Implementing Progress® MOVEit® Cloud brings your organization a host of benefits that make secure file transfer in the cloud a compelling option. Ease of use, predictable costs, central control, full visibility and compliance with leading cyber security standards are just the start.
Let’s take a look at the system management responsibilities that your IT team normally would handle in the course of day-to-day operations. When you use MOVEit Cloud for secure file transfers, the Progress team takes over these responsibilities:
- Capacity planning to position resources in line with expected use
- Server maintenance/patching to maintain an up-to-date system
- Application software upgrades to the latest releases
- ASV scans and mitigations
- 24x7 server monitoring
- 24x7 on-call support for server issues
- Daily log reviews
- Annual PCI/HIPAA/SOC2 audits for compliance
- Annual penetration testing and mitigation as needed
- Annual failover testing
Additionally, the Progress team assists customers with one-time implementation tasks as part of the MOVEit Cloud paid implementation service. This includes:
- Configuring and validating customer’s base URL
- Admin training
- Organization-level security hardening to employ best-practices settings
- Six months of e-learning access
- Branding assistance
- Reduction of time spent managing your system and handling migrations
- Provisioning of the customer’s organization
- Delivery of the first set of admin credentials used to create accounts
You retain control of the configuration and operation of your organization within the MOVEit Cloud system. This includes the following day-to-day administration work of managing folders, users and groups as well as the less frequent work of managing organization-level settings, such as:
- Appearance and user interface settings such as branding, notifications and language options
- Security settings, including password policies, user authentication settings, protocol settings, group and folder permissions
- Ad Hoc Transfer settings
The following matrix outlines potential technical changes to service that may be required when migrating from Progress® MOVEit® Transfer to MOVEit Cloud. Actual technical changes will depend on the deployment being migrated and your organization’s specific needs.
You can get answers to migration-related questions during a migration scoping call with Progress Professional Services. All items in this matrix apply to all migrations to MOVEit Cloud.
| Impacts | Notes |
|---|---|
| Migration to the latest version of DMZ | Application version will be the one currently on MOVEit Cloud. Customers should review the release notes between the current on-premises version and the new MOVEit Cloud version to determine possible version impacts on users. |
| Loss of current audit trail | Customer’s current audit logs will not be migrated into MOVEit Cloud. |
| Updated server IP address | IP will change for both production and Disaster Recovery (DR), but customers can either use a wildcard URL *.moveitcloud.com or something a bit more specific to their deployment by purchasing the custom URL option. |
| Default ports | MOVEit Cloud uses the following ports, which you will need to open in your firewall: 443 HTTPS, 21 FTPS-Explicit (10021 w/client certs), 990 FTPS-Implicit (100990 w/client certs), 22 SFTP and a Passive FTPS data port range of 3000-3200. |
| Insecure FTP | To support the requirements of the PCI-DSS security standard, insecure FTP is NOT allowed within the MOVEit Cloud environment. |
| SSH server certificate | MOVEit Cloud will use a different SSH server certificate than your on-premises certificate, which means you may have some SSH clients that need to accept the new SSH server certificate before they can connect. Progress can import the on-premises SSH server certificate to MOVEit Cloud upon purchase. |
| SSL configuration | SSL configuration can be compared using www.ssllabs.com/ssltest against www.progress.com/moveit/moveit-cloud and the existing on-premises MOVEit DMZ URL. |
| Deprecated clients | See above for compatibility related to SSL configuration. All clients will need to support TLS 1.2 or TLS 1.3. |
| SMTP Mail | MOVEit Cloud is a global offering, so our emails are sent using Mailjet, which uses servers in Paris, France. This means that customers will need to make sure that they are allowing emails from outside the US. The default “Send from” email address will be changed to noreply@moveitcloud.com. Alternatively, a custom email can be used but this domain will need to be confirmed and activated by Cloud Operations before it can be used. |
| Miscellaneous system settings | There are a few MOVEit system-level settings that may involve minor impacts that boost security: no verbose error pages, IP lockouts are 15 tries in five minutes with no expiration and meta-refresh is enabled. |
| Content scanning (AV & DLP) | |
| Siteminder integration | This is not available for MOVEit Cloud. |
| External authentication | This is not available for MOVEit Cloud. |
| Custom templates | External authentication should be identified for validation during test migration. |
| AS2 | AS2 transfers will require an updated URL that contains the OrgID from the cloud organization and needs to be tested during the testing phase of the Cloud migration process. |
| Audit logs | Default retention for online audit logs is 30 days. 90 day retention available for PCI and HIPAA toolkit subscribers. |
| Unique usernames | Unique usernames are enforced across all organizations in the shared environment. |