Evaluation Guide

Mar 14 2025
Server General Inc

Transfer General™

Introduction

This document provides information and guidance for organizations evaluating Transfer General™’s secure data migration capabilities across cloud platforms and data centers. It covers the setup and testing of the Transfer General Console (TG Console) and Transfer General Nodes (TG Nodes) to demonstrate encrypted data transfer functionality.

The guide assumes familiarity with deploying and configuring Linux servers running Ubuntu 22.04 (64-bit) and administrative control of the evaluation environment. As a result, it does not include detailed instructions for installing or configuring the underlying servers.

1: Background

Transfer General™

Transfer General™ (TG) is a secure and high-speed data migration solution designed for transferring sensitive data between cloud platforms and data centers. The system consists of two main components:

• Transfer General Console (TG Console): A web-based management dashboard that provides centralized control over the Transfer General system. Administrators can use TG Console to initialize the system, manage TG Nodes, oversee data transfers, and rotate encryption keys.

• Transfer General Nodes (TG Nodes): Deployed at source and destination locations, TG Nodes handle data encryption, decryption, access control, logging, and data transfer. Each node can both send and receive data, enabling flexible migration paths between connected locations.

Key Features:

• Data Encryption: TG pre-encrypts data at rest using strong cryptographic algorithms, ensuring it remains secure from before migration begins through the entire transfer process.

• High-Speed Data Transfer: By leveraging private connections among TG Nodes, Transfer General can transfer encrypted data at speeds of up to 50 Gbps, making it suitable for large-scale migrations.

• Versatile Cloud Platform Support: Transfer General™ enables secure data migration between various cloud platforms, including Amazon, Azure, Google Cloud, and others, as well as on-premises data centers.

• Centralized Management: The TG Console offers a unified interface for administering all aspects of the Transfer General system, including node deployment, key management, and transfer operations.

• Data Encryption Key Control: Organizations maintain full control over their data encryption keys through the Security Officer and Data Administrator roles, ensuring the keys remain under the organization’s authority and are never exposed to unauthorized entities throughout the migration.

Let's proceed with setting up the necessary infrastructure for evaluating these capabilities.

2: Requirements

TG Console Prerequisites:

1. A machine or VM to host TG Console
2. A modern web browser
3. Network access to the planned TG Node locations
4. Unrestricted outbound access to the Internet
5. A valid license. If you do not have a license you can get a trial license during configuration.

TG Node Prerequisites:

For each TG Node you plan to deploy:

1. A valid license. If you do not have a license you can get a trial license on https://www.servergeneral.com/get-license
2. A fully functional Ubuntu 22.04 server deployed at the source or destination location.
3. An open port to accept SSH connections from other TG Nodes and TG Console.
4. Unrestricted outbound access to the Internet.

Additional Equipment

For TG Node installation and configuration:

• Network connection that is 300MBps or faster between nodes. A slower connection will result in slower data transfer speeds.
• SFTP client for data ingestion and extraction (e.g., WinSCP for Windows users)
• Administrative access to the deployment environment

Network Connectivity

TG Console and all TG Nodes must be able to connect to our licensing, logging servers and key lockers within the Server General network. No special network configuration is needed as long as the components have unrestricted outbound access to the Internet.

Before you start, verify that:

• TCP ports 80 (HTTP) and 443 (HTTPS) are open for outbound connections
• SSH ports are accessible between TG Nodes that will communicate with each other and TG Console

Personnel

The Transfer General framework recognizes two main roles and their associated keys:

• Server General Admin (sgadmin)

  • System administrator responsible for managing TG Console and TG Nodes
  • Controls vault operations and data transfers between nodes
  • Handles SMK, DMK rotation for data encryption key security
  • Used as login credentials for TG Console web access

• Security Officer (SO)

  • Manages system security and Data Administrators
  • Uses the Security Officer Master Key (SMK) - a passphrase for security administration

• Data Administrator (DA)

  • Manages sensitive data sets and transfer operations
  • Uses the Data Administrator Master Key (DMK) - a passphrase for vault access and data encryption

For evaluation purposes, a single person may occupy these roles.

Key Terminology

• Vault

  • Encrypted storage within TG Node
  • Must be opened to access clear-text view of encrypted data
  • Automatically closes during transfers for data integrity

• Uploader

  • SFTP user for uploading data to source node
  • Uses /home/uploader/upload directory
  • Accessible when vault is open

• Downloader

  • SFTP user for retrieving data from destination node
  • Uses /home/downloader/download directory
  • Accessible when vault is open

3: Evaluation/Test Configuration

For a basic evaluation setup, you will need:

TG Console

• One Ubuntu 22.04 server
• Deployed on your local machine or a dedicated server
• Network connectivity to all TG Nodes
• One system user (sgadmin) with root access
• Web browser access

Source TG Node

• One Ubuntu 22.04 server
• Connectivity to the Internet
• Network access to the data source

Destination TG Node

• One Ubuntu 22.04 server
• Connectivity to the Internet
• Network access to the target storage location

4: Testing Goals and Suggestions

The following are key capabilities to evaluate in the Transfer General system:

• TG Console Management:

  • Verify UI navigation and responsiveness
  • Test node deployment and configuration
  • Manage encrypted data transfer operations
  • Assess system monitoring and reporting features

• Security Features:

  • Validate data encryption at rest
  • Enforce role-based access control
  • Mange key creation and rotation
  • Test vault operations (open/close)

• Data Transfer Capabilities:

  • Validate a point-to-point network for secure data traffic
  • Measure node-to-node encrypted data transfer speeds
  • Confirm data integrity through checksums
  • Review data logs

• Integration Features:

  • Test SFTP/SCP functionality
  • Network share (NFS and SMB) compatibility (coming soon)

5: Deployment Assumptions

1. You have a machine or server ready to host TG Console
2. You have two valid Transfer General 30-day trial licenses for your TG Nodes
3. You have two fully functional Ubuntu 22.04 servers deployed at your source and destination locations
4. You have "root" privileges on all servers
5. You have network connectivity between all components (TG Console and TG Nodes)

6: Transfer General Threat Model for Data Migration

The following table outlines the threat model for Transfer General and its mitigation strategies:

Actor	Threat	Mitigation by Transfer General
External Attacker	Man-in-the-Middle (MITM) Attack	- Data is encrypted at rest within TG Nodes - Secure node-to-node communication - Strong cryptographic algorithms for data protection - Private, authenticated connections between nodes
Insider	Unauthorized Data Access	- Role-based access control - Separation of Security Officer and Data Administrator roles - Detailed audit logging of all operations - Vault-based data protection
System Administrator	Privilege Escalation	- Strict separation of system and data management roles - Encrypted data vaults inaccessible to system administrators - Key management controlled by Security Officer
Network Provider	Data Interception	- End-to-end encryption between nodes - Secure key exchange protocols - No cleartext data transmission

7: TG Console Deployment

Let's begin with deploying TG Console, which will serve as your central management interface for the Transfer General system.

Step 1: Installation

1. Download the TG Console installation script:

   wget [TG-INSTALL-SCRIPT-URL]

2. Make the script executable:

   chmod +x tg-install

3. Run the installation script with your desired sgadmin password:

   sudo ./tg-install -p <your password for sgadmin user>

   This will install TG Console and configure the sgadmin user with the specified password.

   If you already have a license key, you can include it during installation:

   sudo ./tg-install -p <your password for sgadmin user> -l <license string>

Step 2: Initial Access

1. Open a web browser and navigate to the TG Console URL (https://<address of your server>/new)

2. You may see a warning about the SSL certificate - this is expected for evaluation setups

3. Click "Advanced" and proceed to the TG Console interface

4. Log in using the sgadmin credentials configured during installation

5. Log in using:

   • Username: sgadmin
   • Password: (configured during installation)

3. Accept the License Agreement

4. If you didn't configure a license during installation:

   • You will be prompted to obtain a Trial License
   • Follow the on-screen instructions to get your trial license

Step 3: Security Configuration

1. Configure Security Officer (SO):
   • Set up the Security Officer role
   • Generate a secure Security Officer Master Key (SMK, minimum 16 characters)
   • Store SMK safely - it cannot be recovered if lost
   • This key authenticates the Security Officer who manages other administrators

2. Configure Data Administrator (DA):
   • Set up the Data Administrator role
   • Generate a secure Data Administrator Management Key (DMK)
   • Store DMK safely - it cannot be recovered if lost
   • This key authenticates the Data Administrator who manages sensitive data sets

3. Upon successful configuration, you will be directed to the TG Console Dashboard

8: TG Node Deployment

After setting up TG Console, you'll need to deploy and configure your TG Nodes. Let's start with the source node.

Step 1: Node Preparation

1. Deploy Ubuntu 22.04 on your chosen server
2. Ensure network connectivity to TG Console
3. Obtain a license key from https://www.servergeneral.com/get-license

Step 2: Node Installation

1. Download the installation script:

   wget [TG-INSTALL-SCRIPT-URL]

2. Make the script executable:

   chmod +x tg-install

3. Run the installation script with TG Console IP and license:

   sudo ./tg-install --tg-node <TG-Console IP> -l <license key>

This will install and automatically register the TG Node with your TG Console instance.

Step 3: Node Configuration

1. In TG Console, verify the node appears in the "TG Nodes" section
2. Note the pre-configured secure directories:
   • /home/uploader/upload - Place files here that you want to transfer to other nodes
   • /home/downloader/download - Access files here that were received from other nodes
3. Set up SFTP access
4. Manage vault (open/close)

Repeat these steps for your destination node.

After finishing setup, you should see TG Nodes being available for management in TG Console UI:

9: Data Transfer Setup

Step 1: Preparing Source Node

1. Open the source node's vault:

   • Navigate to "TG Nodes"
   • Select source node and click "Manage"
   • Click "Open Vault"
   • Enter DMK when prompted

2. Upload data using SFTP:

   • Click "Enable" next to the SFTP status indicator
   • Enter DMK when prompted
   • Save or copy the username and one time password for "uploader"
   • Connect using your SFTP client
   • Place files in /home/uploader/upload directory to prepare them for transfer
   • Ensure vault remains open during upload

Step 2: Configuring Transfer

1. In TG Console, navigate to "Data Transfer"
2. Create new transfer job:
   • Select source and destination nodes
   • Click "Transfer Data"
   • Enter DMK when prompted
3. Review transfer settings

Step 3: Executing Transfer

1. Initiate the transfer
2. Monitor progress through TG Console
3. Verify transfer completion
4. Check transfer logs and reports

Step 4: Accessing Transferred Data

1. Open the destination node's vault:

   • Navigate to "TG Nodes"
   • Select destination node and click "Manage"
   • Click "Open Vault"
   • Enter DMK when prompted

2. Download data using SFTP:

   • Click "Enable" next to the SFTP status indicator
   • Enter DMK when prompted
   • Save or copy the username and one time password for "downloader"
   • Connect using your SFTP client
   • Access files from /home/downloader/download directory
   • Ensure vault remains open during download

3. After completing the transfer:

   • Verify data integrity
   • Close the vault

info

For high-speed transfer evaluation or specific performance requirements, please contact your sales representative for additional configuration guidance.

10: Advanced Features

Monitoring and Reporting

TG Console provides comprehensive monitoring capabilities:

1. Real-time Transfer Monitoring:

   • Transfer progress and speeds
   • Node status and health
   • Vault states

2. Audit Logging:

   • User actions and authentication
   • Transfer operations
   • System configuration changes

Security Features

1. Key Rotation

2. Access Control:

   • Role-based permissions
   • Session management

3. Vault Management

11: Troubleshooting

Common scenarios and their solutions:

1. Connection Issues:

   • Verify network connectivity between components
   • Check firewall rules
   • Validate SSH configurations

2. Transfer Failures:

   • Check vault states
   • Verify available disk space
   • Review transfer logs

3. Authentication Problems:

   • Confirm correct credentials
   • Verify key status
   • Check role permissions

note

For additional support or specific configuration requirements, contact your Server General representative.

info

For high-speed transfer evaluation or specific performance requirements, please contact your sales representative for additional configuration guidance.