Managed File Tokenization

Overview

VGS offers multiple options for ingesting and processing batch data using the Managed File Tokenization (MFT) suite. This flexibility ensures that customers can securely and efficiently manage data transfers using standard protocols such as SFTP and FTPS as well as cloud technologies such as S3 cross-account replication and similar technologies. The adaptability of VGS’s system allows for data to be received through any chosen method, validated for correctness before processing, processed in accordance with a pre-determined Service Level Agreement (SLA), verified to ensure no accidental data loss or leakage, and then delivered seamlessly to any designated destination. This comprehensive approach facilitates a streamlined process for handling large volumes of data, ensuring that businesses can maintain operational efficiency and data integrity across their data management practices.

VGS MFT enhances the security and efficiency of data handling by offering advanced features such as decryption and decompression of files upon receipt, as well as encryption and re-compression before delivery. By managing the encryption and compression, VGS not only secures sensitive information but also optimizes the data for storage and transfer, reducing file sizes and minimizing the risk of unauthorized access.

File Type Support

VGS MFT currently supports the following file types:

  • Standard “Separated Value” formats (CSV, PSV, TSV, etc…)

  • Fixed-width

  • XML

  • JSON

  • Parquet

  • ISO8583

  • Pseudo-structured, human-readable text files

  • EBCDIC

  • VGS can convert EBCDIC data to a more common and usable format and tokenize any sensitive data found within the EBCDIC data.

  • VGS is open to discussing support for additional formats that do not fit into the above list

File Transmission Options

VGS Supports multiple methods of file transmission. Note that the method of file transmission can be different for ingesting files vs delivering files. For example, VGS may collect data via SFTP, and deliver via an S3 Copy. VGS is committed to using the most appropriate technology available for exchanging data with customers and third parties.

SFTP

VGS Pickup and Delivery via SFTP

VGS MFT can be configured to periodically check external SFTP Servers for files that match a specified file naming convention. Similarly, after processing a file, VGS can be configured to deliver to an external SFTP Server.

Setup Requirements

VGS will provide the sender with the following information:

  • RSA Key (assuming key-based authentication)

  • IP Addresses (if needed)

The owner of the SFTP Server will provide VGS with the following information:

  • Host

  • Port

  • Username

  • Password (assuming username/password authentication)

VGS Receiving via SFTP

VGS can optionally create an SFTP server that can be used for file receipt or delivery. In this case. The SFTP Servers can be used for vendors to deliver raw data files to VGS, or as a dropzone for VGS to deliver sanitized data files to the customer.

Setup Requirements

VGS will provide the sender with the following information:

  • Host

  • Port (22)

  • Username

The sender will provide VGS with the following information:

  • RSA Public Key

VGS will load the public key into the VGS SFTP Server for the given username.

AWS S3 Transfer

Files can be copied directly to a VGS S3 bucket and then processed. VGS supports both S3 replication and S3 copy.

Setup Requirements

VGS supports both S3 Replication and S3 Copy for transferring files to and from S3 buckets. Below are the AWS runbooks that VGS and the sender/receiver should follow in order to set up the cross-account S3 to S3 file transfers. VGS can also provide cloud formation scripts in order to simplify the creation of the environments on the sender or recipient’s side.

IBM Connect Direct

VGS can configure Connect Direct file jobs to receive files from different partners. VGS anticipates that connections over IBM Connect Direct will require tight coordination with the third party.

Setup Requirements

The third party looking to transfer data to VGS will need to provide the following information in order to complete the IBM Connect Direct setup:

  • Node Name

  • Server IP Address or URL

  • Port (usually 1364)

  • Username (usually appuser)

  • Full certificate chain

  • Each deployment of IBM Connect Direct requires software licenses. VGS will need licenses for both sandbox and production connections to the third party.

PreviousFTPS over SFTPNextTCP Proxy (ISO8583)

Last updated