S2S Implementation

System to System Implementation

About This Implementation

System to System (S2S) implementation allows organizations with more than one unique instance of ATIPXpress to connect these systems for the purpose of transmitting requests between systems.

S2S can be implemented for organizations with varying levels of security between ATIPXpress instances. This enables one of the connected systems to exclusively intake our output requests, ensuring data cannot be transmitted from a more highly secured application to the lower side. Additionally, we also allow for S2S where both systems act as Consumer and Provider, pushing requests back and forth as needed.

S2S Types

There are two types of S2S implementations:

Consumer/Provider: A consumer/provider implementation uses a “high side” (secure) and a “low side” with different capabilities depending on your organization’s requirements and workflow. This version of S2S allows one system to exclusively provide (or send data out), and the other system exclusively consumes (or intakes data).
Both: In a Both-side implementation, each system can consume and provide request data.

There are some differences in the implementation process based on the S2S type you’re using. In the Enable the S2S Integration section, follow the process based on the type you’re using.

Prerequisites

The following are prerequisites for this implementation:

You must have two installed and configured ATIPXpress applications, both licensed to use S2S. To ensure this feature is licenses for use, go to each system and navigate to Administration > Features and Licenses > Application Features. If you have this license, the S2S Integration option is selected automatically and cannot be unselected: System to System Implementation

You must have a data exchange solution for the two systems this can be:
o A shared network location where system accounts have read/write access required to run system jobs.
A Cross-Domain Solution which can exchange data between two networks that are not connected.

Enabling a Cross-Domain Solution

Given the nature of our ATIPXpress S2S request feature, customers may need to provide their own Cross-Domain Solution (CDS) software to facilitate data transfer between two separate networks. This section provides an overview of the role of CDS in the S2S process and examples of commonly used solutions.

Note: Not all implementations require a CDS. If your connected systems can access a shared network location, a CDS is not required.

Role of Cross-Domain Solutions

CDS software acts as a secure intermediary that enables data exchange between isolated networks. It ensures that sensitive information can be transferred without compromising security protocols. This type of software is essential for organizations that operate within highly secure environments, such as government agencies or defense contractors, where network segmentation is crucial.

How Cross-Domain Solutions Work

Data Pickup: The CDS software monitors designated directories or repositories within the source network for new data files (requests) to be transferred.
Data Transfer: Once a file is detected, the software securely transfers the file across the network boundary to the target network. This process may involve encryption, decryption, and inspection for data integrity and security.
Data Deposit: The CDS software then deposits the transferred file into the appropriate directory or repository in the target network, where it can be accessed and processed by the receiving system.

Examples of Cross-Domain Solutions

Here are some examples of CDS commonly used to facilitate secure data transfers between segregated networks:

Enabling a Cross-Domain Solution

Product	Description	Features
Radiant Mercury by Raytheon Technologies	Radiant Mercury is a cross-domain solution that provides secure data transfer between different security domains	Real-time data filtering, support for multiple data types, high throughput, and robust security protocols
Forcepoint Data Guard	Forcepoint Data Guard is designed to securely transfer data between networks of differing security levels	Bidirectional data flow, real-time policy enforcement, high availability, and comprehensive audit logging
Owl Cyber Defense DualDiode Technology	Owl's DualDiode Technology provides hardware-enforced, oneway data transfer for secure network isolation	High-speed data transfer, minimal latency, robust security, and support for various data formats
IBM Guardium Data Protection	IBM Guardium offers comprehensive data security solutions, including secure data transfer capabilities for cross-domain environments	Real-time monitoring, automated data classification, policybased controls, and detailed auditing

Configuring Cross-Domain Solutions for ATIPXpress S2S

To configure your chosen CDS for use with ATIPXpress S2S requests, follow these general steps:


Installation	Install the CDS software on both networks according to the vendor's instructions.
Configuration	Define the directories or repositories to be monitored for file pickup and deposit (See the File Repositories section for details Set up security policies and rules for data transfer, ensuring compliance with organizational security requirements. Configure encryption and decryption settings to protect data during transfer
Testing	Perform initial tests to verify the correct configuration and functionality of the CDS software. Ensure that files can be picked up from the source network, transferred securely, and deposited in the target network.

Enable the S2S Integration

The S2S integration requires actions on both connected applications.

File Repositories

You’ll need to create file repositories to support this integration regardless of whether you’re using a cross-domain solution or your connected systems can access a shared network location.

The directories required depend on the type of integration you’re using.

Type	Directories
Consumer/Provider	Consumer side (S2S Parent Directory) o Inbound Path o Archive Path Provider side (S2S Parent Directory) o Outbound Path o Archive Path
Both	Side 1 (S2S Parent Directory) o Outbound Path o Inbound Path o Archive Path ▪ Side 2 (S2S Parent Directory) o Outbound Path o Inbound Path o Archive Path

Type

Directories

Consumer/Provider

Consumer side (S2S Parent Directory) o Inbound Path o Archive Path
Provider side (S2S Parent Directory) o Outbound Path o Archive Path

Both

Side 1 (S2S Parent Directory) o Outbound Path o Inbound Path o Archive Path

▪ Side 2 (S2S Parent Directory) o Outbound Path o Inbound Path o Archive Path

Note these paths (or URLs if using a CDS) as they’ll be used in the following section.

ATIPXpress Configuration

There are two options for configuring this integration. If you are using a Consumer/Provider solution, see the Enabling Consumer/Provider section. Otherwise, see the Enabling Both Sides section.

Enabling Consumer/Provider

Follow the steps below to enable System to System configuration using a consumer/provider setup:

Log in to the High side (Consumer) system.
Navigate to Administration > System Administration > System to System Configuration.
The System to System Configuration screen appears, as shown below. Here you’ll enter details about the connected Provider system:

Fill out each of these fields. See the table below for details each.

Field	Description
Outbound System Name	This is the name that appears within your application when your users have the option to send the request to the connected system, as shown below:
Outbound Path/URL	The location where requests being sent out from your system are picked up and moved to the connected system.
Outbound Web API Method	Enter the API method for the CDS solution, if using one for this implementation.
Inbound Path	Enter the path where requests incoming from the connected system are stored for pickup and transfer.
Archive Path	Provide an archiving path
System to System Role	Select Consumer
File Cabinet Drawer for S2S Documents	Select a file cabinet drawer where S2S documents will be stored. Note: A dedicated file cabinet drawer is recommended for S2S

Click Save to save the changes.
Next, move over to the Provider system. Log in and navigate to Administration > System Administration > System to System Configuration.
The System to System Configuration screen appears, as shown below. Here you’ll enter details about the connected Consumer system:

Field	Description
Outbound System Name	This is the name that appears within your application when your users have the option to send the request to the connected system, as shown below:
Outbound Path/URL	The location where requests being sent out from your system are picked up and moved to the connected system.
Outbound Web API Method	Enter the API method for the CDS solution, if using one for this implementation.
Inbound Path	Enter the path where requests incoming from the connected system are stored for pickup and transfer.
Archive Path	Provide an archiving path
System to System Role	Select Provider
File Cabinet Drawer for S2S Documents	Select a file cabinet drawer where S2S documents will be stored. A dedicated file cabinet drawer is recommended for S2S
Request Default Assignee	Select Same as Consumer if the default assignee should be the same assignee as in the consumer system. The user must exist in both systems Use the User selection to select a specific user as default assignee for S2S requests.
Enable System to System Document Delivery	Select this checkbox to enable to ability to deliver documents between the connected systems.

Click Save. The systems are now configured and connected.

Enabling Both Side

This is an example of a Both sides configuration, where both sides of the connected systems can send and receive requests.

The System to System Configuration screen appears, as shown below. Here you’ll enter details about the connected system.

Fill out each of these fields. See the table below for details each.

Field	Description
Outbound System Name	This is the name that appears within your application when your users have the option to send the request to the connected system, as shown below:
Outbound Path/URL	The location where requests being sent out from your system are picked up and moved to the connected system.
Outbound Web API Method	Enter the API method for the CDS solution, if using one for this implementation.
Inbound Path	Enter the path where requests incoming from the connected system are stored for pickup and transfer.
Archive Path	Provide an archiving path
System to System Role	Select Both
File Cabinet Drawer for S2S Documents	Select a file cabinet drawer where S2S documents will be stored. A dedicated file cabinet drawer is recommended for S2S
Request Default Assignee	Select Same as Consumer if the default assignee should be the same assignee as in the consumer system. The user must exist in both systems Use the User selection to select a specific user as default assignee for S2S requests.
Enable System to System Document Delivery	Select this checkbox to enable to ability to deliver documents between the connected systems.

Click Save.
Next, move over to the connected system. Log in and navigate to Administration > System Administration > System to System Configuration.
Configure this screen as described in step 3 above, using the details from the other system.
Click Save.
The systems are now configured and connected. Both systems should have buttons reading Submit Request to <connected system>.

Enable System Jobs

Navigate to System Administration > System Jobs.

Select S2S:

Ensure the job is Active:

Click Save to save any changes.

Testing the Integration

After you’ve completed the integration, you can test the integration to ensure it’s functioning correctly. See the System to System Requests section of the ATIPXpress User Manual for testing steps.