Professional Documents
Culture Documents
SCOPE
This document describes the detailed configuration design for the EFB transport.
PURPOSE
The purpose of this document is to provide a view of the configuration required
across the multiple touch points involved to enable the implementation of file(s)
transportation.
The solution described in this document meets the requirements specified by the
Project. The level of detail in this document will allow the various areas involved
including respective teams to base their firewall rules, user account creation and
the implementation of the configuration into Test and Production.
It is vitally important that this document is reviewed by everyone attached to the
project. The final version of this document defines what will be implemented into
live. If anything in this document does not match what is actually required, it will
cause significant delays to your deployment, as proper Change Management
processes will be applied to any subsequent changes. If the EFB operations team
cannot deploy your transports live during the allocated change window, you may
well be required to fund an additional Work Request to make those changes at a
later date.
1
Restricted
2
Loach
Added note about annual review and possible deactivation. 2020-
1.12 Vincent Loach
Cleaned up headers and footers. 03-12
2020-
1.13 Added optional support email address table. Vincent Loach
04-09
2020-
1.14 Removed optionality of long term support information. Vincent Loach
10-15
Updated template to conform to document guidelines. Added:
2020-
1.15 more text about file permissions; more front page text; PGP Vincent Loach
11-12
public key section.
Added note on possible additional WR if design does not work as
2021-
1.16 written. Added test system public keys. Added optional text for Vincent Loach
04-29
when LTS details are only of people.
2021-
1.17 Clarified language in a few places in Appendix B. Vincent Loach
07-22
Added “Error Handling” and “SPLUNK logs” section to end of 2021-
1.18 Vincent Loach
Appendix A. 09-14
Added elements from GCP template to create single unified
template document. 2022-
1.19 Vincent Loach
Expanded descriptive text for test server FQDNs and IP 04-28
addresses.
Cleaned up “Emailing and Sign Off List”. Removed Appendix A 2022-
1.20 Vincent Loach
(for the moment). 10-17
3
Document History
Issued Date Details
0.2 Review
0.3 Approval
(Add/delete Server DAs as required, one per system EFB will interact with.) (Select
implementation team depending on EFB instance.)
Long term support contacts
System Email Address (and/or NG Autofix queue if internal)
System 1
System 2
System 3
4
Restricted
Table of Contents
1. Overview.......................................................................................................................... 6
2. EFB Transport Flow........................................................................................................ 6
Flow 1 – $Source to $Dest – Internal Only..........................................................................6
Flow 2 – $Source to $Dest – External to Internal................................................................6
Flow 3 – $Source to $Dest – Internal to External................................................................6
Flow 4 - $Source to $Dest – Drop........................................................................................7
Flow 5 – $Source to $Dest – Pickup....................................................................................7
Flow 6 – BTW SDEDS to GCP – EFB acts as Client to Pull from BTW SDEDS................7
3. Environments.................................................................................................................. 8
Production Source/Target and EE EFB Details................................................................10
Production Source/Target and EFB Details......................................................................11
Flow 1.....................................................................................................................................12
Flow 2.....................................................................................................................................12
Flow 3.....................................................................................................................................13
Flow 4.....................................................................................................................................13
Flow 5.....................................................................................................................................14
Flow 6.....................................................................................................................................14
Test Source/Target and Test EFB Details.........................................................................15
Flow 1.....................................................................................................................................15
4. File Details..................................................................................................................... 16
5. Risk and Assumptions................................................................................................. 17
6. Encryption of data – Ensure you have read this section...........................................18
7. Configuration Attachments.......................................................................................... 18
8. EFB Public Keys........................................................................................................... 20
9. User account creation template...................................................................................21
10. Glossary........................................................................................................................ 22
Appendix A : Process Overview........................................................................................ 23
Appendix B – Guide to how EFB operates........................................................................24
For all connections to your server.................................................................................24
Files from BT for Third Party.......................................................................................... 24
Files for BT from Third Party.......................................................................................... 25
Pull by BT from Third Party...................................................................................................25
Push to BT by Third Party......................................................................................................26
Overwrites and Uniqueness........................................................................................... 27
Runtime and Delivery Order........................................................................................... 27
Error Handling................................................................................................................. 27
SPLUNK logs................................................................................................................... 28
5
Restricted
1. Overview
Select one initial text paragraph from two below, depending on EFB instance:
This document explains how EFB will use the Secure File Transfer Protocol (SFTP) to transfer files between systems.
This document explains how EFB will use SFTP to receive the <whatever> files from <whatever> server and use GCP
protocol to upload the <whatever> files to Google Cloud. The Secure File Transfer Protocol (SFTP) will be mainly used to
transfer files between other systems.
Change this in the unlikely event we are using FTPS. This line makes explicit that SFTP is being used, as a small number of
third parties have become ‘confused’ about this.
Text in Red serves as guidance to completion. Please delete before issuing the document.
Text in black should form part of your document. Please do not delete.
Give a brief business background of the project/EFB request concerning the EFB Impact. Please also state the transports
required (Describing the type of data being transferred. I.e CDRs, Provisioning requests, Queries, Credit Card details etc. ) .
The below is the high level visual representation of the Transports requirements as part of this
project.
Flow 1 – $Source to $Dest – Internal Only
EFB
Pull Push
Flow 2 – $Source to $Dest – External to Internal
EFB
Pull Push
Flow 3 – $Source to $Dest – Internal to External
EFB
Push
6
Restricted
Pull Push
EFB
Drop
EFB
Push
Pull Pickup
Flow 6 – BTW SDEDS to GCP – EFB acts as Client to Pull from BTW SDEDS
$Source EFB
(Greenside / Redside)
7
Restricted
3. Environments
Delete and Edit details as appropriate
The information provided in this section is relevant to the interested parties below. The details
provided in this section will allow the individual areas to do the necessary work for allowing
connectivity and accessibility.
Source Server DA (Also see EFB public key section)
Target Server DA (Also see EFB public key section)
Firewall Team (if any new IP addresses are formed then the EFB design team will need to be
notified)
Integration Testing (informational)
EFB operations (informational)
Please note that any Unix user account creation must be submitted via the I.T shop prior to
submitting this design. The order ID reference generated when requesting accounts via the I.T shop
will need to be captured in section 8 of this document (User account creation section).
Production
Flow Firewall
Testing
Flow Firewall
8
Restricted
9
Restricted
Any external system connecting to the EFB DMZ should use FQDN: efb.bt.com
Any internal system connecting to the EFB DMZ should use FQDN: efb-dmzhub.eezone.bt.com
Any internal system connecting to EFB MSG should use the FQDN: efb-internalhub.eezone.bt.com
These FQDNs will then route traffic to the currently live host.
Any external third party should use all four $DMZ-Internet-Facing-address for their own firewall
modifications. EFB uses multiple DMZ hosts for load balancing and disaster recovery. The FQDN
efb.bt.com will resolve to the current live IP address in the global DNS. It has a low TTL (10 minutes) to
allow for Disaster Recovery usage.
For establishing the firewall connectivity between EFB and other internal BT servers, internal servers
need to add the below EFB SDIP aliases into their interconnects. Once the SDIP interconnects are
approved at internal server end, the same needs to be communicated back to EFB Design team - then we
can raise the Fireflow request to open the firewalls from our MSG server to internal BT server.
EFB SDIP’s:
ee_d_efb_prod_app_app13782
ee_d_efb_dr_app_app13782
10
Restricted
EFB-GCP - 193.113.10.71
Internet-Facing-
address 193.113.11.167
EFB-GCP Host (
btwholesalebigdata.sdeds.bt.com
Internet Facing)
sdeds.btwholesalebigdata.intra.bt.com
EFB-GCP Host
These FQDNs will then route traffic to the currently live host.
Any external third party should use all EFB-GCP-Internet-Facing-address for their own firewall
modifications. EFB uses multiple hosts for load balancing and disaster recovery. The FQDN
btwholesalebigdata.sdeds.bt.com will resolve to the current live IP address in the global DNS.
For establishing the firewall connectivity between EFB and other internal BT servers, internal servers
need to add the below EFB SDIP aliases into their interconnects. Once the SDIP interconnects are
approved at internal server end, then they need to raise the Fireflow request to open the firewalls from
our EFB server to internal BT server. The same needs to be communicated back to EFB Design team.
EFB SDIP’s:
sdeds_btw_ec_bigdata_servers_app10765
11
Restricted
Flow 1
EFB
Source Destination
MSG HUB
NAT
<data $MSG-NAT- <data
IP Address Facing IP Address
here> Facing-address here>
address
Local IP $MSG-IP-
<data <data
Host Address Address Host
here> here>
$Source $Dest
<data <data
User ID User ID
here> here>
Host
$MSG-Host <data
Directory
<data here>
Directory
here> <data
Temp Dir
here>
Comments This is an internal transfer, so no need for DMZ.
Flow 2
EFB
Source DMZ MSG HUB Destination
$DMZ-
Internet Internet-
IP Address <data here> n/a IP Address <data here>
Facing Facing-
address
$DMZ-IP- $MSG-IP-
IP Address
$Source Host <data here> Address Address $Dest Host <data here>
12
Restricted
Flow 3
EFB
MSG DMZ
Source HUB Destination
$DMZ-
Internet
IP Address <data here> N/A Internet- IP Address <data here>
Facing
Facing-address
$MSG-IP- $DMZ-IP-
IP Address
Host <data here> Address Address Host <data here>
$Source $Dest
Host $MSG-Host $DMZ Host Pickup DMZ
User ID <data here> <data here>
User ID
NAT Facing Pickup DMZ
Directory <data here> N/A <data here>
address Directory
Flow 4
EFB
Source DMZ MSG HUB Destination
$DMZ-
<data Internet Internet-
IP Address n/a IP Address <data here>
here> Facing Facing-
address
$DMZ-IP- $MSG-IP-
<data IP Address
Host Address Address Host <data here>
here>
$Source $Dest
Drop DMZ <data Host $DMZ-Host $MSG-Host
User ID <data here>
User ID here>
Drop DMZ <data
Temp-Directory <data here>
Directory here> NAT
Drop DMZ Facing N/A N/A
temp address Directory <data here>
Directory
13
Restricted
Flow 5
EFB
MSG DMZ
Source HUB Destination
$DMZ-
Internet
IP Address <data here> N/A Internet- IP Address <data here>
Facing
Facing-address
$MSG-IP- $DMZ-IP-
IP Address
Host <data here> Address Address Host <data here>
$Source $Dest
Host $MSG-Host $DMZ Host Pickup DMZ
User ID <data here> <data here>
User ID
NAT Facing Pickup DMZ
Directory <data here> N/A <data here>
address Directory
Flow 6
EFB
Source Destination
sdeds.btwholesalebig <data
Host data.intra.bt.com Username
here>
$Source $Dest <data
User ID gsftpgcp1 Bucket name
Host here>
<data
Directory
Director /DLM/out here>
y Temp Dir (if <data
any) here>
Comment
.
s
14
Restricted
BF1 -
blt13782005.eezone.bt.com $DMZ- HOST BF1 - blt13825001.eezone.bt.com
$MSG-Host
BF2 - BF2 - blt13825019.eezone.bt.com
blt13782006.eezone.bt.com
Any external system connecting to the test EFB DMZ should connect to the IP addresses listed under $DMZ-
Internet-Facing-address (Third party initiating).
Any external system expecting connections from the test EFB DMZ should expect connections from the IP
addresses listed under $DMZ-Internet-Facing-address (EFB initiating).
Any internal system connecting to test EFB MSG should use the $MSG-Host for BF1.
There are no global DNS entries for the test EFB DMZ. The “ eezone.bt.com ” addresses are for internal use within
BT.
There are two test environments for EFB now - BF1 (005efbrn1t) and BF2 (005efbrn2t).
At the moment we will be using only BF1 “005efbrn1t” for testing as default username.
Flow 1
EFB
Source DMZ MSG HUB Destination
External $DMZ- Internal
Internet Internet-
IP Address <data here> n/a IP Address <data here>
Facing Facing-
address
Host <data here> $DMZ-IP- $MSG-IP- Host <data here>
IP Address
Address Address
Host $DMZ-Host $MSG-Host
15
Restricted
Comments
16
Restricted
4. File Details
Flow 1
$Source to Delete
$Dest
Flow 2
$Source to Rename with default extension .pro
$Dest
Flow 3
$Source to Rename to X_%{FF}
$Dest
Flow 4 Archive to
/c1/exbvar/o2o/ftp/xfrefb/archive
$Source to with default filename
$Dest %{FF}.%{YY}%{MM}%{DD}
Flow 5 Archive to
/c1/exbvar/o2o/ftp/xfrefb/archive
$Source to with filename
$Dest %{FF}.delivered
Flow 1
$Source to NA NA NA NA NA
$Dest
17
Restricted
I.e. The file size being transported is at the upper limit of the EFB transport capability. Although EFB
should be able to manage this, it should be tested alongside the current production EFB transport to
ensure there is no impact to resource and existing EFB jobs being transported at the same schedule.
DAs for servers EFB will deliver into to ensure that delivery directories and final directories all exist.
EFB or the Ops team that install EFB transports in live or test at BT will not create missing
directories on remote servers. Delivery directories and final directories should be on the same file
system such that the SFTP rename command is an atomic file system action (as per POSIX).
DAs for all remote servers to ensure that user accounts specified exist on remote servers, and that
the public key enclosed in this document is authorized for that user. The user will need suitable
access to all remote directories to read, write, modify, move and delete files. If EFB is to pull a file
from a remote server it will need suitable read, write, modify, move and delete (if applicable)
privileges at both the file and directory level.
EFB expects files in source directories to be ready for transport as soon as they are visible (i.e. a file
that matches “Filename” in the above table appears). DAs to ensure that their systems only place
completed files in these directories. Two mechanisms are clearly available:
1) They may use temporary files with names that do not match “Filename” in the above table, and
move the temporary file to a matching “Filename” when it is ready for transportation.
2) They may use the “temp” delivery directory one level below the final directory and move the file
up one level when it is complete.
EFB will maintain file privileges end-to-end, as far as is possible. DAs for source and remote servers
to ensure that file privileges make sense end-to-end. The umask of the remote server should not
constrain the uploaded files unnecessarily. The umask of the internal EFB service is now 027. It is
a BT security idiom that - as standard - “other” should not have any access to files. It is therefore
very likely that (in Unix terms) files will be uploaded with a permission set of 640 (or “rw-r-----” if
you prefer).
It is possible for EFB to issue a “chmod” command to the remote server if something like 664 or
666 permissions are preferred and this is requested. (This requires the remote SFTP
implementation to service the chmod command correctly!). This needs requesting during the
design process.
The remote user that EFB uploads files as should possess sensible group membership to allow file
processing to continue in an optimal manner.
The final destination directory for files will need to be kept to a reasonable size. File deliveries slow
down significantly if the destination directory contains many files (e.g the number of files in the
destination directory is measured in thousands.) It is recommended that the delivery directory is
just that: a place where files are put for moving onwards to the actual live system that consumes
them. It is recommended that files are not left in the delivery directory permanently. The same file
quantity considerations apply to any archive directory EFB is required to use. The archive directory
where EFB places files should be regularly cleared down to ensure it does not contain thousands
and thousands of files.
The default state for EFB is to assume that files should be unique, and that attempting to overwrite
files is an error condition. This can be changed if required.
If files are to be archived, and the archived files are persistent in the archive, but a file could be
presented more than once in the source directory, EFB is built to not overwrite the previously
archived file. This is considered an error. If you think a file could be presented more than once at
18
Restricted
source (and is also to be archived) we recommend the addition of the date and a random number to
the archive filename, %{CC}%{YY}%{MM}%{DD}_%{RANDOM}_%{FF} or similar, to prevent this
error.
At the start of each new calendar year, the EFB design team will review aggregate transport
logging for the previous year. Any transport that has processed zero files in the entire previous
calendar year will be deactivated. If any transport in this design may ‘hibernate’ for an entire
calendar year and encounter zero files to move, then that must be clearly mentioned in the
“Comments” field for the transport in this design document.
If the long term support contact(s) in this design are for a specific person or persons at an
organisation, rather than a generic support team contact (e.g. support email address, helpdesk, or
NG Autofix queue) then this is a risk. As EFB transports often run for years, it is always possible for
a person to leave an organisation, giving us no way of contacting that organisation if there are
problems interacting with their server. The EFB operations team reserve the right to temporarily
deactivate any transport where our contact details for that server are no longer valid. We will then
wait for the owners of the server to contact us to diagnose the problem.
EFB does not keep any archived copies of any files it successfully transfers to the final destination.
After a file has been successfully delivered, it is deleted from the EFB servers. The EFB servers do
not have large amounts of disk space for archives of past files. Do not request redeliveries from the
EFB team – this is simply not possible. (Files that have failed to be delivered are kept until deliveries
can be reattempted.)
6. Encryption of data – Ensure you have read this section
Data protection and security is a key part of the role that we all have across our company. We all
have our part to play in this and here is where you come in. Any data we transmit must be done in
line with our policies and guidelines. We appreciate the vast majority of BT employees act
professionally and in line with BT’s Values but if you behave in a way that’s inconsistent with these
policies or The Way We Work, BT may take disciplinary action depending on local legislation and
regulation.
https://intra.bt.com/bt/security/policy/everyone/secpol4/Pages/index.aspx
All data leaving our company and arriving from a third party must be encrypted
The project or requestor must have ensured that data is assessed against the data policy and
security guidelines of BT.
It is the responsibility of the requester working with Security to ensure that the correct level of
encryption is undertaken
Data should be encrypted between source and destination and EFB should not be used in any case
where this is available or could be made available.
Data Specifications (GCP EFB only)
7. Configuration Attachments
EFB operations can implement the attached configuration scripts into production.
19
Restricted
Please add the configuration filename as greyed out readable text in the design document. This
allows it to be found by the SharePoint search capability. The configuration file itself – as an
enclosed object – cannot be found by name . This text assists greatly if/when we have to locate a
design document years down the line. Delete this paragraph in the distributed design.
Efb-internalhub2 is the preferred location for simple pullpush transports. IF YOUR TRANSPORT
INVOLVES ANOTHER SYSTEM PUSHING FILES TO EFB THEN IT MUST GO ON efb-internalhub 1
INSTEAD, AS THAT IS WHERE efb-internalhub.eezone.bt.com RESOLVES TO!
Flow 1 CONFIG_FILENAME_SEARCH_FODDER
efb-internalhub2
$Source to $Dest <attach configuration file >
Flow 2 CONFIG_FILENAME_SEARCH_FODDER
efb-internalhub2
$Source to $Dest <attach configuration file >
Flow 3 CONFIG_FILENAME_SEARCH_FODDER
efb-internalhub2
$Source to $Dest <attach configuration file >
Flow 4 CONFIG_FILENAME_SEARCH_FODDER
efb-internalhub2
$Source to $Dest <attach configuration file >
Flow 5 CONFIG_FILENAME_SEARCH_FODDER
efb-internalhub2
$Source to $Dest <attach configuration file >
20
Restricted
Optional: if test transports are being implemented: When test transports are used, DAs for test
servers to ensure these SSH/SFTP EFB public keys are authorised for the user EFB will be
connecting as:
Optional: some third parties may be getting/putting files on the test DMZ. EFB test team to ensure
that this public key is authorised for the user third party is connecting in as (005efbxxxxx).
Optional: if PGP encryption is being used. This is a nice-to-have, and should only delay document
completion and release if the project agrees that they want this to happen.
As a service we will gather all relevant PGP public keys into the EFB design document, where readily
available.
GCP KeyFile
This GCP service account keyfile path to be used before connecting to the mentioned Bucket:
Remove this if not GCP EFB.
21
Restricted
/path/to/gcp/private/keyfile
22
Restricted
10. Glossary
From DeMilitarized Zone. Servers placed in network zone that can connect to the
internet, and be connected to from the internet. At BT, they cannot then connect
inbound into the internal network. To get/put files from/to them, connections must
DMZ originate from an internal host. EFB has several servers in the DMZ that provide
interfaces to the internet.
Any external systems which need connectivity using EFB will use the EFB DMZ servers.
You can check the flow diagram in section 2 for more information.
Fully Qualified Domain Name. The name of a host with all elements defined so there is
FQDN no ambiguity. The hostname suffolk is ambiguous, but the FQDNs suffolk.orange.co.uk
and suffolk.uk.tmo are not.
IP Internet Protocol.
From Messaging hub. An early version of EFB ran on servers known as “messaging
hubs”. Although that is not really the case anymore, and “internal hub” is arguably a
more technically correct description, use of MSG persists. It also provides a nice three
MSG letter initialism that works well with the initialism DMZ.
Any Internal systems to BT which needs to connect to EFB should use EFB MSG server
to connect hence named as EFB MSG. You can check the flow diagram in section 2 for
more information.
Time To Live. How long a server’s FQDN maps to its IP address in the global DNS
TTL
system.
23
Restricted
For SFTP
You tell us the SFTP hostname (or IP address) to use over the internet. You provide is with the username to
login with. We provide you with the public key counterpart to the private key we will use. You add this
public key to the authorized keys of the username we will login with.
We tell you the IP addresses our connection will appear to come from (see Internet-Facing-address above)
so you can open a hole in your firewall (if necessary) to allow our incoming connection.
You tell us the directory to use. Obviously the directory needs to exist and the user we will login as needs to
have sensible access privileges to this directory (see below for more on this). We will use the SFTP “cd”
command to change into the directory path provided so what is given to us should be a sensible path we
can use with a “cd” command invocation. Due to a small code deficiency we either need a full absolute path
(starts with “/”) or we can also get or put files just from the directory we are placed in when we login (a
path of “.”). We cannot use paths that start with “~”.
It is recommended that the directory path has no spaces or unusual characters in it. Upper and lower case
letters, numbers, underscores, dots and hyphens are recommended as the characters to use.
We agree on the filenames to use. Again, it is recommended that the filenames do not contain spaces or
other unusual characters. Upper and lower case letters, numbers, underscores, dots and hyphens are
recommended as the characters to use.
Our system then initiates an SFTP connections, logs in and moves to the relevant directory.
For GCP
You need to share the google project that the destination bucket sits under. Also the bucket name with the
paths where the files needs to be stored by EFB.
Google Project should have the specified bucket and path so the using gsutil tool we could connect to your
bucket and place all the files.
Files from BT for Third Party
Files are uploaded with an extension consisting of “.inprogress” followed by a 13 to 15 digit number (Unix
epoch time in seconds and the Unix process ID for those that are interested.) The file is then renamed to the
final filename without this extensions at the conclusion of the upload.
You can provide us with a temporary directory to upload into. Files are still uploaded with the above
extension, then moved to the final destination directory at the conclusion of the upload without the
extension.
Depending on how your software is setup to monitor the delivery directory one of these two methods may
serve you better. We default to the first unless we hear otherwise.
Obviously we need reasonable write access to the remote directory to write files there.
When EFB uploads a file to your server the permissions of that file are controlled by your SFTP server. [On
Unix, by default, it will inherit the “umask” (the file permissions mask) of the root user.] Generally, default
permissions will very probably look something like this (in Unix terms) for an uploaded file:
24
Restricted
25
Restricted
EFB does not have any “memory” of the files it has downloaded, so it needs to make sure it does not
download files multiple times. There are three simple solutions to this that we select from:
a) Files are deleted after download. This is the default option.
b) Files are moved to an archive directory. They can also have year, month, day and a random number indicator
added to the filename when this occurs, or any other arbitrary text string. We cannot modify the base name
of the file, only add text to it. As the archive directory can actually be the same as the original directory, this
can be configured to effectively simply rename the file after download.
(Note that is an error condition to ask EFB to overwrite an already existing archive file. If files have already
been presented to EFB at a source location, and pulled and archived, it will be an error if the same original
file is placed at source a second time. In this case, EFB will pull the file, but will leave the .inprogress file in
place so it does not damage the previously archived version. If nothing changes, and the file is presented a
third time at source, it will simply be skipped as EFB cannot rename it to the .inprogress version as that
already exists.
If you wish to redeliver files across a transport where files are archived [perhaps final destination has ‘lost’
the files], the canonical solution is to move the archived version you have preserved back to its original name
and location. Then EFB can safely pull and archive the file again.)
c) Files are renamed by simply adding “.pro” (for “processed”) to the end of the original filename. If this option
is used then care must be taken to ensure that the filename pattern matcher does not pick up these files in
future.
If we are not allowed to delete/archive/rename the files on the remote directory there is one other possible
solution. If a file contains a datetime stamp we can include datetime components in filenames, so we could
run a transfer “today” and pick up “yesterday’s” files, as we can specify file patterns like this example:
data_$DATETIME{'1 day ago','%Y-%m-%d').log.gz
Which, if run on 2014-06-26, would pick up a file called:
data_2014-06-25.log.gz
Note that we would still need write/modify access permissions on the server even in this situation for
renaming the file with a .inprogress postfix and back again after the download (but see pull untouched
source below).
This datetime pattern is generally advised against as if there are any issues with delivery and a transport
does not run for a whole day (e.g. a server is offline), a file will be missed. EFB will not “catch up” missed
files like this as they no longer match the datetime pattern. You can put multiple datetime patterns in if
you wish to pull multiple files. Obviously, if you do this you will need to allow overwrites and handle the
fact that the same file will be transmitted end-to-end more than once. If this is a simple lookup file (for
example) then this could be acceptable. If each is a delta of data then it probably would not be.
26
Restricted
As we have multiple DMZ servers, there is a risk that both may pull the file at the same time. We cannot
limit the pull to a single server - as we usually do - as that is done by the success or failure of the rename
command, which we are not running.
27
Restricted
is a feature. You cannot rely on a particular order for file delivery. You cannot expect a termination file to be
delivered last end-to-end.
Error Handling
Problems with transfers are carefully logged. By this, we mean explicit problems with SFTP connections or
attempting a file transfer. Commonly seen examples of such issues would be:
A file server is not available, i.e. it has simply gone down, or perhaps an external FQDN (e.g.
"sftp.acme.com") has moved to a new hosting environment and has acquired a new IP address, but
nobody thought to tell the EFB team and so the firewall is not open to the new host and a
connection cannot be made (yes, this happens a lot).
EFB can no longer login via the username we have been given. Perhaps the account has expired, or
for some reason our access has been revoked. Note that it is common for systems to be setup so
that if a password expires the account is locked, even though EFB is logging in via public key
authentication and does not use the password.
A directory EFB must use no longer exists or we no longer have the correct permissions for it.
Perhaps someone was being over-zealous with cleaning up a server.
The remote server has run out of disk space. This happens surprisingly often given the relative
cheapness of disk space compared to everything else these days.
An overwrite of a previously delivered file is being attempted and you have not explicitly requested
that overwrites should be allowed. The default state of EFB is that overwrites of files in the remote
delivery directory are not allowed and are an error.
When a problem like this occurs the transport goes into a FAILED state. A list of transports in a failed state
is detected automatically and mailed internally to the support team for investigation at regular intervals
during business hours. The outsourced support team is listed at the start of this document. This team
supports a variety of applications, not just EFB. They then work to try to fix broken transports with "best
endeavours" during office hours. IIRC, this is known as "Bronze" support level, and is considered standard
for EFB. They won't report the issues back to any teams within EE.
Only failed transports which are supported 24x7 will raise P3 incident/callout for investigation. This is
generally known as "Gold" level support.
If an EE/BT team believes there is an issue with their transport (e.g. “why have I not got any files today on
my server?”) they can open an incident with the ops team and they can then investigate it, do whatever is
required to fix it (e.g. clear .inprogress files, check servers are available, re-run transports, etc.) and report
back with their findings.
Note that “lack of files” is not considered an error by EFB. If it is polling a source location for files, and
there are no files there, this is simply BAU and EFB continues on its way. If you expect a set of (for example)
five files by 09:00 every day, and only four files appear before 09:00, this is not considered an error by
EFB: it has transferred all the files that were available.
SPLUNK logs
EFB logs are now sent to the SPLUNK system. Go here to read about SPLUNK access and quick ways to
check your logs. If you're feeling very clever, this allows you to create your own alerts based on the
contents of the SPLUNK logs. This is where you can potentially create alerts for such concepts as “I expect
five specific files before 09:00 and I consider it an error if they have not transferred end-to-end by that
time”.
28