LF

The Latest Globalscape EFT Versions

#37 TOP TIP
This top tip focuses on the latest Globalscape EFT releases. Written by our expert technical team, it goes through key enhancements in each new Globalscape EFT version. This will help Globalscape users determine the best time to upgrade to the most recent EFT version.

Globalscape EFT version 8.0.4 release

Globalscape have released version 8.0.4 of the EFT application and it brings with it a number of changes that make upgrading worthwhile.

Event Rules

First, it’s worth mentioning that Globalscape have continued to improve Event Rule functionality to match that of the Advanced Workflow Engine (AWE). To this end, they have added the ability to create datasets in Event Rules using actions:

How does this work?

You can see two ways of loading the dataset – as a ‘get listing from host’ process, or by importing a CSV file. You can then process this dataset one line at a time, treating each line as a unique variable. For example, to perform an action against every file in a local folder, you can do this:
You’ll also notice that in the list of available actions there is a loop break that you can reach out to if required. You might also notice that you can export the results of a dataset into a CSV file. Want to send someone a list of files that are in a folder? With this upgrade, it’s easily achievable. Potentially, you can export to CSV, modify the CSV with a Powershell step, then read back from the CSV to process the content in some way.

Now that Powershell is an integral part of an event rule (since 8.0), you have the ability to send the logging from the Powershell parts of an event rule into separate dedicated logs.

On the subject of Event Rules, there have been some improvements in optimising folder monitors. AWE tasks, which are now kept in the SQL Lite configuration database, can be exported into legacy file paths, which is useful if you routinely backup your rules. Also, the Event Rule import/exports have been set to JSON format. It is increasingly common in EFT to make use of JSON for configuration, as a precursor to improving the functionality of the REST API.

 

The REST API

The REST API has been improved to include extra endpoints for user configuration (list create, modify etc) and server status (number of connections, sites and actual performance metrics). Security around the permissions to use the REST API have been tightened a little so you can restrict the level of access administrators have when connecting via REST API.

Security

From a security perspective, EFT has been updated to use OpenSSL 1.0.2u and the supported cipher list has been updated. You can enable some of the less secure ciphers if required. EFT will warn you if you do, so the risk of accidentally reducing your security is minimised. This does however address issues that some users encountered when EFT first moved from Bitvise libraries. There is no new SSH library, although when you create a new key, you can now select from RSA (previously the only option), DSA, ECDSA and ED25519. Key lengths have been ‘moved up’ – support for 1024 has been dropped, but 8192 has been added.

Workspaces

Workspaces has some new functions and features, the most interesting being the introduction of two factor authentication via SMS (or email if preferred), and the inclusion of a history log.

Upload forms

By far the most important component of the new release is the introduction of upload forms. This allows you to create a form for users to complete when they upload files using the Web Transfer Client. The form is very simple to build, and can be used to request metadata when uploading files. This is achieved by adding text fields (strings or multistrings), dropdowns, radio buttons and toggles, as per this example:
There is no specific URL for the form, it is simply called by the WTC when an end user attempts an upload. Therefore it makes sense to restrict each form to certain groups to be sure that the correct form is used when a user uploads a file.
All the fields you add to the form are exposed as variables in an event rule, allowing you to access them as metadata.

Should you upgrade?

This is quite a major release for Globalscape in terms of the functionality it provides in security, Event Rules and Web Transfer Client/Workspaces. Our recommendation is to upgrade to this version at your earliest convenience.

We’re here for you!

Expert EFT consultancy and support in your time zone.
Let us help you make the most out of your EFT software.

Globalscape release EFT 2020

With the release of EFT 2020 comes an array of new features with a primary focus on GDPR compliance as well as enhancements to auditing & reporting, extended functionality for event rules and a reworked Web Transfer Client.

GDPR

GDPR features have been added to the Advanced Security Module (ASM) for EFT Enterprise and the Express Security Module (ESM) for Express.

The focus has been embedding compliance options into the application and giving administrators a clear overview of where they comply and with what article of GDPR. EFT sites now have a ‘web’ tab with a GDPR & DPIA section, this lists all relevant articles and lets administrators enter how they comply. Upon completing this a report can be run that will provide a risk score along with a breakdown of how that was calculated.

Event Rules

The changes to EFT Event Rules mean that more processes can be handled within the rules themselves, rather than having to call an advanced workflow. The primary changes that affect this are the new variable, sub routine and PowerShell actions.

As you would expect, the new variable action lets you create/set your own variables within event rules, these can be utilised so adjustments to rules are much easier to implement and these variables can also be passed to sub routines.

Sub routines are created like a regular event rule. When creating just specify sub routine as the trigger and these can then be called upon from a task. This can be useful for triggering another event if an action fails and overall providing better interoperability between your rules.

The PowerShell action allows custom scripts to be executed and has the ability to use and set variables within EFT, expanding the functionality and customisability of event rules greatly.

Event Rules apply for all for Enterprise users, and Express users with the File Transfer Client.

Auditing and Reporting Module

Another focus of improvement has been the auditing and reporting. Globalscape have optimised the generation of reports by adjusting the logic used as well as the EFT database structure. They’ve also increased the scope by adding new reports that can be generated.

Web Transfer Client

Finally, the Web Transfer Client has been completely reworked, providing not just a visual update but also improved performance and functionality to provide a better user experience. The Web Transfer Client is part of the base licence for Enterprise or HTTPS users for Express.

All these changes within EFT 2020 combine to provide the administrator with greater control and overview of their EFT installation, making for an easier system to both manage and maintain.

Globalscape EFT 7.4.13 release

Globalscape have announced the release of EFT 7.4.13. This new version introduces several security and compliance related enhancements, while also improving performance, compatibility, collaboration, and automation capabilities.

Security & Compliance

Protecting data at rest is a critical component for secure and managed file transfer solutions. In EFT 7.4.13 Globalscape have introduced “Encrypted Folders” – a new technology that automatically and transparently encrypts or decrypts data in designated encrypted folders, even network shares. By not requiring key pairs, Encrypted Folders eliminates PCI compliance hurdles and reduces complexity normally involved in key management, while also delivering the data-at-rest security that customers require.

Keeping EFT’s Web Transfer Client (WTC) and Workspaces communications secure means staying current with constantly evolving security standards. These standards often impact things behind the scenes, which customers typically don’t notice until there’s either been a breach, or a security scan flags it. Some of the improved behind the scenes security includes better Cross Site Request Forgery (CSRF) mitigation, secured session cookies, enhanced Cache-control directives, and improved HTTP Strict Transport Security (HSTS) directives.

Compatibility

Updating security standards also means ensuring any dependencies EFT relies upon are also up-to-date. In EFT 7.4.13 Globalscape have updated the OpenSSL library to 1.0.2q, and the OpenSSH-derived library to 7.9.0.0. These newer libraries address bugs and security vulnerabilities and are a great reason to upgrade to this latest EFT version. Globalscape have also updated EFT’s database connectivity drivers, allowing it to communicate with SQL over more secure protocols (TLS 1.1 or 1.2), and have officially tested EFT against Windows Server 2019, which has been added to the list of supported operating systems.

Automation

Managing user accounts often involves launching the EFT Admin GUI and performing the action directly, such as temporarily disabling a user’s account. The alternative was to write script and leverage EFT’s COM calls to perform said actions. EFT 7.4.13 introduces a new top-level action to Event Rules called “User Account”. This action lets administrators automate and streamline common user management actions, such as locking, banning, kicking (disconnecting them), or even deleting users directly from within EFT’s event rules.

Performance

EFT’s Disk Quota feature is used by organisations to prevent the misuse of resources. For this latest EFT version, Globalscape have revamped the logic for the Disk Quota system in order to improve performance, even when there are many users and folders. Now the amount of free space is determined when a user first logs in to an EFT session, rather than upon startup, which vastly improves EFT startup performance.

Authentication & Authorisation

SAML has become a popular feature for customers, as it allows for both federated identity management (a centralised service with authentication and on occasion, access controls), and a Single-Sign-On (SSO) experience, where users sign on once to the identify provider (IdP), and they then leverage other services, including EFT’s WTC, without having to re-type their credentials. EFT 7.4.13 has support for a process often referred to as “Just in time” (JIT) provisioning. Under normal SAML/SSO, once the IdP informs EFT that a connecting user is “authorized”, EFT has to perform a second lookup to an LDAP or similar director to obtain what it needs to then provision the user within EFT. With JIT enabled, EFT doesn’t need to perform this second step. As long as the IdP authenticates the connection request, EFT will automatically create the user and place that user within a designated Settings Template. Subsequently the user can perform the operations that are permitted by that template, subject to file and folder permissions for associated permission groups. JIT provisioning further streamlines an already streamlined process, creating a SSO, SAML, and JIT authentication trifecta.

Globalscape EFT 7.4.11 release

One of our most common inquiries on the support desk is from users wanting help upgrading their EFT system. Now EFT 7.4.11 is available, we thought it was a good opportunity to remind everyone of the process. We’ll also take a look at the key features of the new release, which we’ve spent some time testing.

EFT 7.4.11

Last month Globalscape released the latest version of EFT Enterprise and Express, 7.4.11. This is not a major release, but there are some interesting new features that have been added in response to customer feedback.

Treat missing remote file(s) as success

Download Event Rules no longer fail if there is nothing to collect from the remote server. This was a major bugbear for several customers. For example, users polling a remote server every 15 minutes for a file would receive a failure notification each time the file wasn’t there. Before this feature, the only way to prevent “false” failure notifications was to call a local script to do the download, or to call an AWE Process. These were not efficient in the way resources were used and put a disproportionate load on the server.

To turn on this feature, simply tick the new option box on the bottom of the “Source File Path” dialog of the Download Action Wizard.

EFT Enterprise Windows Performance Counters

If you are running EFT Enterprise, then EFT can now output over 20 different metrics directly to windows PerfMon. These can be monitored by any number of systems and you can configure a single instance of Perfmon to monitor multiple servers. This allows you to see the metrics from all systems in a cluster on a single graph.

These counters include:

  • ARM queue size
  • Workspaces Drop-off Licences Used
  • Workspaces Normal Licences Used
  • Workspaces Licences Available
  • Active Client Upload or Download Bytes per Second
  • Connected user Count
  • Number of running AWE Actions
  • Number of running Event Rules.

Useful ways to use this feature might include tracking your available Workspaces licences and triggering an alert when you are running low. Or monitoring how many event rules you have running. If you have an HA system (multiple servers) with a lot running on one server, you can balance the load. If you have a single system and see large spikes at certain times, you can spread the rules out, or choose to go HA.

SFTP FIPS accreditation update

Previous versions of EFT used SSH algorithms that were FIPS accredited back in 2008. As new and more secure algorithms became available, these were added to EFT. Users could enable them, but not if they were using the strict FIPS 140-2 compliance mode. As of version 7.4.11, the FIPS compliant module has been re-accredited using all the latest standards. This means FIPS compliant solutions can leverage longer keys and better encryption standards.

Upload and download folders in the Web Transfer Client (WTC)

Many people had assumed this was built into the WTC, but actually uploading folders was not possible on previous versions. Now you can simply drag a folder onto the WTC session and all files in the folder structure will be uploaded and the folder structure preserved.

Some customers have asked how the WTC relates to the Workspaces Module. The WTC is part of the web interface for EFT and allows users to upload and download files in EFT using just a Web Browser. This means you don’t need to use a File Transfer client such as WinSCP, FileZilla or CuteFTP. From versions 7.4.2 onwards, there are an unlimited number of WTC client licences included with the HTTPS on EFT Express, and in the base product for EFT Enterprise.

Workspaces use the functionality in the WTC to enable file links and sharing of files, but it is licensed separately. The licence count is based on the number of users who can create a workspace OR send a file link via the webpage or the Outlook plugin. Users who upload / download or receive an invite to a workspace do not consume any workspace licences. In addition, the drop-off portal for Workspaces consumes a licence each time someone sends a file into the system. Drop-off licences are re-cycled when the uploaded files expire and are removed from the system.

Other updates

EFT version 7.4.11 also includes the usual raft of fixes and minor functional improvements. Full details can be found in the release notes at https://www.globalscape.com/enhanced-file-transfer-eft-version-history

How to upgrade to EFT 7.4.11

If you are running version 7.2 or 7.3, then the upgrade process is quite straightforward. Please note that both of these versions are now End of Life as of August 2018. Pro2col would recommend running at least version 7.4.7 and – if possible – going up to 7.4.11. The latest version of EFT can be downloaded from https://www.globalscape.com/support.

If you are running an older version, then the process is more complicated. Pro2col will need to supply intermediate versions to get you to 7.4.7 or later.

New licence keys are required if you upgrade from version 6.x up to version 7.0 or later. To obtain your licence keys please contact Pro2col.

For versions earlier than 7.2, you should upgrade in two version steps. So, for example, version 6.4 should go to 7.0, onto 7.2 and then onto 7.4. Version 6.5 should go to 7.1, onto 7.3 and finally up to 7.4.

At version 7.3.6, support for Windows 2008 was removed and Windows 2016 was added as a supported OS. This means that if your server is running Windows 2008, you should consider either upgrading it to Windows 2012 R2 or Windows 2016, or migrating the installation to a server running the newer OS.

Migrating EFT onto a new server is a more complicated process and will involve backing up essential configuration files, installing the same version on the newer server, restoring the configuration and then stepping though the upgrades in order.

Migrating to a newer server has additional benefits, including being able to leverage some of the OS’s underlying features, such as improvements to the Encrypted File System, support for later security standards (Windows 2008 R2 is the earliest version of Windows to support TLS 1.2), etc. It also minimises the need for downtime as all work can take place on the new server while customers continue to work against the old server until the switchover can take place.

Migrating servers will require new activations of the EFT software and its modules, as these are stored as a part of the server’s registry. Pro2col can arrange this in advance of any work carried out to help minimise disruption to your service.

Globalscape EFT version 7.4.7 release


Today (15th May 2018) Globalscape release EFT 7.4.7. It is the most significant upgrade to the EFT product suite in some time, and users will benefit from a range of technical enhancements. You will find a summary of the key information below, which includes changes to AWE, Workspaces and more, plus name changes.

Name changes

 

  • EFT Server, sometimes known as EFT SMB, has been renamed EFT Express. This is to reflect the easy, fast, lightweight nature of deployment and administration.
  • The EFT Enterprise name is unchanged.
  • For EFT Express (SMB), the High Security Module (HSM) is now called the Express Security Module (ESM).
  • For EFT Enterprise the High Security Module (HSM) is now called the Advanced Security Module (ASM), and incorporates Content Integrity Control (CIC) for ICAP integration and the Advanced Authentication Module (AAM) for multi-factor authentication.
  • The standard support package is now called Professional and the Platinum support package is now called Premier. There are other changes to the support packages, including two new levels of support. We will be in touch in advance of your renewal to go through these options.

Technical enhancements

We have summarised the key technical enhancements, and you can see a full list at https://www.globalscape.com/enhanced-file-transfer-eft-version-history.

 

Advanced Workflow Engine (AWE)

AWE has been upgraded to increase functionality including:

  • The ability to integrate with Exchange Online, SharePoint (2007 to online), PowerShell scripts, VMware hosts, OpenDocument Spreadsheets and many more.
  • Cloud support is included, allowing communication with Amazon services such as S3, RDS, EC2 and DynamoDB. Microsoft Azure support for BlobStorage and the ability to talk to Dynamics CRM is also included.
  • Existing processes / workflows built using the AWE module will continue to work, but if you have any problems please contact support.

Workspaces improvements

The Workspaces module has been enhanced in most upgrades over the last few years. The 7.4.7 release brings several further new features:

  • Now you can blacklist domains, which allows system administrators to prevent data being shared with certain domains, such as gmail.com.
  • The account verification process has been streamlined to make signing up to a workspace more ergonomic.
  • There are additional options to make use of Outlook encryption and security signing functionality.
  • Captchas can be enabled on the drop off portal without needing to use the Google captcha.

Other improvements

  • The long awaited ability to attach a file to an email notification in an event rule is now in place. This means you can attach log files or reports.
  • Finally, you can now remotely administer your server from the outside world by connecting through the DMZ Gateway.

Globalscape EFT 7.4.5 release

You’ll be pleased to know that EFT 7.4.5 is now available, including enhancements to existing modules and two new ones. We recommend you upgrade as soon as possible.

New modules and enhancements

7.4.5 includes enhancements to Workspaces and Insight, plus two new modules you can purchase (EFT Enterprise only):

  • The Remote Agent Module (RAM) allows organisations to perform unattended file transfers between remote locations and corporate headquarters with centralised control.
  • The Cloud Connector Module (CCM) gives IT admins a way to securely support data transfers to and from cloud storage or containers like Amazon S3 or Microsoft Azure.

Globalscape’s Vice-President of Software Engineering Gregory Hoffer explains enhancements and new modules in EFT 7.4.5. This was filmed at the recent user group event in London.

EFT 7.2 approaching End of Life

Having been with us since October 2015, the time has finally come to say goodbye to EFT 7.2. It goes fully out of support on 27 October 2017. After this, you’ll only be able to access support through professional services.

If you’re currently using EFT 7.2 we recommend you update it as soon as possible; either to version 7.3 or the newly released 7.4. Read our previous Top Tip Globalscape EFT version 7.4 brings new functionality for more details.

Globalscape EFT Version 7.4 upgrades directly from versions 7.2 or 7.3. However, if you have an earlier version, you will need to upgrade to 7.2 or 7.3 first. You can download the update from the Globalscape support site.

There are some potential problem areas that you should be aware of when upgrading:

  • 7.2, 7.3 and 7.4 have multiple changes to licensing, typically around WTC licensing. This can crop up if the user does not upgrade to the latest 7.4.
  • If ARM is installed, then it MUST be working and available during the EFT install.
  • If it is using Windows authentication for the SQL source, then the upgrade must be performed by the EFT Service Account.
  • There must not be any .SQL files in the EFT config folder.
  • If the user account does not have permissions to update the database, then a manual process to update the database structure is needed before ARM would work.
  • Active/Active and Active Passive clusters must be upgraded in a specific order and there is a period of downtime until all nodes are upgraded.
  • Some Extra Registry entries are added, which users should be aware of before running the upgrades.
  • If you are attempting to migrate SMB you MUST stop the EFT server before attempting to copy FTP.CFG file as this is written as the service stops.

If you have any questions or would like assistance in upgrading your system, please contact the support team or email your sales representative.

Globalscape version 7.4 brings new functionality

Globalscape EFT Version 7.4 is the latest release across SMB and Enterprise. It includes new functionality, over 20 enhancements and 50 fixes.

Most of these are minor, but here are some to look out for that will make your life easier using Globalscape EFT Version 7.4.

Drain mode

When you stop an EFT server, it terminates all connections and running event rules. This can cause issues with part transfers. Using drain mode in Globalscape EFT Version 7.4 will allow you to block new connections and prevent event rules from triggering. This means you can bring the server down more cleanly. In drain mode all existing connections continue as normal until they disconnect. The system only completely stops when all connections have finished.

Save event rule transfer logs to ARM Help with troubleshooting

Event rules generate detailed log files when they attempt to connect to a remote host. These logs are especially useful for troubleshooting connection errors in event rules. They are saved to a separate table in the ARM database and you can use custom reports to retrieve this data. Be aware that if you do include the failed TED logs, your database growth rate will increase significantly. This could have implications for servers running SQL Express, which limits databases to 10GB. If your database is approaching this size, you may need a database purge. Contact the support team for assistance with this.

Web Transfer Client access is now included with HTTP/S

Globalscape have included the Web Transfer Client license as a part of the HTTPS module. This reduces the administrative burden on assigning web transfer clients directly to users. It should mean you can access the WTC when you access the HTTPS interface, unless you have had it explicitly removed.

Workspaces improvements

Globalscape have improved workspaces functionality with almost every release for the last year. The Globalscape EFT Version 7.4 additions are a drop-off and reply portal. The Drop-off portal is an “open” web page allowing external users to send files into your organisation using an internal user’s email address. You can add protection against malicious use through a captcha. Domain name restrictions can limit recipients to only internal email addresses.

You can also add a reply button on message notifications and pickup web pages. This means the recipient can send a file or comment back to the initial sender, allowing for two-way file communications.

Other minor additions include some configuration changes: You can create all Workspaces external users in a specified User Settings Template, as opposed to the default template.

Upgrading from 6.x up to EFT 7.3x

We are increasingly coming across old EFT systems which are running on old physical servers and out of date software. In many cases, these solutions are also out of maintenance.   We have streamlined a process to get you from your old EFT system up to the latest EFT, whilst leaving the original system in tact so as to have minimal impact at switch over.

In essence, we take a copy of your config and apply it to a temporary server running the same version of EFT as your current system.   On this temporary system, we run some basic tests and then upgrade the system through the intermediary versions, up to the final version.

Once the software is at its final version, the config can be exported and moved to a freshly prepared server, running the latest version of EFT.   This process also allows you to upgrade the server OS to a later, more supportable version and can enable you to move from physical to virtual servers at the same time if desired.   This is even more important as the latest versions of EFT are no longer supported on Windows 2008 or earlier.

Areas for consideration include:

Licensing

There have been several licence model changes in version 7 EFT at various stages. In some cases, your old licence keys may not work.  We need to arrange for new format licence.

Maintenance and Support

Many of the systems we come across have lapsed support contracts. Before you can start this process, you will need to have a valid support contract and Pro2col can assist with setting this up for you.

Auditing and Reporting Database

If you are using the ARM database, additional steps will be needed to upgrade the database format and version so that it is compatible with the new version of EFT.

Health Checks and Consolidation

If the system is several years old and uses event rules, these should be reviewed. The business process may have changed making the workflow redundant or the new functionality may provide a more efficient methodology. Consolidating rules, cleaning up of unused accounts and removing sites which are no longer needed can make the whole upgrade process smoother and leave the final system in a much healthier state.

Operating System and Hardware Upgrades

With such a major change to your EFT solution, it may be a good time to upgrade the operating system for your server and even moving from Physical servers to Virtual servers. Pro2col would always recommend an operating system update and with some OS’s being many years old and either out of support or approaching the EOL dates with Microsoft.

We’re here for you!

Expert EFT consultancy and support in your time zone.
Let us help you make the most out of your EFT software.