The following questions and answers are provided to facilitate user/customer understanding of SFT.
- What is SFT?
- Does the service offering include a Disaster Recovery option?
- How do I get more information/documentation?
- When will I receive my logon credentials?
- What is a Delegated Administrator?
- I was transferring files just fine, now I cannot connect or log into the SFT system. What is the problem?
- How do I get help for things like resetting my password?
- How can I be notified of system upgrades and scheduled maintenance?
- When is maintenance performed on the SFT System?
- What secure protocols does the SFT Service support?
- Why can't we use plain old FTP?
- How long can the transferred files remain on the SFT servers?
- Is there a Transfer Log and how long is it kept?
- Can I log into my SFT account with a SSH key or X.509 certificate instead of a password?
- Are there upload/download limits on file size?
- Can I receive an email notification of an uploaded file intended for me?
- Do I need Secure File Transfer?
- What product is the Secure File Transfer service using?
SFT is a statewide shared service, providing a complete, secure, fully regulatory compliant (HIPAA, HITECH, FIPS 140, etc.), enterprise integration and consolidation solution for moving files and managing file transfers from clients and servers on Internet-connected , CGEN, private IP network or datacenter-hosted server to any other server or end user anywhere on any platform. Using standard secure protocols (such as FTPS, HTTPS, SFTP), and built on the industry leading SecureTransport™ product, the SFT Service moves files securely and reliably, not only replacing legacy FTP servers, tape systems and manual processes but also creating a platform for almost any file transfer application or automated process. In short, SFT can move files securely from any client, server or platform to any other anywhere.
When evaluating a solution for moving files (of almost any size) in a decentralized organization, the key factors to consider are 1) security, 2) reliability, 3) automation abilities and, 4) consolidation capabilities.
- The SFT service complies with all laws, regulations and best practices related to moving sensitive data, including HIPAA, HITECH, FIPS 140, GLB, SOX and others.
- Reliability means every step is taken to insure uninterrupted operation in the event of an unplanned outage. Our Secure File Transfer Service is built on a fully-redundant, highly-available Linux platform in an active/active configuration at the Data Center, a Tier III data center. Disaster recovery is available as an option at an additional cost.
- Whether your requirements include simple uploads and downloads using a web browser client or more complex and advanced automated capabilities involving multiple start & end points and platforms & protocols, SFT can meet your needs because the base system is built on the industry leading product SecureTransport™ from Axway Corporation (formerly Tumbleweed Communications). SecureTransport is known industry-wide not only as the leader in secure and manage file transfer, but as a development platform with comprehensive capabilities to automate almost any file transfer use case imaginable.
- SFT is not only the ideal platform for securely moving files for individual projects or applications, but for consolidating an entire department's file transfer methods into one solution. Shared-service features, like Delegated Administration, provide customer ownership without customer headache; rapid deployment without procurement; and customer peace of mind with full support for your Delegated Administrators from SFT staff.
Yes, SFT Disaster Recovery is available to all customers on an opt-in basis. Please contact your customer delivery representative for the current one-time setup cost and additional per-user monthly rate.
Information and Documentation
More information on the SFT Service, including Manuals and white papers, may be obtained from our SFT Documents page located under Resources
Typically, within 3 business days after you have completed the SFT Intake Form and your Service Request has been approved, SFT staff will complete the initial account setup and notify your technical contact (or delegated admin) of the logon credentials for your user accounts and delegated administrators.
The Delegated Administrator is the customer’s first line of user support. We delegate certain SFT user account administration tasks to the customer: password resets, unlocking user accounts, creating new user accounts, deleting user accounts, importing ssh keys and x.509 certificates, modifying or reconfiguring user accounts and requesting higher-level support from SFT staff. The SFT Intake Form is used to indicated the name and contact information of the customer’s delegated administrator. All delegated administrators receive hands-on training via remote console session or at the Training Center. The SFT Delegated Administrator's Manual is available on-line on the Documents tab in the SFT Administrators Console. You must be logged in as a Delegated Administrator to download the manual.
Unable to connect or log into SFT?
There are four possibilities:
- Your login name or password is incorrect. Please note both the login name and password are case-sensitive.
- Your account is locked out or disabled. Contact your Delegated Administrator who can unlock the account and reset the password.
- Your password has expired. Check for an expired password by logging into the SFT web interface: https://sft.ca.gov. If you see the password reset prompts, follow them to complete the password change process.
- The SFT Service is unavailable. Please check the SFT Service Status on the getsft homepage
Considerations for Automated Access:
Automated (scripted) login processes will result in source IP address blacklisting if a script tries and fails more than 100 login attempts in under 10 minutes. We blacklist to prevent denial of service (DOS) attacks, unintentional or deliberate.
To prevent your source IP from being blacklisted, include in your scripting code "failed login error checking." A maximum retry counter and/or a delay between retries (e.g. "sleep 10") are recommended.
If your source IP address has been blacklisted, contact your delegated administrator.
If your password has expired, but your script does not include statements to catch this condition, the likely result is an infinite loop which will, depending on how your code is written, either monopolize a single connection or consume all available connections. This behavior will be noted as a DOS and your IP address will be blacklisted and your account disabled. Again, add a retry counter to limit the amount of attempts, or check for this output:
Due to the potential impact on the SFT system, any account found to be in this password-expiration loop will be disabled. Contact your Delegated Administrator to have your account re-enabled. And, of course, fix your code so this does not happen again.
Furthermore, we highly recommend using SSH keys for authentication as this will avoid all password related authentication issues.
How to Reset Your Password
If you are an end user (you have an SFT account for transferring files), contact your Delegated Administrator within your organization. All SFT users have at least one delegated administrator who provides "help desk" services. The Service Desk will direct you back to your internal administrator if you call or email them by mistake. If you are one of the aforementioned delegated administrators and you require assistance with your SFT configuration or password, you should open a ticket with the Service Desk. The SFT team provides help services to delegated administrators only.
Delegated Administrator Notification LISTSERV
Customer delegated administrators and technical contacts are encouraged to subscribe to the SFT LISTSERV. You will be notified of scheduled maintenance, system upgrades, new services, etc. If you have not subscribed, you are invited to do so now: SFT LISTSERV.
SFT Maintenance Window
The SFT Maintenance Window is Sundays from 8:00 pm to 12:00 am (midnight). SFT operations rarely utilizes the maintenance window; however, if you have transfer jobs scheduled during this time, you may need to reschedule them in the event of a scheduled outage. As a courtesy to our customers, we will always notify Delegated Administrators via the SFT LISTSERV of any scheduled maintenance. If you are not currently subscribed to the SFT LISTSERV, please do so now. See Customer Notification List below for instructions.
Secure Protocol Support
Our Secure File Transfer (SFT) service supports the most popular and useful secure protocols: FTPS (FTP over SSL), SSH (SFTP and SCP), and HTTPS. The Axway list of supported clients is located on the Software page: Many other secure client software applications should work, but there may be compatibility issues requiring the use of vendor-supported clients only. We provide direct support for and resells the Axway Secure Client™.
Our Secure File Transfer service provides temporary file storage for file transfers. The SFT service is a file transfer service not a data storage service or solution; however, SFT can utilize customer-purchased storage to create transfer/storage solutions to meet any need.
The SFT service file retention policy stipulates that each file transferred to SFT will be retained on the system for a period of 14 days. Customers requesting retention periods in excess of 14 days may need to purchase storage at the current storage rates.
Transfer Log Retention Policy
Every transfer into and out of the SFT system generates a file tracking entry which is retained on the SFT system for a period of 30 days. Transfer logs are archived to disk for a period of 2 years. Transfer log entries ensure audit ability and compliance with government regulations such as HIPAA, SOX, GLBA, PCI and others. The system also generates an MDN receipt for each transfer.
Client (User Account) Authentication Methods
Yes, your user accounts can authenticate using certificates in lieu of, or in addition to, using a username & password. SFT supports client certificate authentication (either SSH keys or X.509 self-sign, CA-chained certificates).Client certificate authentication offers these advantages:
- No more lost or forgotten passwords.
- The ability to script or automate a transfer without having to embed a password in cleartext.
- Increased security - an attacker could potentially guess a weak password, but client certificates are practically failsafe.
File Size Limitations
Files uploaded or downloaded using a web browser are limited to 2GB in size (a limitation of the browser). Files of any size can be transferred with the Axway Secure Client™ or other 3rd-party clients. The only limit to file size is the remaining storage available in the SFT shared SAN pool. However, if your requirements include very large files (10GB or larger), you may be directed to purchase storage and dedicate it to your file transfer needs.
SFT can be set-up to automatically notify a user of various transfer events. The Delegated Administrator has the ability to adjust these email notification settings as needed.
Why Secure File Transfer and not just plain FTP?
The risks associated with transferring any sensitive data (medical, financial, SSNs, etc.) is too great to leave to unsecure, unmanged products or systems. SFT addresses regulatory compliance initiatives, such as Sarbanes-Oxley, Health Insurance Portability and Accountability Act (HIPAA), MHLW, EMEA and Gramm Leach-Bliley using standard secure protocols and encryption algorithms (3DES). SFT is a true enterprise shared service that not only provides full regulatory compliance but also the following features:
2) Managed transfers and reporting via web-based Admin Console;
3) Shared service usability, accessibility, reliability and economies of scale;
4) Delegated administration -- you manage your accounts, business units and applications as if the entire system was built for you;
5) Large file size transfers (a feature email services do not support);
6) Minimal resource commitment; and
7) Rapid deployment.
What product is the Secure File Transfer service using?
Secure File Transfer uses the industry-leading SecureTransport™ product, from the Axway Corporation (formerly Tumbleweed Communications), to provide multiple secure protocols, full regulatory compliance (HIPAA, GLBA, SOX, PCI, FIPS, etc.), secure and managed file transfers to State, County and local government customers and their business partners. Axway Corporation is positioned as a leader in Gartner Managed File Transfer Magic Quadrant.