Skip to content
Xferity

Enterprise File Transfer — What It Means and What It Requires

Enterprise File Transfer

Section titled “Enterprise File Transfer”

Enterprise file transfer is the managed, auditable, automated movement of business-critical files between systems and trading partners.

It is distinct from ad hoc file copying in the same way that a managed database system is distinct from a folder full of text files. The difference is operational control: you know what ran, when it ran, what the outcome was, and who was involved.

Xferity supports the following enterprise transfer protocols

Section titled “Xferity supports the following enterprise transfer protocols”
  • SFTP — SSH-based file exchange. SSH host verification required. Password and key authentication.
  • FTPS — FTP over TLS. Explicit TLS mode. Server certificate validation.
  • AS2 — HTTP-based B2B with signed and encrypted messages and MDN receipts.
  • Amazon S3 (and compatible endpoints) — Object-based transfer. Region, bucket, prefix, and IAM-compatible credential support.
  • WebDAV — HTTP-based file exchange for systems that expose WebDAV endpoints.
  • Azure Blob — Azure Storage Blob-based file exchange with connection string and SAS token support.
  • Local filesystem — Source and destination path on the host filesystem.

What enterprise file transfer requires

Section titled “What enterprise file transfer requires”

Explicit trust verification

Section titled “Explicit trust verification”

Every connection to an external partner endpoint must have an explicit trust basis:

  • SSH host key fingerprint for SFTP
  • TLS certificate chain for FTPS
  • Certificate roles for AS2 signing and encryption

Systems that skip verification (e.g., StrictHostKeyChecking=no) accept any endpoint as valid. That is not enterprise posture.

Credential management

Section titled “Credential management”

Transfer credentials — SFTP passwords, API keys, S3 secrets, AS2 private key passphrases — must not live in scripts, plain configuration files, or version control.

Xferity resolves credentials at runtime from:

  • environment variables
  • files (e.g., Docker secrets mounts)
  • HashiCorp Vault
  • AWS Secrets Manager
  • Azure Key Vault
  • GCP Secret Manager
  • Xferity local vault (encrypted in Postgres)

Retry and failure handling

Section titled “Retry and failure handling”

Transient failures — a network timeout, a brief server unavailability — should be retried automatically with backoff, not require manual re-running.

Xferity retry policies:

  • fixed: uniform delay between attempts
  • linear: delay increases by a fixed increment per attempt
  • exponential: delay doubles per attempt with configurable max
  • none: fail immediately

Idempotency

Section titled “Idempotency”

When a flow run is retried after a partial failure, already-processed files should not be re-delivered. Hash-based idempotency records which files were processed so they are skipped on retry.

Audit evidence

Section titled “Audit evidence”

Enterprise transfer produces records that answer:

  • what file moved
  • when it moved
  • to which partner endpoint
  • what the outcome was
  • whether it was a duplicate

Xferity produces structured JSONL audit records with tamper-evidence hash chaining and a xferity trace <file> command for instant file lifecycle lookup.

Certificate and key lifecycle

Section titled “Certificate and key lifecycle”

Certificate expiry is one of the most common causes of silent partner exchange failure. Enterprise transfer requires:

  • an inventory of certificates and PGP keys in use
  • expiry tracking with warnings before expiry
  • binding certificates to partner roles with clear review

Deployment flexibility

Section titled “Deployment flexibility”

Enterprise infrastructure teams require:

  • Linux deployment (native binary or container)
  • Docker and Docker Compose support
  • Windows Server support where required
  • Air-gapped deployment without outbound cloud dependencies
  • Postgres-backed for persistent state, sessions, and HA

What Xferity provides

Section titled “What Xferity provides”

Xferity addresses each of these requirements:

Protocol support:      SFTP, FTPS, AS2, S3, WebDAV, Azure Blob, local
Trust verification:    SSH host keys, TLS certificates, AS2 cert roles
Credential management: 7 secrets providers, hardened mode enforcement
Retry policies:        fixed, linear, exponential, configurable max
Idempotency:           SHA-256 hash-based deduplication
Audit:                 JSONL events, tamper evidence, file trace, API query
Cert/key lifecycle:    inventory, expiry warnings, partner bindings
Posture monitoring:    50+ checks, regression detection, suppression model
Deployment:            binary, Docker, Windows, air-gapped capable
Section titled “Related pages”