Maximize the performance and availability of your managed file transfer (MFT) operations
Progress® MOVEit® Transfer has a flexible architecture that delivers scalability and high availability. This document provides an overview of MOVEit Transfer, how its high availability capabilities work and what resources are required to implement them.
Tiered Architecture and Web Farm Support
MOVEit Transfer has a flexible architecture that can be deployed on one, two or more systems and in various configurations depending on your business, technology and security requirements.
CONFIGURATION | BUSINESS REQUIREMENT | MOVEit FILE TRANSFER (DMZ) | DETAILS |
|---|---|---|---|
Tiered Architecture Deployment | Security and IT Policy | 1 Production Server | Deploy MOVEit File Transfer, file system, and database on three different servers as part of a segmented network |
Web Farm | Performance and Scalability | 2 or more Production Servers | Use load balancer or application nodes to distribute load across multiple MOVEit instances |
Tiered Architecture
Tiered architecture enables the deployment of MOVEit Transfer in a distributed configuration with the application, database and file system running on different machines. This configuration is flexible and can expand to provide increased file transfer performance and availability.
A deployment with a single application node (one MOVEit Transfer application) provides increased security by segmenting the database and file system components on different servers. Files and permissions/configuration data are moved off the public DMZ. A multi-tier deployment can also leverage infrastructure by integrating MOVEit Transfer with existing database servers and SAN/NAS storage servers.
Web Farms
A deployment with multiple MOVEit Transfer nodes (a Web Farm) increases performance and availability by distributing the file transfer load. The Web Farm deployment is described in the following sections. Configuring a Web Farm requires planning and preparation for installation. Progress offers training and professional services support that can help smooth the implementation process.
While you can have a single node multi-tier configuration, a Web Farm configuration requires a minimum of two identical MOVEit Transfer production licenses, each with the same number of organizations and options (including API Interface and Ad Hoc packages).
Acquisition of two or more MOVEit Transfer licenses permits the licensee to use the required “MOVEit Transfer Web Farm” application without charge.
A MOVEit Transfer Web Farm can be implemented using any combination of physical or virtual systems (Microsoft Hyper-V and VMware ESX are both supported for this purpose).
Web Farm Data Storage
The MOVEit Transfer Web Farm software allows multiple application nodes (MOVEit Transfer applications) to use shared data storage locations, possibly located on a LAN segment separate from your File Transfer zone. User, file and folder metadata and the audit log are stored in the MOVEit Transfer SQL Server database, which can be on one host. Encrypted files and debug files are stored in the file system, which can be on another system. Heavily accessed global settings are stored in the registry on the DMZ nodes and replicated across nodes through the database.
High Availability and Performance
The distributed deployment of MOVEit Transfer components provides a means to scale availability and increase performance by adding application nodes to the Web Farm. High availability can be achieved by eliminating single points of failure through clustering multiple database nodes and multiple FileSystem nodes. The MOVEit Transfer Web Farm operates as a single MOVEit Transfer system that handles all client requests and coordinates data across the nodes.
Load Balancer (LB) Requirements
High availability utilizes a separate third-party LB hardware device. If FTP and SFTP are required when deploying a separate LB hardware device, the LB must be able to direct each connection’s traffic to the same MOVEit Transfer node for the entire communication. This is sometimes called “sticky” connections. When selecting an LB, consider its ability to handle certain types of traffic from the MOVEit nodes, including SMTP notifications, LDAP and RADIUS queries, as well as packets from any third-party monitoring tools being used.
Network Attached Storage (NAS) Requirements
High Availability requires the use of a third-party NAS device to store the files uploaded to it. The NAS is used to store the files that are uploaded to each of the MOVEit Transfer nodes. (Before being stored, each file is protected by MOVEit Transfer using its built-in FIPS 140-2 validated 256-bit AES encryption, with each file having its own encrypted key.) If an existing internal NAS will be used as part of the MOVEit Transfer setup, it will be necessary to determine the minimum number of firewall rules required to let the MOVEit Transfer nodes communicate with the internal NAS from inside the firewall’s DMZ segment.
Storage Area Network (SAN) Option
High Availability can support using a SAN to store the MOVEit Transfer AES-encrypted files. Doing so does not involve paying a separate MOVEit license or maintenance fee. Using a SAN requires using an intermediate machine configured to act as a NAS interface. For example, if a configuration calls for two MOVEit Transfer nodes and a fiber SAN attachment is available, a third box should be set up to connect to the SAN (via fiber) and to share the SAN drive with MOVEit Transfer Primary and Secondary nodes. This enables the SAN to be used as if it were a NAS device.
Database
For busy systems, use MSSQL Always-On or Azure SQL DTU-based Premium service tier to provide read-only access to the database, which can be used for reporting.
This can be configured in the Advanced Database settings in the MOVEit Transfer Config Utility.
System Requirements
Each MOVEit Transfer node must be using the same MOVEit Transfer version and the identical MOVEit “Add to Web Farm” utility version. See MOVEit Transfer system requirements for the list of supported platforms. Please refer to the Progress support website for further information on hardware and software system requirements.