Manycom Message
FTP Client Automation
FTP Server Automation
Manycom Solutions

Home > Products > Manycom Message > FTP Server Automation


FTP Server Automation Module Description

Introduction | Benefits | Technical Description | Cases and References | System Requirements | Prices | Availability and Support | Manuals and Documentation | License and Maintenance Agreements


FTP Server Automation, FTP SA, is a comprehensive solution for securing and automating FTP file transfer traffic with the OS/400 FTP Server. FTP SA secures all use of the OS/400 FTP server - even if it comes from the Windows FTP clients in the local network or from the FTP clients behind the Internet.

FTP SA makes is possible to use your AS/400 as a secured FTP server. For more information about the security, see the chapter More about the FTP server security later in this documentation.

FTP SA operates 'behind' the OS/400 FTP server feature, so it doesn't set any requirements to the FTP clients. FTP SA is an optional module of the Manycom Message product providing three main functions:

  • Allows controlling the login requests issued from the FTP clients. The FTP userid, password and IP address combination must match to the pre-configured values. Additionally, a unique timetable can be attached to each FTP user to control the access.
  • Allows controlling the FTP subcommand requests and the related parameters (AS/400 resource names such as libraries, directories and filenames) issued from the FTP clients. The requested subcommands and parameter values must match to those pre-configured for the user. This control applies also to the 'remote command' subcommand.
  • Allows attaching local tasks to the configured FTP operations. The local task is executed automatically after the specified FTP subcommand is issued with the allowed parameters (AS/400 resource names) from the FTP client. The local tasks can be started and executed during the FTP session or as a scheduled batch job.

FTP SA always operates in the FTP server mode listening the incoming calls from FTP clients, and responding to the service requests (FTP client subcommands) entered from the FTP clients. See the following figure.

Notice, that if your local AS/400 needs to be the FTP client, which is calling the remote FTP servers, you should select another module of MCM, the FTP Client Automation, which makes it possible to secure and automate the FTP client operations. FTP SA and FTP CA together provide an extensive solution for automating all kinds of FTP file transfer transactions.

FTP SA Logic

More about the FTP server security

In a typical AS/400 environment all 'objects' including database files are normally secured via applications, menus and commands. The so called 'object security' is seldom used because of the hard maintenance work due to the large number of objects. Typically only the most important database file, command, menu and program objects are secured also on the 'object security' level with the object security settings facilitated by the OS/400 operating system.

It is very important to know, that the OS/400 FTP server feature (application) does not provide any 'application level' security features or protect against unauthorized use of the AS/400 resources (database files, commands, programs, etc.)! The object security of the OS/400 is fully supported by the OS/400 FTP server, but it is not enough because, as mentioned above, the objects are seldom carefully secured with object level settings.

For instance, if the OS/400 FTP server is activated, basically any FTP client, which can establish a connection to the OS/400 FTP server, can get access to all database files with PUT, GET, DELETE and RENAME commands, if the objects are not specifically and carefully protected. Additionally, the FTP client can via the FTP 'remote command' run any AS/400 command, if use of the command is not specifically prohibited.

FTP SA is the 'missing' application to be used with the OS/400 FTP server in order to secure the use of AS/400 resources on 'application level'. Notice, that even if a hacker succeeds to login to your FTP server with the valid pre-defined FTP userid and password, FTP SA allows the hacker perform only those FTP operations and access with those operations only those resources specified for the FTP user. This restricts effectively the amount of damage that a hacker could produce!

The security services provided by the FTP SA follow the principle: What is not specifically allowed is denied! FTP SA makes your AS/400 a secure FTP server!

For more information about how to prevent unauthorized use and hackers connecting to your AS/400 FTP server, see the manual MCM FTP Server Automation, Configuration Guide.

Login and resource security

Each user of the FTP server (FTP client), who wants to login to the OS/400 FTP server, must be pre-configured for the FTP SA. The FTP client, who is allowed to login, can execute only those FTP subcommands (PUT, GET, DIR, RENAME, DELETE, etc.) pre-configured for the user. With each subcommand the user can access and process only those AS/400 resources (libraries, directories and files), which are pre-configured for the user. Additionally, the user can start only those local tasks specifically attached to the pre-configured subcommands.

All other FTP logins and use of resources are implicitly prohibited, when the exit programs of FTP SA are activated. FTP SA (actually the FTP server feature of OS/400) sends the FTP client the standard RFC return codes and messages telling if the use of the FTP subcommand with the issued parameters was accepted or restricted.

FTP SA logs all the FTP subcommands - both accepted and restricted - with a time stamp, FTP user, IP address, requested FTP subcommand with the parameters (e.g. library/directory, filename, and the requested remote command).


When a FTP file transfer ends and the received file is successfully saved on AS/400 disk, or when the certain FTP subcommand is entered from the FTP client, there is usually a need to start a AS/400 application to process the received file.

FTP SA allows attaching post-processes (CL commands and creation of data queue entries) to the FTP client subcommands for automatically starting the desired AS/400 tasks.

For instance, after a file containing orders has been received and saved into the specified library and file and renamed successfully into the specified filename, an AS/400 order processing application can be called with the file and library names.


FTP SA includes extensive logging functions in order to save all service requests from the FTP clients in the log file for operator control. All subcommands and the related parameters are logged with the time stamps. The result code of each subcommand (accepted or restricted) is also logged with the FTP user ID and IP address.

FTP SA starts collecting log entries when FTP SA is activated. This log has proved to be very useful also to 'reveal' the unwanted internal use of the FTP server.

Other modules and user applications to attach

FTP SA uses the CL command and data queue entry interfaces to automatically start the local tasks. This means that you can attach and utilize also MCM Data File Conversion and MCM Advanced Automation modules or any other software when processing the files after receiving them or before sending them.

Top of the page