Skip to main content

Evaluation Guide

Mar 14 2025
Server General Inc

0. Introduction

This document is a primer for organizations evaluating Transfer General™'s secure data migration SaaS platform across cloud providers and data centers. It covers the installation and testing of the Transfer General Console™ (TG Console) and Transfer General Nodes™ (TG Nodes) demonstrating secure encrypted data transfers.

The guide assumes familiarity with deploying and configuring Ubuntu 22.04 (64 bit) servers and root access. It does not include detailed instructions for installing/provisioning underlying servers.

1. Background (Transfer General™)

Transfer General™ (TG) is a secure and high-speed data-migration platform designed to transfer sensitive data between cloud providers and/or data centers under regulatory compliance, e.g., FedRAMP. The system consists of two main components:

  • Transfer General Console(TG Console): A web-based management dashboard that provides centralized control over the Transfer General™ system. Administrators use TG Console to initialize the system, manage TG Nodes, oversee data transfers, and rotate encryption keys.
  • Transfer General Nodes(TG Nodes): TG Nodes handle data encryption, decryption, access control, logging, and data transfer. Each node can both send and receive data, enabling flexible migration paths between connected locations. TG Nodes are deployed on cloud providers and/or data centers to move data to and from their physical locations

Key Features:

  • Data Encryption: TG encrypts all data at rest using strong cryptographic algorithms ensuring that said data remains secure at all times from ingestion to migration, i.e., the entire life cycle of any data migration is always secure.
  • High-Speed Data Transfer: By leveraging private connections among TG Nodes, Transfer General™ can transfer encrypted data at speeds of up to 50 Gbps, making it suitable for large-scale migrations.
  • Versatile Cloud Platform Support: Transfer General™ enables secure data migration between cloud platforms, AWS, Azure, Google Cloud Platform, and others–including on-premise data centers.
  • Centralized Management: The TG Console offers a unified interface for administering all aspects of the Transfer General™ system, including node deployment, key management, and transfer operations.
  • Data Encryption Key Control: Organizations maintain full control over their data encryption keys through the Security Officer and Data Administrator roles, ensuring the keys remain under the organization's authority and are never exposed to unauthorized entities throughout the migration.

2. Requirements

TG Console Prerequisites:

  1. A machine or VM to host TG Console
  2. A modern web browser
  3. Network access to TG Nodes
  4. Unrestricted outbound access to the Internet
  5. A valid license. If you do not have a license you can get a trial license during configuration.

TG Node Prerequisites:

  1. A valid or trial license. A trial license can be obtained from https://www.servergeneral.com/get-license
  2. Ubuntu 22.04 servers deployed at source and destination locations.
  3. SSH access between TG Console and TG Nodes.
  4. Unrestricted outbound access to the Internet.

Additional Equipment

For TG Node installation and configuration:

  • Network connection that is 300MBps or faster between nodes. A slower connection will result in slower data transfer speeds.
  • SFTP client for data ingestion and extraction (e.g., WinSCP for Windows users)
  • Administrative access to the deployment environment

Network Connectivity

TG Console and all TG Nodes must be able to connect to our licensing server and key lockers within the Server General network. No special network configuration is needed as long as the components have outbound access to the Internet for the ports outlined below.

Before you start, verify that:

  • TCP 443 (HTTPS) is open for outbound connections
  • TCP port 22 (SSH) is accessible between TG Nodes that will communicate with each other and TG Console

Personnel

The Transfer General™ framework requires two main roles and their associated keys:

  • Server General Admin (sgadmin)
    • The SG administrator responsible for managing TG Console and TG Nodes
    • Used as login credentials for TG Console web access
  • Security Officer (SO)
    • Responsible for system security and Data Administrators
    • Uses the Security Officer Master Key (SMK)--a passphrase for security administration
  • Data Administrator (DA)
    • Responsible for transfer operations and sensitive data sets
    • Controls vault operations and data transfers between nodes
    • Uses the Data Administrator Master Key (DMK)--a passphrase for vault access and data encryption

For evaluation purposes, a single person may occupy these roles.

Key Terminology

  • Vault
    • Encrypted storage within TG Node
    • Must be opened to access clear-text view of encrypted data
    • Automatically closes during transfers for data integrity
  • Uploader
    • SFTP user for uploading data to source node
    • Uses /home/uploader/upload directory
    • Accessible when vault is open
  • Downloader
    • SFTP user for retrieving data from destination node
    • Uses /home/downloader/download directory
    • Accessible when vault is open

3. Evaluation/Test Configuration

To evaluate Transfer General™, you will need the following:

  1. TG Console
    a. One Ubuntu 22.04 server
    b. Deployed on your local machine or a dedicated server
    c. Network connectivity to all TG Nodes
    d. One system user (sgadmin) with root access
    e. Web browser access
  2. Source TG Node
    a. One Ubuntu 22.04 server
    b. Connectivity to the Internet
    c. Network access to the data source
  3. Destination TG Node
    a. One Ubuntu 22.04 server
    b. Connectivity to the Internet
    c. Network access to the target storage location

4. Testing Goals and Suggestions

The following are key capabilities to evaluate in the Transfer General™ system:

  • TG Console Management:
    • Verify UI navigation and responsiveness
    • Test node deployment and configuration
    • Manage encrypted data transfer operations
    • Assess system monitoring and reporting features
  • Security Features:
    • Validate data encryption at rest
    • Enforce role-based access control
    • Mange key creation and rotation
    • Test vault operations (open/close)
  • Data Transfer Capabilities:
    • Validate a point-to-point network for secure data traffic
    • Measure node-to-node encrypted data transfer speeds
    • Confirm data integrity through checksums
    • Review data logs
  • Integration Features:
    • Test SFTP/SCP functionality
    • Network share (NFS and SMB) compatibility (coming soon)

5. Deployment Assumptions

  1. A machine or server ready to host TG Console
  2. Two valid Transfer General™ 30-day trial licenses for your TG Nodes
    • A trial license for TG Console can be obtained during first time setup in the app
  3. Two Ubuntu 22.04 hosts at your source and destination locations for TG Nodes
  4. One Ubuntu 22.04 host for TG Console
  5. Root access on all servers
  6. Network connectivity between all components (TG Console and TG Nodes)

6. Transfer General™ Threat Model for Data Migration

The following table outlines the threat model for Transfer General™ and its mitigation strategies:

ActorThreatMitigation by Transfer General™
External AttackerMan-in-the-Middle (MITM) Attack- Data is encrypted at rest within TG Nodes
- Secure node-to-node communication
- Strong cryptographic algorithms for data protection
- Private, authenticated connections between nodes
InsiderUnauthorized Data Access- Role-based access control
- Separation of Security Officer and Data Administrator roles
- Detailed audit logging of all operations
- Vault-based data protection
System AdministratorPrivilege Escalation- Strict separation of system and data management roles
- Encrypted data vaults inaccessible to system administrators
- Key management controlled by Security Officer
Network ProviderData Interception- End-to-end encryption between nodes
- Secure key exchange protocols
- No cleartext data transmission

7. TG Console Deployment

Let's begin with deploying TG Console, which will serve as your central management interface for the Transfer General™ system.

Step 1: Installation

The user "sgadmin" is a regular Unix/Linux user. Steps to install Transfer General is the are the following:

  1. wget https://www.servergeneral.com/tg-install
  2. chmod +x tg-install
  3. sudo ./tg-install

Step 2: Initial Access

  1. Open a web browser and navigate to the TG Console URL (https://<address of your server>/new)
  2. You may see a warning about the SSL certificate - this is expected for evaluation setups
  3. Click "Advanced" and proceed to the TG Console interface
  4. Log in using the "sgadmin" credentials you configured during installation
  5. Log in using:
    • Username: sgadmin
    • Password: (configured during installation)

alt_text

  1. Accept the license agreement
  2. If you didn't configure a license during installation:
    • You will be prompted to obtain a "Trial License"
    • Follow the on-screen instructions to get your trial license

alt_text

Step 3: Security Configuration

  1. Configure Security Officer (SO):
    • Enter full name and contact information of the Security Officer
    • Generate a secure Security Officer Master Key (SMK, minimum 16 characters)
    • Store SMK safely - it cannot be recovered if lost
    • This key authenticates the Security Officer who manages other administrators

alt_text

  1. Configure Data Administrator (DA):
    • Enter full name and contact information of the Data Administrator
    • Generate a secure Data Administrator Management Key (DMK)
    • Store DMK safely - it cannot be recovered if lost
    • This key authenticates the Data Administrator who manages sensitive data sets

alt_text

  1. Upon successful configuration, you will be directed to the TG Console Dashboard

alt_text

8. TG Node Deployment

After setting up TG Console, you'll need to deploy and configure your TG Nodes. Let's start with the source node.

Step 1: Node Preparation

  1. Deploy Ubuntu 22.04 on your chosen server
  2. Ensure network connectivity to TG Console
  3. Request a license key from https://www.servergeneral.com/get-license

Step 2: Node Installation

  1. wget https://www.servergeneral.com/tg-install
  2. chmod +x tg-install
  3. sudo ./tg-install --tg-node <TG-Console IP> -l <license key>

The above will install and automatically register the TG Node with your TG Console instance.

Step 3: Node Configuration

  1. In TG Console, open "TG Nodes" page and click "+" button to add TG Node. Follow on-screen instructions
  2. Note the pre-configured secure directories:
    • /home/uploader/upload - Place files here that you want to transfer to other nodes
    • /home/downloader/download - Access files here that were received from other nodes
  3. Set up SFTP access
  4. Manage vault (open/close)

Repeat these steps for your destination node.

After finishing setup, you should see TG Nodes being available for management in TG Console UI:

alt_text

9. Data Transfer Setup

Step 1: Preparing Source Node

  1. Open the source node's vault:
    • Navigate to "TG Nodes"
    • Select source node and click "Manage"
    • Click "Open Vault"
    • Enter DMK when prompted
  2. Upload data using SFTP:
    • Click "Enable" next to the SFTP status indicator
    • Enter DMK when prompted
    • Save or copy the username and one time password for "uploader"
    • Connect using your SFTP client
    • Place files in /home/uploader/upload directory to prepare them for transfer
    • Ensure vault remains open during upload

alt_text

Step 2: Configuring Transfer

  1. In TG Console, navigate to "Data Transfer"
  2. Create new transfer job:
    • Select source and destination nodes
    • Click "Transfer Data"
    • Enter DMK when prompted
  3. Review transfer settings

alt_text

Step 3: Executing Transfer

  1. Initiate the transfer
  2. Monitor progress through TG Console
  3. Verify transfer completion
  4. Check transfer logs and reports

alt_text

Step 4: Accessing Transferred Data

  1. Open the destination node's vault:
    • Navigate to "TG Nodes"
    • Select destination node and click "Manage"
    • Click "Open Vault"
    • Enter DMK when prompted
  2. Download data using SFTP:
    • Click "Enable" next to the SFTP status indicator
    • Enter DMK when prompted
    • Save or copy the username and one time password for "downloader"
    • Connect using your SFTP client
    • Access files from /home/downloader/download directory
    • Ensure vault remains open during download
  3. After completing the transfer:
    • Verify data integrity
    • Close the vault

alt_text

info

For high-speed transfer evaluation or specific performance requirements, please contact your sales representative for additional configuration guidance.

10. Advanced Features

Monitoring and Reporting

TG Console provides comprehensive monitoring capabilities:

  1. Real-time Transfer Monitoring:
    • Transfer progress and speeds
    • Node status and health
    • Vault states
  2. Audit Logging:
    • User actions and authentication
    • Transfer operations
    • System configuration changes

alt_text

Security Features

  1. Key Rotation
  2. Access Control:
    • Role-based permissions
    • Session management
  3. Vault Management

11. Troubleshooting

Common scenarios and their solutions:

  1. Connection Issues:
    • Verify network connectivity between components
    • Check firewall rules
    • Validate SSH configurations
  2. Transfer Failures:
    • Check vault states
    • Verify available disk space
    • Review transfer logs
  3. Authentication Problems:
    • Confirm correct credentials
    • Verify key status
    • Check role permissions
note

For additional support or specific configuration requirements, contact your Server General representative.

info

For high-speed transfer evaluation or specific performance requirements, please contact your sales representative for additional configuration guidance.