Version 7.1.3.

FTP Configuration Preface

General
This document explains the general considerations regarding starting and maintaining the FTP
workflows. Generally, the end user AlbumMaker communicates with the lab side of
AlbumMaker in order to upload orders, perform payment and receive updates. In order for the
FTP server and AlbumMaker's connection to work, some steps and configurations are required.

This document serves as a general explanation of the FTP protocol and brings some issues for
consideration. To find out how to configure each of AlbumMaker's workflows, please read the
appropriate documentation.

FTP Protocol
The FTP (File Transfer Protocol) was invented in 1971. Its main goal is to transfer files between
a client and a server. Although the FTP was implemented by many companies and is generally
unified, there are several specifications and revisions since the original FTP was published.

The FTP works by a client connecting with the FTP server through a third party application. The
connection is usually made through TCP/IP port 21, although this port can be changed. After
first connecting to the FTP server, the client sends general commands, such as user name,
directory management and file transfer. When initiating a file transfer or directory commands, a
new TCP/IP port is opened by the server or client, which transfers the files to or from the server.
The transfer port is either a fixed port, or a random port from the operating system's port pool.
This transfer port is also called an ephemeral port.

When sending or receiving files through the FTP, there are two ways to transfer these files;
Active mode or Passive mode.
Passive mode means that the server opens the port, and informs the client which ephemeral port
to connect to, while Active mode means that the client opens the ephemeral port on its side, and
informs the server to which port to connect to. Although many servers support both features, the
mode of transfer needs to be set in the FTP server. The default mode of operation is Passive
mode.

FTP Server considerations

Most operating systems has a built in FTP server support. You can find the ability to enable an
FTP server through Linux, Mac and Windows based servers. However, these operating system's
FTP servers usually aim for home users or simple FTP servers, and does not allow extended
features or maintenance. It's recommended that you buy a professional or dedicated FTP server
instead of using a basic one.

Our recommended FTP server is the ServU application (for windows), which supports many
features, such as the resume support, and is more stable than the basic IIS FTP server of
windows.

Also, note that users need to upload files to the server, so you need to give users full access to
the FTP sever directories when setting the FTP server user access rights.
1
Version 7.1.3.0

FTP Configuration Preface

FTP Commands and transfers considerations

The client – server general communication is by sending a command and receiving a reply. For
example, if the client needs to change its current directory on the FTP server, it sends the
command "CWD". There are many commands that can be sent to the server, and there can be
settings on the FTP to disable these commands.

In order to run a stable FTP communication, you need to make sure that no FTP command is
disabled on the FTP server configurations.

Also, you should ensure that the server supports and uses the Binary transfer mode, instead of the
ASCII mode, to ensure no data is corrupted while transferring the files.

FTP Session considerations

While transferring multiple files, AlbumMaker and the FTP uploader may open multiple sessions
from the same computer or from multiple computers.

In order for this to work, you need to make sure not to limit FTP sessions and FTP sessions per
IP on the server configurations.

Active Mode vs. Passive Mode

When using Active mode, the end user opens a port and waits for the server to connect. This
means that if the end user computer has a router which does not forward ports, the server will not
be able to connect to the end user. Also, most firewalls or Anti Viruses with integrated firewalls,
including the operating system's firewall, presents a security alert during the Active Mode to
allow the connection or not. This means that many end users may not allow the connection.

It's not recommended to use the Active mode; you should set both in AlbumMaker and on the
FTP server to the default of Passive mode.

Port Range considerations

The TCP/IP protocol, which holds the base of the communications for the FTP, is made through
ports. A TCP/IP port is like the extension of the IP. For example, when accessing a web server,
the computer usually contacts the web server through its IP, and through port 80. The default
port for the FTP is 21. The TCP/IP protocol supports ports 0 to 65535, but the first 1024 or so are
fixed and are used by other applications. The "un fixed" ports are the ephemeral ports, which are
the ports opened by the server or client during file transfers for the FTP. Although it's possible to
set this range manually, you would need to set both ranges on the client's computer, and on the
server, and it may cause problems.

The most optimal way to set the port range is to leave it at random, both on the client
configuration on AlbumMaker and on the server. You may change the default FTP port from 21
to an unused port, as long as you set it both on the server and on AlbumMaker's configurations.
It's recommended, though, to leave the FTP port to its default 21.
2
Version 7.1.3.0

FTP Configuration Preface

Server Firewall considerations

When setting up the FTP server, either through a hosting company or at your office, you may use
a firewall, either on the server itself or on the router that connects to the server. There are many
features and restrictions on firewalls that may slow or damage the FTP connections. In order to
run a proper connection, you need to make sure that your firewall is configured in the following
way:

• Allows up to 15 connections from the same IP address.

• Allows at least 500 connections to the server.
• Allows the FTP protocol and stream connections.
• Allows access to port 21 (or the one you set for the FTP) and all ephemeral ports.
• Does not consider multiple connections as SYN attack.
• Gives access to logs, which will isolate blocked connections for debug and repair.

Some firewalls may not support the above features, and some other firewalls will need different
and more extensive configurations. The firewall rules depend on the brand of the firewall.

Bandwidth considerations
When running the FTP server, one of the most important considerations is to allow a flowing
connection between the clients and the server, which will allow multiple end users to upload or
download content from the server without lag.

When considering the size of the bandwidth of the server, you should compare it to the upload
capability of the users, since most bandwidth consumption will be on uploading orders from the
users to the server. Usually, internet providers separate between the upload capability and the
download capability. For example, an internet package may allow download of up to 1.2Mb per
second, while providing an upload of 150Kb per second.

Although internet may vary between country and provider, your best "formula" of calculating the
bandwidth demand is to calculate your server download bandwidth versus the amount of clients
which will upload orders simultaneously, versus their average internet provider upload
bandwidth.

For example, you assume that up to 15 clients will upload orders simultaneously to the server.
You find out that the most average package allows clients to upload orders at 150Kb per second,
so the calculation is 150Kb per second times 15, which is approximately 2.2Mb download from
your server bandwidth.

You should also consider allowing more than the basic download, and you should consider
having a high upload as well, since software updates and payments are performed through the
upload of the FTP server, and not the download.

Also, you may consider hosting or installing the FTP server on the same country as your
company. Some connections may be degraded and unstable when communicating from farther
regions.
3
Version 7.1.3.0

FTP Configuration Preface

Quality of Service
The Quality of Service, also known as the QOS, is a feature that regulates and adjusts
connections to the server so that all clients will have an equal share of bandwidth when
uploading or downloading files from your FTP server.

Usually, the operating system operates with its own regulation of bandwidth, and in many cases,
newly connected clients may receive an extensive bandwidth, while clients which where
connected for a longer time receive a lower bandwidth. This means that if you have many clients
connecting to the server, some may receive the full bandwidth while others will receive a 50% or
less bandwidth. In some cases, where the bandwidth of the server reaches its maximum, clients
will not be able to connect to the server, since the connection is "bottle necked" and timed out.

The QOS feature aims to fix these issues, and to distribute an equal bandwidth to all connections.
The QOS can also leave some bandwidth unused, to allow new connections without timeouts.
This QOS feature is either enabled in supported routers or can be installed on the server
computer as software.

It's recommended to find out if your operating system or host supports the QOS feature, or install
a third party application for QOS.

Support and Maintenance considerations

Since many types of clients connect to the FTP server, some clients may experience problems
with connecting to the FTP server. This may occur because many home users install other
software or change basic settings, which may limit or restrict their connection to the server.

In order to allow as many clients as possible to use AlbumMaker, It's necessary to have a work
force of people who can support customers which may have problems with uploading or
downloading files from the FTP server. Some of the most common support for clients is:

• Checking paid orders on the FTP payment directory, and finding if orders where
uploaded. Some users perform successful order payments but their orders are not
uploaded, without the client knowing of any problem.

• Supporting clients by remote controlling their computer, or directing them how to solve
the problem on the phone. The more common supports are disabling or allowing FTP on
the client's firewall, helping him reinstall services which where damaged on his computer,
or instructing the clients to turn on their computers, since some clients don't know that
their computer needs to be running to upload orders.

It's recommended to purchase a remote control application, such as TeamViewer or LogMeIn

Rescue for the support. These applications are designed for a one time support for clients, and
can save both support time and the trouble for customers following instructions from the support
team. The support should also constantly write notes of common problems, change settings in
AlbumMaker or the FTP server which can cause common problems, and have a constant
on-demand flow of customer support.
4
Version 7.1.3.0

FTP Configuration Preface

Security and Disaster prevention

The FTP protocol is easier to "hack" than other protocols. This is because it's a simpler protocol,
and is usually performed through a third party application such as AlbumMaker. A hacker can
scan his computer's memory while AlbumMaker transfer files, and have full access to the FTP
by obtaining the user name and password. Setting the FTP to work in SSL mode helps, but may
not prevent hackers from hacking into the FTP server.

Also, because uploading and performing payment means that users have full access to the
albums and payment directory, hackers may delete files on these directories and destroy other
client's albums. In some cases, the FTP server also contains access to the web server of the
albums, and hackers can delete the entire web site through the FTP.

Here are some steps to prevent possible damage from malicious applications or users:

• Restrict all directories of the AlbumMaker's FTP user to AlbumMaker's purpose only.
Having a "global" user which can also access the web server or important files may
present many problems.

• If possible, use the encrypt/ decrypt feature of AlbumMaker for payment. Otherwise,
hackers may have full access to the payment directories and extract personal information
about other clients, including their phone and email.

• Back up all order files, in a redundant or third party application on the server side. A
hacker with access to the album directory may delete other albums on the server. A good
"on the fly" backup solution is the "WatchDirectory" application by Gdp Software, which
can copy any incoming file on the server to a backup location. In this case, if a user
deletes files on the server, you will have the latest backup on your backup folder.

• For the AlbumMaker's user which connects for the software update, you should set the
software update directory as read only for the users who download it. This will prevent
hackers from inserting viruses into the EXE files of the software or content updates.
Other directories, such as the payment folder and the album folder, requires full access.

There may be other steps that you can take in order to prevent malicious attacks, including
setting a proper firewall with SYN attack prevention, ARP spoofing prevention or other types of
attacks. Also, you may change the default FTP's 21 port to prevent IP scanners from
automatically finding your FTP server. There may be other considerations regarding security and
backup, depending on your server and network configuration.

Server security may vary from the simplest software to the most strict hardware and software
security, depending on your needs. You should consult with a computer and network expert
when first setting the FTP server about backup and security solutions and about configuring the
FTP settings and restrictions as best as possible.