Automated secure file transfer

You can forget about SCP or SFTP. There's no real way to offload for those on LTM without writing something to specifically handle the protocol; no way is that an easy task. SSH (the transport for SCP/SFTP) does not use SSL/TLS -- it negotiates its own secure channel using Diffie-Hellman and a suite of stream encryption types. It may still be _possible_ to do this with an iRule has the prerequisites are there: AES-128, gzip compression, and HMAC-md5 are all available in LTM iRules (although the supplied AES is CBC mode and probably not directly usable in a stream protocol).

 

 

Hamish is correct: FTPS may be a better option here since it uses SSL/TLS and can be offloaded -- that which can be offloaded can be selectively load-balanced. But I find myself wondering...

 

 

Why not just use HTTPS? Your requirements are:

 

 

- file must be encrypted in transit (SCP, FTPS, SFTP,....)

 

- user (or script) must authenticate

 

- destination file server must be selected by LTM based on information in the upload command (e.g. filename or destination host/directory)

 

 

... all of which can be accomplished through LTM SSL Offload (item 1), LTM client authentication (item 2), and LTM iRule pool selection (item3). And you can use things like wget or curl to handle files from batch scripts. It may not work reliably for very _large_ file transfers, but for the bulk of corporate datafile moving it's pretty reliable (for me at least). AMEX, for example, uses a scenario very much like this to handle corporate card data information upload/download - an authenticated SSL web site with "drop directories" that tie to specific backend servers for specific customers.