Direct connection sounds like a great way of exchanging EDI documents with your trading partners. A single point-to-point connection between you and your partner provides a fast and efficient way of doing business. But although AS2 is the most popular direct connection, there are many other direct connection options, such as SFTP and OFTP, and each connection may require a different set-up, resulting in a complex and resource-intensive program.
Adding to the complexity, very few organizations have only one trading partner and using the direct connection approach means effectively managing a separate system for each one of them. As direct connection is based on the transport protocol that the partner wants to use, you must be able to support a wide range of protocols, including AS2, FTP/VPN, SFTP, and FTPS. Direct connection outsourcing can help your organization to manage complex connections and can deliver significant benefits to your business. So, how do you know if direct connection outsourcing is a good option for you?
Managing multiple direct EDI connections
The real challenge with managing direct connections yourself comes when each partner enacts an EDI service on a particular protocol in a slightly different manner. You’ve been asked to implement EDI trading on AS2, for example. You and your customer will still have to agree on the actual connection details – whether to use HTTP or HTTPS – how to handle message receipts, and which security algorithms and signatures to use. The solution you settle upon will be different for every one of your partners who use the AS2 protocol and you’ll have to manage each instance.
It doesn’t take too many separate direct connections before you are into serious complexity that demands a great deal of management to ensure all connections are secure, up-to-date and performing well.
Each protocol offers its own range of features and benefits. For example, FTP delivers speed of implementation and ease of use, SFTP and FTPS builds security on top of this and OFTP–or Odette–was originally designed for EDI in the automotive sector but is now used across many other industries. AS2 was developed to overcome many of the security and feature limitations of other Internet-based protocols. It has gained widespread adoption since Walmart mandated the protocol for all dealings with its suppliers. Let’s review some of the most commonly used communication protocols:
FTP (File Transfer Protocol) with VPN (Virtual Private Network) – FTP was the first robust, reliable file transfer protocol developed and is still used today by many businesses, particularly for file exchange within a company. However, FTP by itself does not provide the security needed for document exchange with other companies over the Internet. For this reason, businesses that use FTP use it in conjunction with VPN software to provide the security layer needed. However, neither FTP by itself nor FTP with VPN provides non-repudiation or message management, unless you use it to connect to an EDI Network Services Provider. Non-repudiation provides proof that the sender is who they say they are. Message management provides status information on a message such as whether it has been received and opened.
SFTP (Secure File Transfer Protocol) and FTPS (File Transfer Protocol Secure) and OFTP (Odette File Transfer Protocol) – SFTP and FTPS achieve a secure connection by leveraging a related protocol that uses SSL (FTPS) or SSH (SFTP). File compression techniques and check point restart capabilities allow large files to be exchanged quickly between business partners. This combination encrypts the entire communications channel to protect the data. In other words, the transport is secured, but not the payload. When combining additional security with FTP however, it will influence the cost and interoperability and neither fully address non-repudiation or message management.
OFTP (Odette File Transfer Protocol) – OFTP uses a combination of Secure Socket Layers (SSL), data encryption and digital certificates to ensure that business documents are exchanged securely across the automotive industry and others. Most OFTP users chose either TLS, which encrypts the channel, or signing/encryption using public/private keys, which encrypts the payload. The advantage of using OFTP is that, unlike SFTP and FTPS, this protocol provides delivery status information (called an EERP, “End to End ResPonse) and advanced compression capabilities that are built into the protocol.
AS2 (Applicability Statement 2) – AS2 was developed specifically to overcome the limitations of the other security protocols noted above. In addition to providing a high level of data security, it addresses non-repudiation, message management and interoperability. The major boost to its usage was when it was mandated by Walmart as the only acceptable communication protocol for suppliers wishing to do business with them. Its usage soon spread to other major businesses and was followed by AS3 and AS4, although AS2 remains the most popular.
There are several challenges to a successful AS2 program. AS2 is a “push” protocol, meaning documents are sent as soon as they are available, and the business partner must be ready to receive them. The recipient’s server must be up and running 24×7, with personnel ready to troubleshoot any communication issues. In addition, management of the private and public keys used for non-repudiation and security adds another layer of complexity to its operation. Moreover, because AS2 is much more sophisticated than the other protocols, a highly skilled staff will be needed to support it.
Managing direct connections in-house
You have several choices when selecting a secure communication protocol for your EDI documents, and resources like this blog on “5 considerations when choosing between AS2 and FTP” can help. Because of its full functionality, many companies opt to use AS2 for exchanging EDI documents for their direct connect partners. AS2 best addresses all the key requirements but requires a higher level of commitment. If you use one of the other secure protocols, then the use of a provider should be considered to address the gaps in capabilities.
The benefits of direct connection outsourcing
As the number of direct connections you have with trading partners grows, so does the complexity, making it increasingly resource-intensive to manage internally. In addition to managing the hassle of connecting new trading partners, you would also have to manage the spider web of connections with current trading partners. It’s rarely connected and done – you would have to monitor and troubleshoot any issues and manage protocol changes. Outsourcing becomes an attractive option.
There are two options: you can deploy a fully managed services solution where the provider manages your entire EDI capabilities, or you can outsource only your direct connections. Some organizations may prefer the cost and control benefits of outsourcing their direct connections to the provider while retaining management of their EDI via VAN messaging network.
Direct connection outsourcing means that you don’t have to purchase new software or deal with service elements such as firewall, certificates or 24/7 availability. This removes a great deal of complexity from day-to-day EDI operations. Of course, you should first identity what the upfront and recurring fees are going to be. These are likely to be much less costly than the time and expense of doing it yourself–especially where the provider has also developed your EDI solution as they already have in-depth knowledge and experience of how to get the best performance from your system.
In this way, you can quickly establish direct connections with your trading partners and grow your partner community without worrying about placing unsustainable pressure on your IT department or over-stretching your budget for EDI.
If you’d like to know more about how OpenText provides direct connection outsourcing services to help you offload the hassle of managing your AS2, AS3, SFTP or OFTP connections, please contact us.