The Latest Globalscape EFT Versions#37 TOP TIP
Globalscape EFT version 8.0.6 release
Starting off with everyone’s favourite topic, version 8.0.6 adds support for TLS 1.3 and this can be enabled within Security > SSL Settings within the ‘Server’ tab on the EFT admin console as shown below:
EFT 8.0.6 adds some nice new features for both folder level encryption (encryption at rest on the EFT filesystem) as well as some handy improvements for managing OpenPGP keys.
Let’s start with folder encryption within EFT (encrypting a site’s root folder, or even a particularly important user’s home folder), you now have the option to specify unique encryption keys for each folder encrypted as part of the encrypted folders feature. When adding a new folder to encrypt, you’ll be given the option to either use the site’s encryption key, or define a unique key (along with a handy alias) for the folder you’re encrypting.
It’s worth noting that it isn’t currently possible to retroactively change a previously encrypted folder to use a unique encryption key without first removing the encryption and then adding that same folder again.
If you use OpenPGP within EFT, you’ll now benefit from a few handy extra features to make your key management that little bit more stress free.
Within the Security > OpenPGP Security options for each site, you now have the ability to send email notifications for expiring keys:
We recommend making sure you do have an alert setup before expiration to avoid any issues when sending encrypted files via event rules etc. You can also choose who should be receiving these emails, helping to keep the right people in the loop.
You’ll also now see a ‘Usage’ column in the OpenPGP Keyring manager, allowing you to see at a glance what each key you have can be used for when building out your PGP workflows within EFT:
Cloud Storage Virtual Folders
In previous versions of EFT, you could always map a virtual folder to local or network storage locations. As of 8.0.6, you now also have the ability to directly map a virtual folder within the VFS to a cloud storage location.
Right now, EFT supports Amazon S3 (and S3 compatible), Azure blob, and Azure Data Lake cloud storage and all of these can be used with this new cloud virtual folders feature, either utilising your existing connection profiles, or by manually defining the storage options per virtual folder.
This can be a really powerful tool for giving users easy access to a shared folder on an Azure or Amazon S3 storage location, they don’t ever need to touch the interfaces for those storage accounts as a cloud virtual folder simply shows up like any other folder, be that in the web transfer client or via your SFTP client of choice.
However, the most powerful part of this change means that you can now have a virtual folder mapped to your cloud storage which can then be used for users’ home folders.
Secure Send Triggers & Variables
EFT’s secure send options, including the handy ‘Drop Off Portal’, get an automation power boost in this latest release; you can now trigger event rules based on various Secure Send events. For example, you could take action based on a secure message being sent, or before the attachments from a secure message are downloaded.
You can refine what actions will be taken based on a new range of conditions, including which portal the secure message was initiated from:
Combined with thew new secure send variables you have a lot of power to automate around secure messaging within EFT.
Should You Upgrade?
If you use OpenPGP, work with the secure send portals a lot, or have a requirement for TLS 1.3 support from your security team then you should upgrade to 8.0.6 as the new features will give you an overall improved experience.
There’s no real urgency for other users to upgrade, but we generally advise to have a good plan in place to upgrade to the latest software versions within a reasonable timeframe.
Have More Questions?
If you have any questions about the upgrade, please don’t hesitate to get in touch with us via email@example.com or just give us a call.
Globalscape EFT version 8.0.4 release
How does this work?
Now that Powershell is an integral part of an event rule (since 8.0), you have the ability to send the logging from the Powershell parts of an event rule into separate dedicated logs.
On the subject of Event Rules, there have been some improvements in optimising folder monitors. AWE tasks, which are now kept in the SQL Lite configuration database, can be exported into legacy file paths, which is useful if you routinely backup your rules. Also, the Event Rule import/exports have been set to JSON format. It is increasingly common in EFT to make use of JSON for configuration, as a precursor to improving the functionality of the REST API.
The REST API
Should you upgrade?
Globalscape release EFT 2020
GDPR features have been added to the Advanced Security Module (ASM) for EFT Enterprise and the Express Security Module (ESM) for Express.
The focus has been embedding compliance options into the application and giving administrators a clear overview of where they comply and with what article of GDPR. EFT sites now have a ‘web’ tab with a GDPR & DPIA section, this lists all relevant articles and lets administrators enter how they comply. Upon completing this a report can be run that will provide a risk score along with a breakdown of how that was calculated.
The changes to EFT Event Rules mean that more processes can be handled within the rules themselves, rather than having to call an advanced workflow. The primary changes that affect this are the new variable, sub routine and PowerShell actions.
Sub routines are created like a regular event rule. When creating just specify sub routine as the trigger and these can then be called upon from a task. This can be useful for triggering another event if an action fails and overall providing better interoperability between your rules.
The PowerShell action allows custom scripts to be executed and has the ability to use and set variables within EFT, expanding the functionality and customisability of event rules greatly.
Event Rules apply for all for Enterprise users, and Express users with the File Transfer Client.
Auditing and Reporting Module
Another focus of improvement has been the auditing and reporting. Globalscape have optimised the generation of reports by adjusting the logic used as well as the EFT database structure. They’ve also increased the scope by adding new reports that can be generated.
Web Transfer Client
Finally, the Web Transfer Client has been completely reworked, providing not just a visual update but also improved performance and functionality to provide a better user experience. The Web Transfer Client is part of the base licence for Enterprise or HTTPS users for Express.
All these changes within EFT 2020 combine to provide the administrator with greater control and overview of their EFT installation, making for an easier system to both manage and maintain.
Globalscape EFT 7.4.13 release
Security & Compliance
Keeping EFT’s Web Transfer Client (WTC) and Workspaces communications secure means staying current with constantly evolving security standards. These standards often impact things behind the scenes, which customers typically don’t notice until there’s either been a breach, or a security scan flags it. Some of the improved behind the scenes security includes better Cross Site Request Forgery (CSRF) mitigation, secured session cookies, enhanced Cache-control directives, and improved HTTP Strict Transport Security (HSTS) directives.
Authentication & Authorisation
Globalscape EFT 7.4.11 release
Treat missing remote file(s) as success
To turn on this feature, simply tick the new option box on the bottom of the “Source File Path” dialog of the Download Action Wizard.
EFT Enterprise Windows Performance Counters
These counters include:
- ARM queue size
- Workspaces Drop-off Licences Used
- Workspaces Normal Licences Used
- Workspaces Licences Available
- Active Client Upload or Download Bytes per Second
- Connected user Count
- Number of running AWE Actions
- Number of running Event Rules.
Useful ways to use this feature might include tracking your available Workspaces licences and triggering an alert when you are running low. Or monitoring how many event rules you have running. If you have an HA system (multiple servers) with a lot running on one server, you can balance the load. If you have a single system and see large spikes at certain times, you can spread the rules out, or choose to go HA.
SFTP FIPS accreditation update
Upload and download folders in the Web Transfer Client (WTC)
Some customers have asked how the WTC relates to the Workspaces Module. The WTC is part of the web interface for EFT and allows users to upload and download files in EFT using just a Web Browser. This means you don’t need to use a File Transfer client such as WinSCP, FileZilla or CuteFTP. From versions 7.4.2 onwards, there are an unlimited number of WTC client licences included with the HTTPS on EFT Express, and in the base product for EFT Enterprise.
Workspaces use the functionality in the WTC to enable file links and sharing of files, but it is licensed separately. The licence count is based on the number of users who can create a workspace OR send a file link via the webpage or the Outlook plugin. Users who upload / download or receive an invite to a workspace do not consume any workspace licences. In addition, the drop-off portal for Workspaces consumes a licence each time someone sends a file into the system. Drop-off licences are re-cycled when the uploaded files expire and are removed from the system.
How to upgrade to EFT 7.4.11
If you are running an older version, then the process is more complicated. Pro2col will need to supply intermediate versions to get you to 7.4.7 or later.
New licence keys are required if you upgrade from version 6.x up to version 7.0 or later. To obtain your licence keys please contact Pro2col.
For versions earlier than 7.2, you should upgrade in two version steps. So, for example, version 6.4 should go to 7.0, onto 7.2 and then onto 7.4. Version 6.5 should go to 7.1, onto 7.3 and finally up to 7.4.
At version 7.3.6, support for Windows 2008 was removed and Windows 2016 was added as a supported OS. This means that if your server is running Windows 2008, you should consider either upgrading it to Windows 2012 R2 or Windows 2016, or migrating the installation to a server running the newer OS.
Migrating EFT onto a new server is a more complicated process and will involve backing up essential configuration files, installing the same version on the newer server, restoring the configuration and then stepping though the upgrades in order.
Migrating to a newer server has additional benefits, including being able to leverage some of the OS’s underlying features, such as improvements to the Encrypted File System, support for later security standards (Windows 2008 R2 is the earliest version of Windows to support TLS 1.2), etc. It also minimises the need for downtime as all work can take place on the new server while customers continue to work against the old server until the switchover can take place.
Migrating servers will require new activations of the EFT software and its modules, as these are stored as a part of the server’s registry. Pro2col can arrange this in advance of any work carried out to help minimise disruption to your service.
Globalscape EFT version 7.4.7 release
Today (15th May 2018) Globalscape release EFT 7.4.7. It is the most significant upgrade to the EFT product suite in some time, and users will benefit from a range of technical enhancements. You will find a summary of the key information below, which includes changes to AWE, Workspaces and more, plus name changes.
- EFT Server, sometimes known as EFT SMB, has been renamed EFT Express. This is to reflect the easy, fast, lightweight nature of deployment and administration.
- The EFT Enterprise name is unchanged.
- For EFT Express (SMB), the High Security Module (HSM) is now called the Express Security Module (ESM).
- For EFT Enterprise the High Security Module (HSM) is now called the Advanced Security Module (ASM), and incorporates Content Integrity Control (CIC) for ICAP integration and the Advanced Authentication Module (AAM) for multi-factor authentication.
- The standard support package is now called Professional and the Platinum support package is now called Premier. There are other changes to the support packages, including two new levels of support. We will be in touch in advance of your renewal to go through these options.
Advanced Workflow Engine (AWE)
AWE has been upgraded to increase functionality including:
- The ability to integrate with Exchange Online, SharePoint (2007 to online), PowerShell scripts, VMware hosts, OpenDocument Spreadsheets and many more.
- Cloud support is included, allowing communication with Amazon services such as S3, RDS, EC2 and DynamoDB. Microsoft Azure support for BlobStorage and the ability to talk to Dynamics CRM is also included.
- Existing processes / workflows built using the AWE module will continue to work, but if you have any problems please contact support.
The Workspaces module has been enhanced in most upgrades over the last few years. The 7.4.7 release brings several further new features:
- Now you can blacklist domains, which allows system administrators to prevent data being shared with certain domains, such as gmail.com.
- The account verification process has been streamlined to make signing up to a workspace more ergonomic.
- There are additional options to make use of Outlook encryption and security signing functionality.
- Captchas can be enabled on the drop off portal without needing to use the Google captcha.
- The long awaited ability to attach a file to an email notification in an event rule is now in place. This means you can attach log files or reports.
- Finally, you can now remotely administer your server from the outside world by connecting through the DMZ Gateway.
Globalscape EFT 7.4.5 release
You’ll be pleased to know that EFT 7.4.5 is now available, including enhancements to existing modules and two new ones. We recommend you upgrade as soon as possible.
New modules and enhancements
7.4.5 includes enhancements to Workspaces and Insight, plus two new modules you can purchase (EFT Enterprise only):
- The Remote Agent Module (RAM) allows organisations to perform unattended file transfers between remote locations and corporate headquarters with centralised control.
- The Cloud Connector Module (CCM) gives IT admins a way to securely support data transfers to and from cloud storage or containers like Amazon S3 or Microsoft Azure.
Globalscape’s Vice-President of Software Engineering Gregory Hoffer explains enhancements and new modules in EFT 7.4.5. This was filmed at the recent user group event in London.
EFT 7.2 approaching End of Life
Having been with us since October 2015, the time has finally come to say goodbye to EFT 7.2. It goes fully out of support on 27 October 2017. After this, you’ll only be able to access support through professional services.
If you’re currently using EFT 7.2 we recommend you update it as soon as possible; either to version 7.3 or the newly released 7.4. Read our previous Top Tip Globalscape EFT version 7.4 brings new functionality for more details.
Globalscape EFT Version 7.4 upgrades directly from versions 7.2 or 7.3. However, if you have an earlier version, you will need to upgrade to 7.2 or 7.3 first. You can download the update from the Globalscape support site.
There are some potential problem areas that you should be aware of when upgrading:
- 7.2, 7.3 and 7.4 have multiple changes to licensing, typically around WTC licensing. This can crop up if the user does not upgrade to the latest 7.4.
- If ARM is installed, then it MUST be working and available during the EFT install.
- If it is using Windows authentication for the SQL source, then the upgrade must be performed by the EFT Service Account.
- There must not be any .SQL files in the EFT config folder.
- If the user account does not have permissions to update the database, then a manual process to update the database structure is needed before ARM would work.
- Active/Active and Active Passive clusters must be upgraded in a specific order and there is a period of downtime until all nodes are upgraded.
- Some Extra Registry entries are added, which users should be aware of before running the upgrades.
- If you are attempting to migrate SMB you MUST stop the EFT server before attempting to copy FTP.CFG file as this is written as the service stops.
If you have any questions or would like assistance in upgrading your system, please contact the support team or email your sales representative.
Globalscape version 7.4 brings new functionality
Globalscape EFT Version 7.4 is the latest release across SMB and Enterprise. It includes new functionality, over 20 enhancements and 50 fixes.
Most of these are minor, but here are some to look out for that will make your life easier using Globalscape EFT Version 7.4.
When you stop an EFT server, it terminates all connections and running event rules. This can cause issues with part transfers. Using drain mode in Globalscape EFT Version 7.4 will allow you to block new connections and prevent event rules from triggering. This means you can bring the server down more cleanly. In drain mode all existing connections continue as normal until they disconnect. The system only completely stops when all connections have finished.
Save event rule transfer logs to ARM Help with troubleshooting
Event rules generate detailed log files when they attempt to connect to a remote host. These logs are especially useful for troubleshooting connection errors in event rules. They are saved to a separate table in the ARM database and you can use custom reports to retrieve this data. Be aware that if you do include the failed TED logs, your database growth rate will increase significantly. This could have implications for servers running SQL Express, which limits databases to 10GB. If your database is approaching this size, you may need a database purge. Contact the support team for assistance with this.
Web Transfer Client access is now included with HTTP/S
Globalscape have included the Web Transfer Client license as a part of the HTTPS module. This reduces the administrative burden on assigning web transfer clients directly to users. It should mean you can access the WTC when you access the HTTPS interface, unless you have had it explicitly removed.
Globalscape have improved workspaces functionality with almost every release for the last year. The Globalscape EFT Version 7.4 additions are a drop-off and reply portal. The Drop-off portal is an “open” web page allowing external users to send files into your organisation using an internal user’s email address. You can add protection against malicious use through a captcha. Domain name restrictions can limit recipients to only internal email addresses.
You can also add a reply button on message notifications and pickup web pages. This means the recipient can send a file or comment back to the initial sender, allowing for two-way file communications.
Other minor additions include some configuration changes: You can create all Workspaces external users in a specified User Settings Template, as opposed to the default template.
Upgrading from 6.x up to EFT 7.3x
In essence, we take a copy of your config and apply it to a temporary server running the same version of EFT as your current system. On this temporary system, we run some basic tests and then upgrade the system through the intermediary versions, up to the final version.
Once the software is at its final version, the config can be exported and moved to a freshly prepared server, running the latest version of EFT. This process also allows you to upgrade the server OS to a later, more supportable version and can enable you to move from physical to virtual servers at the same time if desired. This is even more important as the latest versions of EFT are no longer supported on Windows 2008 or earlier.
Areas for consideration include:
There have been several licence model changes in version 7 EFT at various stages. In some cases, your old licence keys may not work. We need to arrange for new format licence.
Maintenance and Support
Many of the systems we come across have lapsed support contracts. Before you can start this process, you will need to have a valid support contract and Pro2col can assist with setting this up for you.
Auditing and Reporting Database
If you are using the ARM database, additional steps will be needed to upgrade the database format and version so that it is compatible with the new version of EFT.
Health Checks and Consolidation
If the system is several years old and uses event rules, these should be reviewed. The business process may have changed making the workflow redundant or the new functionality may provide a more efficient methodology. Consolidating rules, cleaning up of unused accounts and removing sites which are no longer needed can make the whole upgrade process smoother and leave the final system in a much healthier state.
Operating System and Hardware Upgrades
With such a major change to your EFT solution, it may be a good time to upgrade the operating system for your server and even moving from Physical servers to Virtual servers. Pro2col would always recommend an operating system update and with some OS’s being many years old and either out of support or approaching the EOL dates with Microsoft.