PCI DSS and FTP
Brandon Ritter
BRdata Store, to our IBM ACE master controller, running on top of 4690
OS v5, and also be PCI DSS compliant. FTP is not a secure protocol
since it sends user credentials in clear-text.
What methods are possible to transmit Item Maintenance from a PC to an
IBM ACE controller (CC) other than FTP?
Our current FTP script reads:
<username>
<password>
binary
put <filename> c:\adx_idt1\eammaint.dat
quote adxstart aceaddml
bye
I can send Item Maintenance files via SFTP. The SSH/SFTP server for
4690 OS does not support the "quote" command to launch aceaddml.
What PCI DSS compliant options are there to send Item Maintenance to
an IBM ACE system and have the IBM ACE system apply said maintenance?
Thanks,
Brandon Ritter
Chad
Leave out the quote adxstart aceaddml command and create/modify a c:
\adx_ipgm\aceschdl.us5 (or whatever number you use), changing
Frequency=1 and see if your batches get applied. This should cause
the scheduler to check for maintenance once per minute. However, if
more than one batch is sent in that time frame, I could see the
original getting overwritten, so some consideration needs to be taken
regarding that (hence why BRData has the command to process
immediately in their batch file.)
Let me know if this works or not.
Chad
On Nov 3, 5:13 pm, Brandon Ritter <brit...@metropolitan-market.com>
wrote:
Brandon Ritter
Thanks for your advice. I was able to send an Item Maintenance batch
and see that it had applied successfully. This process also creates a
backup of the eammaint.dat file as filename eammaint.bak.
I found the file c:\adx_ipgm\aceschdl.us6 and another file that
appears to be related in the same directory called aceschdl.ini. In
the ini file I found the following entries:
;This toggle disables automatic start of ADDMI processing by scheduler
;0 allows automatic processing, 1 will keep scheduler from starting
;Addmi task ( ACEADDML )
Addmi Autostart= 0
;A9238
;Delay time, in seconds, between addmi batches
DelayBetweenBatches = 30
;E9238
Now I wonder if this second entry forces the system to look for
another batch 30 seconds after the first batch processes.
Where can I find out more about this "DelayBetweenBatches" option?
Thanks,
Brandon Ritter
Chad
changes should be reflected in the .usX files. I believe the delay
between batches will just create a pause of 30 seconds between batches
waiting to be applied. Send a couple and check your batch maintenance
screen, to see what happens.
On Nov 4, 12:08 pm, Brandon Ritter <brit...@metropolitan-market.com>
Young, Derrick CIV (USA) DeCA HQ PM
irchange files back after the maintenance has applied.
We ran into an interesting problem.
ACE normally applies batches based on the ID. If there are several batches
with the name of 110405, then they will all start to apply at 0500 AM on
11/04. The small batches will finish first and the largest batch will
finish last.
Changing the DelayBetweenBatches, only impacts those that are scheduled to
start at different times. Not batches that have the same name.
Not sure if that is what you would want to happen. For DeCA, it caused us a
major problem. The largest batch was the base and the smaller batches were
corrections. So we had to apply the batches in the sequence received.
If you need them to apply in the sequence received, there is an extension
that is available from RSS to do this, but it costs.
Derrick Young
DeCA/CARTS PMO
804-734-8000, extension 4-8561
804-332-4025 (cell)
Jeff Boyle
to process FTP commands from a script file. The FTP commands are
converted into our RIO API and performed via our RIO interface. We
also can support the "quote" command to run an application on the 4690
controller.
This means our RIO solution becomes a drop in replacement for FTP, and
supports all of the FTP command set.
Our current pilot is running our solution on an AS/400... the customer
has over 100 stores.
The customer changed one line in their CL and now can continue to
support all of their FTP scripts (which are significant) while moving
away from FTP. This particular customer has some fairly intricate
scripting being generated "on the fly".
We're supporting all of the AS/400 files (multi member files, etc...).
Regards,
Jeff
Jeff Boyle
President
4690World, LLC
http://4690world.com
Off: 248-340-6015 x300
Cell: 248-212-3996
On Nov 4, 1:26 pm, "Young, Derrick CIV \(USA\) DeCA HQ PM"
> 6KViewDownload
Jeff Boyle
on any Java 1.4 compliant OS (i.e. Windows, *nix, AS/400, AIX, Z
Series, etc...)
Jeff
On Nov 6, 7:25 am, Jeff Boyle <je...@4690world.com> wrote:
> We have developed an FTP interface for our RIO product, so we are able
> to process FTP commands from a script file. The FTP commands are
> converted into our RIO API and performed via our RIO interface. We
> also can support the "quote" command to run an application on the 4690
> controller.
>
> This means our RIO solution becomes a drop in replacement for FTP, and
> supports all of the FTP command set.
>
> Our current pilot is running our solution on an AS/400... the customer
> has over 100 stores.
>
> The customer changed one line in their CL and now can continue to
> support all of their FTP scripts (which are significant) while moving
> away from FTP. This particular customer has some fairly intricate
> scripting being generated "on the fly".
>
> We're supporting all of the AS/400 files (multi member files, etc...).
>
> Regards,
> Jeff
>
> Jeff Boyle
> President
Brandon Ritter
What is an "irchange" file and where can I locate such a file? Is
that file generated after eammaint.dat has processed?
Thanks,
Brandon R
On Nov 4, 10:26 am, "Young, Derrick CIV \(USA\) DeCA HQ PM"
Young, Derrick CIV (USA) DeCA HQ PM
results of all maintenance that has been applied. Does not matter the
source, it can be an ACE DM screen, hand held terminal, or batch that comes
from corporate.
Does that help?
Derrick Young
DeCA/CARTS PMO
804-734-8000, extension 4-8561
804-332-4025 (cell)
Derrick,
Thanks,
Brandon R
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"IBM ACE Support group" group.
To post to this group, send email to ibm...@googlegroups.com To unsubscribe
from this group, send email to ibm-ace+u...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/ibm-ace?hl=en
-~----------~----~----~----~------~----~------~--~---
Bob Hoblit
The IRChange file is created by the base application. Other additions to the base application such as a handheld terminal may have an update function for the IRChange file. Because the base application already updates the IR change file, 3rd party additions to the file is an easy way to create a universal 'change log' for a 3rd party to monitor for changes and perform activities based upon those changes (such as creating in store labels or change audits)
The base application was partially instrumented for notifying DIF of item record changes, however, the work was not completed as of V7, and so, it is not exposed.
The vision is that at some point, the base application could notify DIF of item record changes, and then DIF could process these events, which could result in updates to multiple clients through its actors.
Bob Hoblit
Brandon Ritter
I found file "EAMIRCHG.DAT" in C:\ADX_IDT4. Unfortunately the file
appears a mixture a text and packed decimal. I'll have to rely on a
different method to ensure Item Maintenance application before the end
user can send another Item Maintenance batch to ACE.
My next idea is to pursue how long it takes IBM ACE to create
"EAMMAINT.BAK". If the file is created AFTER all items from
EAMMAINT.DAT have applied, then I can continue to try to SFTP file
EAMMAINT.BAK back to the PC, check for greater than than zero byte
file size and then quit the batch file, letting the end user know the
batch has finished application in ACE.
Thanks,
Brandon R.
Glen Glasscock
Brandon Ritter <bri...@metropolitan-market.com> wrote:
Bob and Derrik,
Thanks,
Brandon R.
--
You received this message because you are subscribed to the Google Groups "IBM ACE Support group" group.
To post to this group, send email to ibm...@googlegroups.com.
To unsubscribe from this group, send email to ibm-ace+u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/ibm-ace?hl=en.
IGM-Man
batches.
This is the same trick IMS uses except they pull the file back to the
PC to read it.
On Dec 21, 6:58 pm, Glen Glasscock <gglassc...@crstx.com> wrote:
> EAMMAINT.DAT is immediately renamed to EAMINPR.DAT and processed. When it is done processing it is named to EAMMAINT.BAK. This is done so you can send another file while the previous is being processed.
>
> For more options, visit this group athttp://groups.google.com/group/ibm-ace?hl=en.- Hide quoted text -
>
> - Show quoted text -
Brandon Ritter
Brandon Ritter
Item Maintenance to IBM ACE.
The batch removes the previous backup file, sends current maintenance
file, waits for IBM ACE to create new backup file before the batch
file exits. User can adjust amount of wait time for each loop to
check status of backup file. I also had to create SSH FTP user, and
edit settings in file C:\ADX_SDT1\ADXSSHXH.DAT.
See my copy-n-paste of the batch file below:
---------------------begin BAT file code-------------------
@echo off
:: copyibmf.bat
:: revised Jan 12, 2010
:: set variables
set STARTTIME=%TIME%
set WAITTIME=5
set SFTPUSER=1
set PUTTYID=150test
set BACKUPFILE=temp\eammaint.bak
:: Navigate to BRdata directory
c:
cd \brdata
:: backup file stored locally in temp subdirectory
if not exist temp mkdir temp
:: remove local backup Item Maintenance file
if exist %BACKUPFILE% del %BACKUPFILE%
:: SFTP file to IBM
:: this will delete remote backup Item Maintenance file
:: before send of current Item Maintenance file
psftp %SFTPUSER%@%PUTTYID% -be -b copyibmf9.sftp
goto waitmessage
:ftpdonefile
:: retrieve backup copy of maintenance file
psftp %SFTPUSER%@%PUTTYID% -be -b copyibmf2.sftp > NUL
goto checkdonefile
:checkdonefile
if exist %BACKUPFILE% goto checkzerobyte
goto waitmessage
:checkzerobyte
:: delete local file if zero bytes
:: some FTP clients may create a local zero byte file
:: when the remote file does not exist
for %%R in (%BACKUPFILE%) do if %%~zR equ 0 del %BACKUPFILE%
if exist %BACKUPFILE% goto end
goto waitmessage
:waitmessage
:: take "sleep.exe" from Windows 2003 Resource Kit
:: compatible with Windows XP and newer
set CURTIME=%TIME%
echo.
echo.
echo Batch start time = %STARTTIME%
echo.
echo Current time = %CURTIME%
echo.
echo Waiting %WAITTIME% more seconds for IBM to finish...
echo.
echo.
sleep %WAITTIME%
goto ftpdonefile
:end
exit
---------------------end BAT file code-------------------
---------------------begin copyibmf.sftp code-------------------
cd /adx_idt1
rm eammaint.bak
put ace0154.txt eammaint.dat
---------------------end copyibmf.sftp code-------------------
---------------------begin copyibmf2.sftp code-------------------
cd /adx_idt1
lcd temp
get eammaint.bak
---------------------end copyibmf2.sftp code-------------------
-Brandon R