Skip to content
Xferity

Building a Modern MFT Platform — Architecture Decisions in Xferity

Building a Modern Managed File Transfer System

Section titled “Building a Modern Managed File Transfer System”

Most legacy file transfer systems were built before containers, before infrastructure-as-code, and before security posture monitoring was a standard expectation. They carry operational debt from a different era.

A modern MFT system should be different in four areas.

Configuration as code

Section titled “Configuration as code”

Every partner definition, flow, and setting should live in a file that can be committed, reviewed, and deployed through standard change control.

When your file transfer configuration is in a GUI database that requires screen-by-screen review to audit, you have a change control problem. When it is in YAML under version control, you have a solved problem.

Explicit trust with no implicit exceptions

Section titled “Explicit trust with no implicit exceptions”

Every connection to a partner endpoint should have an explicit trust basis — a known SSH host fingerprint, a TLS certificate chain, an AS2 certificate role. The system should fail clearly when that trust basis is absent, rather than accepting any key silently.

Implicit trust is a security debt that accumulates invisibly until it becomes an incident.

Structured, queryable audit evidence

Section titled “Structured, queryable audit evidence”

Transfer history should exist as structured records, not log lines in application logs. Operators should be able to answer “what happened to this file?” without grepping through multi-gigabyte log files.

The audit model should produce records that can be queried directly and shipped to external retention systems.

Deployment that fits modern infrastructure

Section titled “Deployment that fits modern infrastructure”

An MFT system should run as a binary, as a container, with a documented upgrade path, and without requiring a Windows-only deployment.

Modern infrastructure teams have expectations: Docker, Linux, Kubernetes, or at least native binary deployment. An MFT system that only runs on Windows Server 2019 is a deployment problem, not just an operational one.

What this looks like in Xferity

Section titled “What this looks like in Xferity”
  • YAML flow and partner definitions under version control
  • strict SSH host verification and TLS validation with explicit failure on missing trust
  • structured JSONL audit log with tamper-evidence chaining
  • xferity trace <filename> for file lifecycle queries
  • single Go binary, Docker-native, Windows-supported
  • Postgres-backed for persistent sessions, queued jobs, and posture snapshots
Section titled “Related pages”