Maintained for Historical Purposes

This resource is being maintained for historical purposes only and is not currently applicable.

SFA to the Internet Status Update #14

Publication Date: October 9, 2001

Author: General Manager: SFA School Channel

Summary: SFA to the Internet Status Update #14


Posted on October 9, 2001

TO: All Destination Points

FROM: CPS/WAN Technical Support

RE: SFA to the Internet Status Update #14

SFA is pleased to share the 14th communication on SFA to the Internet
migration.

SFA to the Internet migration news: Early Adopter Migration ended October 4,
2001. As a result of the feedback from the Early Adopters, the cover letter
on the Download Web site has been updated to clarify information regarding
passwords and sending test transmissions.

The first migration deadline to be eligible for the 2001 Electronic Access
Conference (EAC) drawing was September 30, 2001. Congratulations to
Kirtland Community College in Roscommon, Michigan for winning the first
drawing. Their prize includes round trip airfare for one from their
regional airport to the conference location, 3 nights lodging at the
conference hotel and per diem for 4 days. The remaining migration deadlines
are October 15 and 31. If you migrate by the 15th, you will be eligible for
both drawings.

Through October 7th, 621 destination points have migrated to the Student Aid
Internet Gateway. Please migrate ASAP! In the same way that you ask your
students to "apply early", we are asking you to "migrate early". Destination
Points who wait until the last minute run the risk of not being transitioned
before the TIVWAN system is shut down. If you need assistance from Customer
Service please utilize the Migration Option we've added to the Interactive
Voice Response Unit (IVR). At the prompt, simply press 3 and your call will
be routed to our migration experts.

This communication will focus on Frequently Asked Questions (FAQs)
including:
* I use the auto export function of EDExpress. Once I migrate to
SAIG, how will I know which version of EDconnect contains the data files
ready to be exported?
* Our IT/Network security staff would like more information regarding
how the SAIG utilizes the firewall prior to opening up the port. What
additional information is available?

FAQ 1: I use the auto export function of EDExpress. Once I migrate to SAIG,
how will I know which version of EDconnect contains the data files ready to
be exported?

ANSWER - The Automatic export function in EDExpress causes the export to
populate the transmission queue in EDconnect. This allows the transmission
queue to be pre-filled so that manual entry in EDconnect is not required.
The automatic export function will populate the transmission queue of the
version of the EDconnect software that was most recently accessed.

Whenever you access your previous version of EDconnect to retrieve or
restore files that were transmitted prior to your migration, all you need to
do is log back into EDconnect 5.0.0 to reset the version of EDconnect for
the EDExpress auto export process.

FAQ 2: Our IT/Network security staff would like more information regarding
how the SAIG utilizes the firewall prior to opening up the port. What
additional information is available?

ANSWER - We understand the concerns of your technical staff regarding
Internet security.

A decision was made, due to the bulk transfer of data, to utilize FTP as the
transfer protocol for communication with the SAIG. This protocol is the
accepted industry standard for the reliable transfer of large amounts of
data through the Internet.

A subsequent decision was made to employ a type of FTP that provides the
least impact to current destination points utilizing FTP at their sites.
Standard FTP servers utilize port 21 for control information and either a
random high order data port or the default FTP data port 20, depending on
the mode of transfer (active/passive).

Design decisions were also made due to the encrypted nature of the control
information sent via SSL. Many client sites utilize NAT to change
non-routable IP addresses to a single routable address. It was determined
that current firewall technology at the client sites would require
significant updates or specific versions of a few vendor's firewalls to
support encrypted traffic being NAT'd.

There are two stages to FTP communication: establishing the connection
(control port) and transferring of data (data port). The SAIG FTP client
software used for both PC's and non-PC (i.e. mainframes) platforms utilize
port 26581 for all communication, both control and data. Only the client
software may initiate a connection with the SAIG server, therefore a client
site FW must only allow their protected devices to initiate outbound
connection requests through TCP port 26581 to the SAIG portal. Inbound
connection requests may be blocked, thereby eliminating vulnerability of
your protected devices. Subsequent data will flow through the same
connection to and from the SAIG portal.

In summary, if you wish to communicate through your firewall you will need
to open port number 26581 for outbound connection requests and as well as
inbound and outbound data traffic to IP address 198.77.163.220 (SAIGPortal).
This will allow the PC client software (EDconnect) and the non-PC software
(EasyAccess) to communicate through a firewall.

If your technical staff is still not comfortable opening up the port you
could bypass your firewall entirely by acquiring an outside ISP, install or
keep the existing modem, and transmit all data as you do today. Connect to
the Internet via a local ISP first and then use EDconnect 5.0.0 to
send/receive data.

How do I find out more about this project?
We will send SFA to the Internet communications weekly during the migration
process. Each communication will be titled "SFA to the Internet Status
Update". If you miss any of the updates, all information can be found at
http://www.ed.gov/offices/OSFAP/sfatech/sfafaq.html. We encourage you to
bookmark this location.

You can also access this Web site from the School Portal
(http://fsa4schools.ed.gov), SFATECH, or IFAP Web sites.

How will I be supported throughout the migration process?
If you have any questions about the migration process, contact CPS/WAN
Technical Support at 1-800-330-5947 or via e-mail at CPSWAN@ncs.com. For
your convenience, we've added a Migration Option to the Interactive Voice
Response Unit (IVR). When prompted, simply press 3 and your call will be
routed to our migration experts.

Last Modified: 10/08/2001