The protocol bridge
The protocol bridge enables your Managed File Transfer (MFT) network to access files stored on a file server outside your MFT network, either in your local domain or a remote location. This file server can use the FTP, FTPS, or SFTP network protocols. Each file server needs at least one dedicated agent. The dedicated agent is known as the protocol bridge agent. A bridge agent can interact with multiple file servers.
The protocol bridge is available as part of the Service component of Managed File Transfer. We can have multiple dedicated agents on a single system running MFT that connect to different file servers.
We can use a protocol bridge agent to transfer files to multiple endpoints simultaneously. MFT provides a file called ProtocolBridgeProperties.xml that we can edit to define the different protocol file servers that we want to transfer files to. The fteCreateBridgeAgent command adds the details of the default protocol file server to ProtocolBridgeProperties.xml for you. This file is described in Protocol bridge properties file format.
We can use the protocol bridge agent to perform the following actions:- Upload files from the MFT network to a remote server using FTP, FTPS, or SFTP.
- Download files from a remote server, using FTP, FTPS, or SFTP, to the MFT network
Note: The protocol bridge agent
can support only FTP, FTPS, or SFTP servers that allow files to be
accessed by their absolute file path. If a relative file path is specified
in a transfer request, the protocol bridge agent will attempt to
convert the relative path into an absolute file path based on the
home directory used to login to the protocol server. Those protocol servers that allow access
to files based only on the current directory are not supported by
the protocol bridge agent.
The diagram shows two FTP servers, at different locations. The FTP servers are being used to exchange files with the Managed File Transfer agents. The protocol bridge agent is between the FTP servers and the rest of the MFT network, and is configured to communicate with both FTP servers.
Ensure that we have another agent in your MFT network in addition to the protocol bridge agent. The protocol bridge agent is a bridge to the FTP, FTPS, or SFTP server only and does not write transferred files to the local disk. To transfer files to or from the FTP, FTPS, or SFTP server we must use the protocol bridge agent as the destination or source for the file transfer (representing the FTP, FTPS, or SFTP server) and another standard agent as the corresponding source or destination.
When you transfer files using the protocol bridge, the bridge must have permission to read the source or destination directory containing the files we want to transfer. For example, if we want to transfer files from the directory /home/fte/bridge that has execute permissions (d--x--x--x) only, any transfers you attempt from this directory fail with the following error message:BFGBR0032E: Attempt to read filename from the protocol file server has failed with server error 550. Failed to open file.
Configure a protocol bridge agent
A protocol bridge agent is like a standard MFT agent. Create a protocol bridge agent by using the fteCreateBridgeAgent command. We can configure a protocol bridge agent using the ProtocolBridgeProperties.xml file, which is described in Protocol bridge properties file format. If we are using an earlier version, configure the agent using the specific protocol bridge properties described in Advanced agent properties. For all versions, we can also configure a credential mapping as described in Mapping credentials for a file server. After you have configured a protocol bridge agent for a particular protocol file server, we can then use that agent for that purpose only.
Protocol bridge recovery
If the protocol bridge agent is unable to connect to the file server because the file server is unavailable, all file transfer requests are queued until the file server becomes available. If the protocol bridge agent is unable to connect to the file server because the agent is using the wrong credentials, the transfer fails and the transfer log message reflects this error. If the protocol bridge agent is ended for any reason, all requested file transfers are retained and continue when the protocol bridge is restarted.
During file transfer, files are typically written as temporary files at the destination and are then renamed when the transfer is complete. However, if the transfer destination is a protocol file server that is configured as limited write (users can upload files to the protocol file server but cannot change those uploaded files in any way; effectively users can write once only), transferred files are written to the destination directly. This means that if a problem occurs during the transfer, the partially written files remain on the destination protocol file server and Managed File Transfer cannot delete or edit these files. In this situation, the transfer fails.
- Upgrading a protocol bridge agent to use the FTE V7.0.4.1 function
We can upgrade an existing protocol bridge agent that was created in WebSphere MQ File Transfer Edition Version 7.0.4 or earlier to use the newer WebSphere MQ File Transfer Edition Version 7.0.4, Fix Pack 1 function. This upgrade allows the agent to support multiple endpoints. - Defining properties for protocol file servers using the ProtocolBridgeProperties.xml file
Define the properties of one or more protocol file servers that we want to transfer files to and from using the ProtocolBridgeProperties.xml file, which is provided by Managed File Transfer in the agent configuration directory. - Looking up protocol file server properties: ProtocolBridgePropertiesExit2
If we have a large number of protocol file servers, we can implement the com.ibm.wmqfte.exitroutine.api.ProtocolBridgePropertiesExit2 interface to look up protocol file server properties that are referenced in transfers. We can implement this interface in preference to maintaining a ProtocolBridgeProperties.xml file. - Mapping credentials for a file server
Map user credentials in Managed File Transfer to user credentials on the file server by using the default credential mapping function of the protocol bridge agent or by writing your own user exit. Managed File Transfer provides a sample user exit that performs user credential mapping. - Example: How to configure a protocol bridge agent to use private key credentials with a UNIX SFTP server
This example demonstrates how we can generate and configure the ProtocolBridgeCredentials.xml file. This example is a typical example and the details might vary according to the platform, but the principles remain the same. - Configure a protocol bridge for an FTPS server
Configure an FTPS server in a similar way as you configure an FTP server: create a bridge agent for the server, define the server properties, and map user credentials.
Parent topic: Administer Managed File Transfer
Related tasks
- Example: How to configure a protocol bridge agent to use private key credentials with a UNIX SFTP server
- Defining properties for protocol file servers using the ProtocolBridgeProperties.xml file
Related reference
Related information
- fteCreateBridgeAgent (create and configure an MFT protocol bridge agent)
- ProtocolBridgeCredentialExit.java interface
- Sample protocol bridge credential user exit
- FTPS server support by the protocol bridge