AS2 and FTP are the most popular Internet Protocols used for B2B communications, but which is better for your community of business partners?
What are the five critical factors you should consider when selecting between AS2 and FTP?
Each IP communications protocol takes a different approach to securing information (or not securing it at all). Some protocols encrypt the transport layer while others secure the payload (the actual data).
- FTP by itself does not address security. But you can achieve a secure connection by using security mechanisms such as Virtual Private Network (VPN) or leveraging a related protocol that uses SSL (FTPS) or SSH (SFTP). This combination encrypts the entire communications channel to protect the data. In other words, the transport is secured, but not the payload. When combining additional security with FTP however, it will influence the cost and interoperability.
- AS2 focuses on encrypting the data rather than the transport channel, providing end-to-end to ensure security. Optionally, with AS2 you can encrypt the channel with SSL as well on top of the payload encryption. AS2 also provides a hashing process to ensure that a file was not tampered with during delivery.
Another facet of security to consider is non-repudiation. Repudiation refers to the ability to confirm that a document was actually sent by the claimed sender.
- FTP, FTPS and SFTP do not address non-repudiation.
- AS2 uses digital certificates to ensure that documents are delivered only to the intended recipient. The certificates also ensure that the messages are secured in transit and that the sender can be verified. You must manage the certificates used by your company and by your trading partners yourself. Management tasks include generating certificates, tracking certificates used by your trading partners and processing expired or revoked certificates.
- Message Management
When doing B2B, you need a standard way to know whether messages got where they were going and whether they were successfully decrypted and verified.
- FTP does not fully address message management. FTP will send a confirmation of the number of bytes transferred after sending a document. However, FTP provides no indication that the message was successfully processed.
- The AS2 standard provides a status message called the “Message Disposition Notification” (MDN). Because AS2 places a message in an envelope to enable it to be transmitted over the internet, you need to know that the message was successfully extracted from that envelope. After transmission of a message AS2 sends an MDN indicating whether the document was successfully or unsuccessfully extracted from the envelope.
- Ease of Use and Interoperability
Naturally, you will want to choose a protocol that enables you to connect easily to your trading partners.
- VPNs are a very popular technology for securing Internet-based communications within the enterprise. However, the use of FTP over a VPN for communications between two different companies can introduce interoperability issues. Chances are high that your business partners might be using VPN technology from a different vendor. You must ensure that your VPN software is compatible and are configured to work with the VPN of your business partner. Enhanced FTP protocols such as FTPS and SFTP software requires less configuration. However, mixing FTPS and SFTP software from different vendors often creates interoperability challenges.
- The AS2 standard was designed specifically for B2B e-commerce transactions over the internet. AS2 enjoys huge adoption and provides built-in business-grade transaction management. AS2 is backed by the Drummond Group, an organization which performs certification testing on all vendor software to verify its interoperability with products from other vendors. Thus, you are guaranteed that if you buy any two products from the list of Drummond-certified products that they will work together well.
- The biggest advantage of FTP is that it is ubiquitous. FTP was the first robust, reliable file transfer protocol. The setup is nearly instant if you know the name of the server you need to reach and it has low administrative overhead, as long as you are using very basic file transfer. But, if you want to add message management, security and other required B2B features, the overhead increases.
- AS2 requires specialized software, technical expertise and certificate administration, which leads to higher processing overhead. Some of these costs can be offset by working with a service provider. You can offload most of the management hassle of running an AS2 solution—and can also reduce your operating costs.