Note on usage

Function: Add remote system to the partner list

User group: FT administrator

Alias name: FTADDPTN

Functional description

The ADD-FT-PARTNER command is used to enter a remote system in the partner list of the local system. The network or transport system should be generated beforehand.
Please refer to the appropriate manuals on BCAM for further information on the generation process. A transport system in accordance with ISO or TCP/IP can be used for generation.

If dynamic partners are permitted then inbound and outbound requests can be processed with partners which are accessed via their addresses and are not defined in the partner list.

You can issue the ADD-FT-PARTNER command for all partner types while the FT system is running (openFT partner, FTAM partner, ftp partner and ADM partner).

You can modify the partner system entry with MODIFY-FT-PARTNER and delete it with REMOVE-FT-PARTNER.

Format

Operands

PARTNER-NAME =

Symbolic name of the partner system. It can be freely selected and need only be unique within openFT.

PARTNER-NAME = <name 1..8>
The operand value “name” consists of a maximum of 8 alphanumeric characters and must be unique in the local system. The FT administrator defines this name. This name can be used in the PARTNER parameter in all FT commands in order to address the partner system.

PARTNER-NAME = *NONE
Specifies that the partner is a dynamic partner.

PARTNER-ADDRESS = <text 1..200 with-low>
Address of the partner system. This specifies whether the partner is an openFT or FTAM or FTP or ADM partner. For more information on address specifications see section“Specifying partner addresses”.

SECURITY-LEVEL =

Assigns a security level to a remote system.

SECURITY-LEVEL = *STD
If you set this operand to *STD or if you do not enter a value here, a standard security level is assigned to the remote system. This standard security level is defined using the command MODIFY-FT-OPTIONS. You can define a fixed value or specify that the value should be attribute-dependent.

SECURITY-LEVEL = *BY-PARTNER-ATTRIBUTES
If you set this operand to *STD or if you do not enter a value here, a standard security level is assigned to the remote system:

• This setting assigns partners that are authenticated by openFT the security level 10.

• Partners that are known in BCAM (i.e. they are addressed via their BCAM names) are assigned the security level 90.

• All other partners are assigned security level 100.

SECURITY-LEVEL = <integer 1..100>
Must be specified if you wish to assign an individual security level to a specific remote system.

STATE = *PARAMETERS(...)
Controls the status of the partner system, i.e. the settings for file transfer requests issued locally (outbound) and file transfer requests issued remotely (inbound).

OUTBOUND =
Specifies the settings for file transfer requests issued locally to this partner system.

OUTBOUND = *ACTIVE (...)
File transfer requests issued locally to this partner system are processed.

AUTOMATIC-DEACT =
Defines whether cyclical attempts to establish a connection to this partner system are prohibited after a number of attempts by deactivating the partner system.

AUTOMATIC-DEACT = *NO
Failed attempts to establish a connection of this partner system do not result in its deactivation.

AUTOMATIC-DEACT = *YES
Failed attempts to establish a connection of this partner system result in its deactivation. In order to enable file transfer requests issued locally to this partner system to be executed again subsequently, it must be explicitly activated (with
OUTBOUND=*ACTIVE).

OUTBOUND = *DEACT

File transfer requests issued locally to this partner system are initially not processed (not started), but are only placed in the request queue. They are executed only after the partner system has been activated with
MODIFY-FT-PARTNERS ... , STATE=(OUTBOUND=*ACTIVE).

INBOUND =
Specifies the settings for file transfer requests issued remotely, i.e. requests which are issued by this partner system.

INBOUND = *ACTIVE
File transfer requests issued remotely by this partner system are processed.

INBOUND = *DEACT
Synchronous file transfer requests issued remotely by this partner system are rejected. Asynchronous file transfer requests issued remotely by this partner system are stored there and cannot be processed until this partner system is activated with INBOUND=*ACTIVE.

IDENTIFICATION =
Network-wide, unique identification of the openFT instance in the partner system.

IDENTIFICATION = *STD
For openFT and FTADM partners, the partner address or the hostname from the partner address is used as the identification. For FTP and FTAM partners, no identification is set.

IDENTIFICATION = <composed-name 1..64> / <c-string 1..64 with-low>
The network-wide, unique instance ID of the openFT instance in the partner system. This ID is used for authentication of partner systems as of openFT V8.1. It is set by the FT administrator of the partner system (in BS2000 by using MODIFY-FT-OPTIONS IDENTIFICATION= and in Unix systems or Windows systems by using ftmodo -id).
For more details on allocating instance IDs, please refer to section “Instanceidentifications”.

With FTAM partners an Application Entity Title can be specified as an identification in the format n1.n2.n3.n4..mmm. For details, see the section "Addressing via Application Entity Title" in the openFT User Guide.

No instance identification may be specified for FTP partners.

SESSION-ROUTING-INFO =
If the partner system is only accessible by a go-between instance, specify the address information that the gateway instance uses for re-routing here.
This is necessary, for example, for partner systems using openFT (z/OS), dependent on TRANSIT coupling.

SESSION-ROUTING-INFO = *NONE

By default, no specification is required.
The session selector can be specified as a part of the partner address.

SESSION-ROUTING-INFO = *IDENTIFICATION
Connections to the partner are re-routed via a gateway that supports the instance ID as address information.

SESSION-ROUTING-INFO = <alphanum-name 1..8>
Connections to the partner are re-routed via a gateway that supports the specified character string as address information.

PARTNER-CHECK =
Modifies the global settings for the sender check in a partner-specific way. These settings are only valid for named openFT partners that do not work with authentication.
This setting has no meaning for FTAM partners, FTP partners and dynamic partner entries.

PARTNER-CHECK = *BY-FT-OPTIONS
The global settings are valid for the partners.

PARTNER-CHECK = *STD
Disables the expanded sender checking. The transport address of the partner is not checked, even if the expanded sender checking is globally enabled (see the MODIFY-FT-OPTIONS command).

PARTNER-CHECK = *TRANSPORT-ADDRESS
Enables the expanded sender checking. The transport address is checked, even if the expanded sender checking is globally disabled (see the MODIFY-FT-OPTIONS command).If the transport address under which the partner is reporting does not correspond to the entry in the partner list, the request is rejected.

TRACE =
Trace setting for openFT partner systems. Trace entries are generated only when the FT trace function is activated by an operating parameter (MODIFY-FT-OPTIONS TRACE=*ON).

TRACE = *BY-FT-OPTIONS
The global settings apply for the partner.

TRACE = *ON
The trace function is activated for this partner. However, the trace is only written if the global openFT trace function is also activated (see also the MODIFY-FT-OPTIONS command, TRACE option, SWITCH=*ON). The setting made here takes priority over the setting in the operating parameters for selecting partners for the monitoring function, see the option TRACE=(...,PARTNER-SELECTION=).

TRACE = *OFF

The trace function is deactivated for this partner.

AUTH-MANDATORY =
Allows you to force the authentication of a named partner.

AUTH-MANDATORY = *NO
Authentication is not forced, i.e. this partner is not restricted with regard to authentication.

AUTH-MANDATORY = *YES
Authentication is forced, i.e. connections to and from this partner are only permitted with authentication.

PRIORITY=
This operand allows you to specify the priority of a partner in respect of processing requests that have the same request priority. This means that the partner priority only applies in the case of requests that have the same request priority, but that are issued to partners with a different partner priority.

PRIORITY = *NORMAL
The partner has normal priority.

PRIORITY = *LOW
The partner has low priority.

PRIORITY = *HIGH
The partner has high priority.

REQUEST-PROCESSING =
You use this option to control whether asynchronous outbound requests to this partner are always run serially or whether parallel connections are permitted.

REQUEST-PROCESSING = *STD
Parallel connections to this partner are permitted.

REQUEST-PROCESSING = *SERIAL
Parallel connections to this partner are not permitted. If multiple file transfer requests to this partner are pending, then they are processed serially. A follow-up request is consequently not started until the preceding request has terminated.

RECOVERY-OUTBOUND=
This operand controls the restart function for asynchronous outbound requests for this partner system.

RECOVERY-OUTBOUND= *BY-FT-OPTIONS
The global setting for the restart function for outbound requests is valid.

RECOVERY-OUTBOUND= *ON
The restart function for outbound requests to this partner system is activated. This is only valid if the global setting for the restart function is activated, too.

RECOVERY-OUTBOUND= *OFF

The restart function for outbound requests to this partner system is deactivated.

If the ADD-FT-PARTNER command is executed correctly then no message is output.

KEY-LENGTH = *PARAMETERS(...)
Configuration of the length of the RSA key and the length of the AES key.

RSA-PROPOSED
Length of the RSA key used for encryption. This key is used only to encrypt the AES key which is agreed on between the partners. openFT uses the AES key to encrypt the request description data and possibly also the file contents.
Default setting following adding partner or export from openFT older than version 12.1C70: *BY-FT-OPTIONS.

RSA-PROPOSED = *BY-FT-OPTIONS

This option specifies, that key value will be taken from global openFT options displayed via "SHOW-FT-OPTIONS" command. Either both of key values (RSA-PROPOSED and RSA-MINIMUM) need to be set to "FTOPT" or none. Combination of one key having global value and second local partner value (0 ... 4096) is not allowed, warning will be issued and keys will be adjusted automatically to "FTOPT" value.

RSA-PROPOSED = 0

Encryption is switched off.

RSA-PROPOSED = 768 / 1024 / 2048 / 3072 / 4096
Length of the RSA key (in bits) that is used for the transfer of the AES key of the session.

RSA-MINIMUM
Minimum length of the RSA key (in bits) accepted by the partner system for the transfer of the AES key for the request initiated by the partner.

Default setting following adding partner or export from openFT older than version 12.1C70: *BY-FT-OPTIONS.

RSA-MINIMUM = *BY-FT-OPTIONS
This option specifies, that key value will be taken from global openFT options displayed via SHOW-FT-OPTIONS command. Either both of key values (RSA-PROPOSED and RSA-MINIMUM) need to be set to FTOPT or none. Combination of one key having global value and second local partner value (0 ... 4096) is not allowed, warning will be issued and keys will be adjusted automatically to FTOPT value.

RSA-MINIMUM = 0
There is no configuration for the minimum length of the RSA key. Every key length is accepted and even requests without encryption can be processed.

RSA-MINIMUM = 768 / 1024 / 2048 / 3072 / 4096
Keys with this minimum length are accepted only. If the initiator uses a shorter key he gets a counter proposal of the responder of the session. A session without encryption will be denied.

Values from 0 to 4096 take priority over the ones specified in global openFT option visible via SHOW-FT-OPTIONS command.

When only RSA-MINIMUM or RSA-PROPOSAL is specified during addition of partner (without specifying second one), then both parameters will be set to global FTOPT values.

Command return codes