple to build, and can be used to request metadata when uploading files. This is achieved by adding text fields (strings or multistrings), dropdowns, radio buttons and toggles, as per this example:
There is no specific URL for the form, it is simply called by the WTC when an end user attempts an upload. Therefore it makes sense to restrict each form to certain groups to be sure that the correct form is used when a user uploads a file.
All the fields you add to the form are exposed as variables in an event rule, allowing you to access them as metadata.
Should you upgrade?
This is quite a major release for Globalscape in terms of the functionality it provides in security, Event Rules and Web Transfer Client/Workspaces. Our recommendation is to upgrade to this version at your earliest convenience.