1 Oracle Secure File Transport Overview and Prerequisites

This chapter provides an overview of Oracle Secure File Transport (SFT) and includes the prerequisites required for installing and running the application.

The following topics are provided:

• Overview of Oracle SFT

• Supported Versions

• Prerequisites

1.1 Overview of Oracle SFT

Oracle Secure File Transport (SFT) supports data transfer between customer environments and Oracle. The SFT tool is used to periodically deliver Explorer data collector files for proactive reporting and for sending Explorer, core, log, or other files for support services diagnostics. SFT is designed to support customer network environments in which Explorer clients do not have Internet access and to provide a central point to manage Explorer telemetry.

SFT is a daemon process that runs in the background, periodically scanning a specified directory for new files and forwarding that data to the configured destination, Oracle Corporation. A daemon process runs in the background, rather than under your direct control. The daemon process restarts automatically on system reboots and continues running until it receives a system-wide interrupt command.

SFT is intended as an aggregation and transfer point for telemetry data from other hosts. It detects and validates configured file types then invokes a transfer process to send the data to the configured destination.

SFT is part of Oracle Auto Service Request (ASR) Manager (asrmanager) that is installed under a standard location, /opt/asrmanager.

SFT is launched through a command line interface. SFT is a separate download that runs on versions 9 and 10 of the Solaris Operating System (OS) running Java 1.6.0 or higher. All transfers between your system and Oracle use industry-standard Secure Sockets Layer (SSL) encryption, which ensures the security of the transfer of your data.

The /usr/bin/gzip and /usr/bin/tar commands are required for transfer of Explorer files and should have been included with your Solaris OS. SFT runs as a software bundle within Oracle ASR. You must be a superuser to launch the ASR process or use any of the SFT or ASR command line options.

1.1.1 Oracle SFT Architecture

Figure 1-1 shows the configuration and communication routes of a typical SFT network:

Figure 1-1 Oracle SFT Architecture

SFT can support any number of Explorer clients. You may want to use multiple SFT instances for manageability and to ensure that files are sent to Oracle without unreasonable delay. A single SFT instance can support up to 32 concurrent transfers. You need to define the concurrency appropriate to your specific needs and infrastructure. The number of concurrent transfers depends on the volume of Explorer files you need to send, the average size of the files, and your network bandwidth. If a single SFT instance does not satisfy the file transfer volume, then additional Sun SFT instances should be installed on other hosts.

1.1.2 Supported Data Types

SFT supports two data types:

• Explorer data packages. These files should retain their filenames as created by Explorer (explorer.<hostid>.*.tar.gz). SFT does some checks to validate the Explorer file before attempting to send it. Any validation failures are logged and the file is moved to the directory for failed transfers.

• Any files to assist in support case resolution such as core files, log files, configuration files, and so forth. These files must be named with the service request (SR) number, optionally preceded by the word case, and followed by additional file description and an extension.

The preferred format is:

#-name.ext

Where name is the file name and extension is the file extension.

Sample filenames include:

1-234567890-core.gz
case_2-1234567_messages.Z
CASE-3-1234567890-vmcore.bz2
Case1-12345678.resolv.conf
1-12345678-core.dump
case-2-123456789.nsswitch.conf

If a file in the transfer directory does not match the filename pattern for any active slot, the file simply remains in the transfer directory and no information about that file is logged.

Note:

Only validated files that are awaiting transfer are reported with the /opt/asrmanager/bin/sftransport info command.

1.2 Supported Versions

Table 1-1 shows the platforms and software supported by Oracle SFT:

Table 1-1 Supported Platforms and Software

Platform	Version
Oracle Solaris	9, 10, and 11
Oracle Linux	5.3 or later
Red Hat Linux	6.3 or later
Java	1.6.0 or later

Note:

If you experience any jar errors during installation, then you will need to need to install the full Java JDK 1.6.0.

For details about software and operating system requirements, see Verifying Operating System Requirements and Verifying Java Requirements in the Oracle® Auto Service Request (ASR) Manager User's Guide:

http://docs.oracle.com/cd/E37710_01/install.41/e18475/toc.htm

1.3 Prerequisites

Review the following prerequisites before installing SFT:

• Firewall Limits

• Oracle Single Sign On Account

1.3.1 Firewall Limits

SFT communicates with Oracle's servers using HTTPS and encrypts information that it sends using 128-bit SSL encryption. The system where SFT is running requires outbound access to port 443.

If your firewall limits the hostnames that may be contacted, SFT communicates only with transport.oracle.com. Check the /var/opt/asrmanager/sftransport/config/sftransport.xml file to confirm which is in use for active slots.

If your firewall limits communication by target IP address, you may want to perform a lookup for the addresses of these hostnames. However, keep in mind that Oracle reserves the right to change the IP addresses of these hostnames.

1.3.2 Oracle Single Sign On Account

To run Secure File Transport, you must have a My Oracle Support account. To register for one, go to the following web site:

https://support.oracle.com

then follow the links to Register for an Account.

In addition, the account used must have Service Request Create/Update permissions on at least one Support Identifier in My Oracle Support. The permissions on the support identifier control what uploads a user can perform using SFT. For more information see:

• How To Add A Support Identifier (SI) To Your User Account (Oracle Support Document 1070936.1)

• Oracle Diagnostic File Upload (Oracle Support Document 1547088.2)

These documents are available from My Oracle Support:

https://support.oracle.com

1.4 Downloading and Installing Oracle ASR and SFT

Because SFT is part of Oracle Auto Service Request (ASR) Manager (asrmanager), it is downloaded and installed as part of an ASR installation into a standard location, /opt/asrmanager.

To download and install Oracle ASR:

1. Download and unzip the ASR software package from My Oracle Support:

   https://support.oracle.com/rs?type=doc&id=1185493.1
   

2. Open a terminal window and make sure you are logged in to the ASR Manager system as root.

3. From the directory where you unzipped the ASR package, install the ASR package using the following command:

   • For Solaris, run: pkgadd -d <asrmanager-version_num-time_stamp>.pkg

   • For Linux, run: rpm -i <asrmanager-version_num-time_stamp>.rpm

4. As the installation progresses, you are prompted to make several selections. Use the list below to determine how to respond to the installation prompts:

   • When prompted: ”. . . select all packages to process,” press [Return] to select all packages.

   • When prompted: ”. . . install conflicting files,” enter Y.

   • When prompted: ”. . . scripts will be executed with super-user permission during the process of installing this package,” enter Y.

5. Add the asr command to the PATH environment variable. This update would be made to the root user's .profile, .cshrc, .kshrc, or .bashrc files as needed (for both Solaris and Linux):

   PATH=$PATH:/opt/asrmanager/bin
   export PATH
   

   Note:

   The instructions provided in this document assume that the PATH variable has been set.

6. Enable SFT:

   /opt/asrmanager/bin/sftransport enable
   

7. Confirm proper network connectivity between the ASR Manager and Oracle, as described in Test Connectivity from the ASR Manager to Oracle. When complete, continue to Registering the ASR Manager in the Oracle® Auto Service Request (ASR) Manager User's Guide:

   http://docs.oracle.com/cd/E37710_01/install.41/e18475/toc.htm
   

Note:

Oracle SFT 5.4 does not require SUNWsftransport and SUNWsasm packages.

WARNING! However, the /var/opt/SUNWsftransport directory should remain and NOT be deleted. It still used by other applications (such as Explorer) to store files into that directory. Also, ASR 5.4 looks for files located in that directory.

Check for SUNWsasm packages and remove them if exist:

Solaris:

pkginfo -l SUNWsasm
pkgrm SUNWsasm
 

Linux:

rpm -qa SUNWsasm
rpm -e SUNWsasm

1.4.1 Using ASR Manager Relay with Oracle SFT (optional)

Oracle Secure File Transport (SFT) can use the ASR Manager Relay sharing a common connection to Oracle.

For details about the ASR Manager Relay, see Enabling HTTP Receiver for ASR Manager Relay, Solaris 11, and SDP2 in the Oracle® Auto Service Request (ASR) Manager User's Guide:

http://docs.oracle.com/cd/E37710_01/install.41/e18475/ch2_asr_manager.htm#ASRUD134

At this time, only one layer is supported:

Oracle SFT --> ASR Manager Relay --> Oracle

1.4.2 Oracle SFT on IPv6

For IPv6, the ASR Manager server needs to be enabled for dual stack IPv6/IPv4. ASR Manager supports IPv6 to and from assets configured for ASR. The traffic outbound from the ASR Manager to transport.oracle.com currently only supports IPv4 traffic.