FTP over VPN, SFTP and FTPS

Popular Communication Options for Exchanging EDI Documents Directly or via an EDI Services Provider.

FTP over VPN, SFTP and FTPS are also among the most commonly-used communication protocols for the exchange of EDI documents via the Internet. Any of these can be used to connect to business partners directly (Direct EDI) or to connect to them via an EDI Network Services Provider.

FTP (File Transfer Protocol) with VPN (Virtual Private Network) – FTP was the first robust, reliable file transfer protocol developed and is still used by many businesses today, particularly for file exchange within a company.  However, FTP by itself does not provide the security needed for document exchange with other companies over the Internet.  For this reason, businesses that use FTP use it in conjunction with VPN software, which provides the security layer needed.

However, neither FTP by itself nor FTP with VPN provides non-repudiation (the ability to confirm that a document was actually sent by the sender indicated) within the file being exchanged. Nor does it provide for message management features that provide confirmation to the sender that documents have been successfully received and decrypted.  Moreover, interoperability may be an issue because there are many different ways of implementing VPN on your system, as well as possible differences in versions of VPN. Although FTP with VPN does not address these important B2B factors, you can use it to connect to an EDI Network Services Provider who then provides the non-repudiation, message management and interoperability required.

SFTP (Secure File Transfer Protocol) and FTPS (File Transfer Protocol Secure) – Both SFTP and FTPS are secure Internet protocols. The major difference between the two is in how each provides security and performs encryption. The security layer used by SFTP was developed by the Internet Engineering Task Force.

Both protocols encrypt the data while in transit, keeping it safe while moving over the Internet, and then decrypt it upon arrival at its destination.  However, neither provides non-repudiation or message management.  As with FTP with VPN above, interoperability is a major issue and again, you can use either one to connect to an EDI Network Services Provider who then provides the non-repudiation, message management and interoperability required.