Skip to content

1.9 Delivery protocols

Source: TI_Host_to_Host_Client_User_Manual_v52.pdf Document pages: 18-29 PDF pages: 18-29

1.9.1 Real time delivery protocol

A. IBM MQ

a) What is IBM MQ?

IBM MQ is sometimes referred to as message-oriented middleware and is an IBM standard for program-to-program messaging across multiple platforms. It is a protocol that sends data in real time and is a reliable messaging service that guarantees delivery through persistent sending capability. It can provide feedback on successfully sent messages and if no confirmation is received, the message can be resent. IBM MQ is offered over a leased line.

b) Information required from you

  • Your MQ Manager name
  • Your MQ Queue name
  • Your Static Public IP Address which is hosting the MQ Manager
  • Port number the MQ listener is running on
  • Channel name is based on the names of the two MQ Managers involved

Note: Depending on your environment you may have different configurations for your test, disaster recovery and production environment. If applicable, Nedbank will require all these data.

c) Nedbank Information you would require

Nedbank will provide you with the following information:

  • Leased Line: MQ Manager Name QA - PROD - DR - Static Public IP Addresses QA - PROD - DR -
  • Internet: MQ Manager Name QA - PROD - DR -

Static Public IP Addresses QA - PROD - DR -

  • Security protocol ie SSL using a trusted public security certificates

d) Hardware / Software requirements

The IBM MQ software is compatible with the following platforms and operating systems:

  • AIX
  • HP -UX
  • Linux for System x
  • Linux for System P
  • Linux for System z
  • Solaris
  • Windows
  • I5/OS
  • IBM
  • z/OS

Note: Contact your CIS manager for detailed IBM MQ hardware and software requirements related to your platform or operating system.

e) Licensing

Dedicated IBM MQ Manager licenses are required from both ends of the connection.

f) Security infrastructure

IBM MQ Manager version 7.5 and above have advanced message security which includes:

  • End-to-end, message-level security that offers data protection for your point-to-point messaging infrastructure
  • Data encryption and authentication that provides security-rich data transport throughout the messaging cycle

g) Applicable charges for connectivity

Security Certificates

B. Web Services

a) What is Web Services?

A Web Service is a method of communication between two electronic devices over a network. The Web Service protocol sends data in real time. Nedbank's standard is to send / push the data to your Web Service. A WSDL (Web Service Definition Language) will be provided by Nedbank, to which you must conform. Web Services is offered over either a leased line or the internet.

b) Information required from you

  • Static Public IP Addresses
  • Fully qualified URL
  • Require your Certificates for mutual authentication. If required, Nedbank can provide you with a Certificate. For this an additional fee may apply
  • Require the format / template of the encapsulated content which will be sent in the Web Service call

Note: Depending on your environment you may have different configurations for your test, disaster recovery and production environment. If applicable, Nedbank will require all these data.

c) Nedbank Information you would require

  • Leased Line: Static Public IP Addresses QA - PROD - DR -
  • Internet: Static Public IP Addresses QA - PROD - DR -
  • WSDL (Web Service Definition Language) supplied by Nedbank which will form the base for the development of your Web Service protocol
  • Require Nedbank Certificates for mutual authentication

d) TI third-party Web Service contract

  • Step 1: Extract the four files below to a folder on your machine
  • Step 2: Open you development environment
  • Step 3: Initiate or create a Web Service wizard (Wizard name may be different depending on the development tool you are using)
  • Step 4: Use the TIWebDistribution _2013-11-01.wsdl as your primary file
  • Step 5: Continue implementation as per your development environment

TIWebDistribution_2 013-11-01.htm TIWebDistribution_2 013-11-01.wsdl

EnterpriseContext_2 008-09.wsdl EnterpriseContext_2 008-09.xsd

Note: Take note that the data contained in the

1
<TransformedData> element is formatted as per the
template you have selected.

e) Web Services Hardware / Software requirements

The Web Service software is compatible with the following platforms and operating systems:

  • Z/OS
  • UNIX
  • LINUX
  • Windows
  • HP Non-Stop (Tandem)
  • Open VMS
  • OS/600 Series
  • VM/VSE
  • Gentran Integration Suite
  • Java
  • .NET

Note: Contact your CIS manager for detailed Web Services hardware and software requirements related to your platform or operating system.

f) Licensing

The licenses for Web Services can be classified as proprietary or open:

  • Proprietary software licenses allow for the execution of the software (including components) in your computing environment
  • Open source licenses allow you to view, modify and share the source code as well as redistributing the software either for commercial and/or non-commercial purposes

g) Security infrastructure

When using Web Services you must consider the following security aspects:

  • Authentication
  • Authorisation
  • Protection of sensitive data on the network and
  • Handling potentially malicious input

In order to address the above mentioned security aspects Nedbank enforces Mutual SSL, which will address the following:

  • message security or transport security to encrypt and sign messages
  • platform-provided cryptography

  • platform features for key management

  • Periodically changing both our and your keys (renewal of certificates on a periodic basis)

h) Standards utilised by Nedbank for Web Services:

  • SOAP 1.1 or 1.2
  • XML 1.1
  • XML Schema 1.0
  • Web Services definition language (WSDL) 1.0

i) Applicable charges for connectivity

There will be charges applicable if you require a security certificate or a leased line.

j) Describing the Web Service contract

Nedbank initiates a Web Services-ready platform where the enterprise context will already have been populated; you are expected to echo it back on your response message.

Enterprise context headers for all message layouts (request and response) Field name Type (Max Length) Mandatory/ Optional Min occurs Max occurs Description Comment Process context ID String (36) O 0 1 This identifier indicates that the request is part of a bigger process. It is a unique ID for each process request and it must be a globally unique identifier (GUID). Usually populated with a GUID/UUID, used for tracing/tracking. Execution context ID String (36) M 1 1 This identifier is uniquely used to identify the request and it must be a GUID. Usually populated with a GUID/UUID, used for tracing/tracking. Machine IP address String (20) M 1 1 This field contains the IP address of the machine. Source IP Address User principle name String (32) M 1 1 This field contains the username that is used to log on to a machine.

Machine DNS name String (50) M 1 1 This field contains the full qualified domain name of the machine. Source Machine Name Channel ID Long (3) M 1 1 This is the unique identifier for the channel and is used to initiate the request.

Parent instrumentation String (36) M 1 1 This is the instrumentation Usually populated with a

ID ID of the parent instrumentation entry and it must be a GUID. GUID/UUID, used for tracing/tracking. Child instrumentation ID String (36) M 1 1 This is the instrumentation ID of the child instrumentation entry and it must be a GUID. Usually populated with a GUID/UUID, used for tracing/tracking.

Sample Enterprise Context format

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
<ent:EnterpriseContext>
<ent:ContextInfo>
<ent:ProcessContextId>?</ent:ProcessContextId>
<ent:ExecutionContextId>?</ent:ExecutionContextId>
</ent:ContextInfo>
<ent:RequestOriginator>
<ent:MachineIPAddress>?</ent:MachineIPAddress>
<ent:UserPrincipleName>?</ent:UserPrincipleName>
<ent:MachineDNSName>?</ent:MachineDNSName>
<ent:ChannelId>?</ent:ChannelId>
</ent:RequestOriginator>
<ent:InstrumentationInfo>
<ent:ParentInstrumentationId>?</ent:ParentInstrumentationId>
<ent:ChildInstrumentationId>?</ent:ChildInstrumentationId>
</ent:InstrumentationInfo>
</ent:EnterpriseContext>

Description of the request message Tag name Type (Max Length) Usage Min occurs Max occurs Description Format NC-10 Required 1 1 The format of the data as provided by the TI backend SecurityProxyType NC-10 Required 1 1 A value indicating the security gateway to use. DestinationKey Long(9) Required 1 1 Destination Key TransformedData NC-5000 Required 1 1 The generated data

Sample of request message

1
2
3
4
5
6
7
8
<DistributeMsgRq>
<Content>
<Format>XML</Format>
<SecurityProxyType>SECURE</SecurityProxyType>
<DestinationKey>000</DestinationKey>
<TransformedData>Data</TransformedData>
</Content>
</DistributeMsgRq>

Description of the response message (message generated by you in response to the request message) Tag name Type (Max Length) Usage Min occurs Max occurs Description ResultCode NC-3 Required 1 1 R00 - is the required response for a successful transmission of the message (all other codes will be treated as an error to be defined by the client, this list of error codes must be maintained by the client)

Sample of the response message

1
2
3
<DistributeMsgRs>
<ResultCode>R00</ResultCode>
</DistributeMsgRs>

C. Enotes PTI Web Services

Refer to Appendix F for more information on Enotes PTI Web Services.

Note: Enotes PTI Web Services is for informational purposes for clients migrated to TI from Enotes PTI. New clients must use the TI Third-party Web Services contract.

D. SWIFT (Society for Worldwide Interbank Financial

Telecommunication)

a) What is SWIFT?

SWIFT uses a standardised proprietary communications platform to facilitate the transmission of information about financial transactions. This information, including payment instructions, is securely exchanged between financial institutions.

b) Information required from you

SWIFT Address for QA and Production.

c) Nedbank Information you would require

  • Nedbank SWIFT Address for QA and Production: NEDSZAJ0 - QA NEDSZAJJ - Production

d) Hardware / Software requirements

SWIFT is compatible with the following platforms and operating systems:

  • Windows
  • Solaris
  • Linux
  • IBM AIX

Note: Contact your CIS manager for detailed SWIFT hardware and software requirements related to your platform or operating system.

e) Licensing

You need to have an agreement with SWIFT to utilise the SWIFT cloud and have a SWIFT Address.

f) Security infrastructure

As per SWIFT standards and requirements.

g) Applicable charges for connectivity

You will incur the charges as per your agreement with SWIFT.

E. Email

a) What is email?

Electronic mail, most commonly referred to as email is a method of exchanging digital messages from an author to one or more recipients.

b) Information required from you

In order to use this protocol you must have a valid email address.

c) Software requirements

Functioning email server.

d) Security

Nedbank will digitally sign the email.

e) Applicable charges for connectivity

None.

1.9.2 Near real time delivery protocol

A. Connect: Direct

a) What is Connect: Direct?

The Connect: Direct protocol is a file transfer protocol that sends data in near real time. Connect:Direct can be used over a leased line or over a public internet connection to connect to Nedbank. It can be configured to provide feedback on successfully sent files. The Connect: Direct configuration is required once the Connect: Direct software has been loaded. When the Connect: Direct configuration has been completed, the connection will be tested end to end. In most cases, Nedbank coordinates the installation.

b) Information required from you

  • Your Static Public IP Address
  • Your Server name
  • Directory
  • Connect:Direct will connect to port 1364 which must be provisioned on your firewall

Note: The email protocol does not guarantee delivery ie Nedbank can confirm the email has been sent but cannot confirm that you have received it.

c) Nedbank information you would require

  • Leased Line: Static Public IP Addresses QA - PROD - DR -
  • Internet: Static Public IP Addresses QA - PROD - DR -
  • User name Unique per client
  • Nedbank will issue one CA Certificate to you to upload on to your Connect:Direct software.

d) Hardware / Software requirements

The Connect: Direct software is compatible with the following platforms and operating systems:

  • Z/OS
  • UNIX
  • LINUX
  • Windows
  • Select
  • HP Non-Stop (Tandem)
  • Open VMS
  • OS/600 Series
  • VM/VSE
  • Gentran Integration Suite

Note: Contact your CIS manager for detailed Connect: Direct hardware and software requirements related to your platform or operating system. Certain LINUX versions are not supported.

e) Licensing

You will require your own Connect:Direct license or a spoke license can be issued from Nedbank. If you already have an existing spoke license with Nedbank you can use the same license to receive your TI files if capacity allows.

Note: You will not be able to use a spoke license issued by another entity to connect to Nedbank.

f) Security infrastructure

Connect:Direct ensures that your information stays private and that your file transfers are auditable for regulatory compliance through a proprietary protocol, authorisation and encryption.

g) Applicable charges for connectivity

If you require a spoke license from Nedbank there is a monthly license fee and a once off installation fee applicable.

Note: Contact your Transactional Banker for further information.

B. Secure file transfer protocol (SFTP)

a) What is SFTP?

SFTP is a secure file transfer protocol that sends data in near real time. This is a much preferred and enhanced version of transferring files in a more secured manner when compared with FTP (unsecured protocol for file transfer). There are licensing implications for both. A 'staging area' is required where the files will be put in your business environment to be picked up by an application for internal processing. It uses a fire-and-forget pattern and therefore no acknowledgment of receipt is required. You have two options when using SFTP protocol:

  • You must exchange security keys with Nedbank and vice versa and
  • You must supply Nedbank with a user name.

b) Information required from you

  • Static Public IP Address
  • User name
  • Public key
  • Port number 22 must be open on your firewall

c) Nedbank information you would require

  • Leased Line: Static Public IP Addresses QA - PROD - DR -

  • Internet: Static Public IP Addresses QA - PROD - DR -

  • Public key and IP Address Unique per client

d) Software requirements

You will require a SFTP server that is compatible with Nedbank's system.

Note: Nedbank uses a Unix operating system SFTP software. Please confirm with your Nedbank Integration Manager.

e) Hardware requirements

The SFTP protocol is compatible with the following platforms and operating systems:

  • Z/OS
  • UNIX
  • Windows
  • Windows NT
  • Mac OS X

Note: Contact your CIS manager for detailed SFTP hardware and software requirements related to your platform or operating system.

f) Licensing

The SFTP is for your own account.

g) Security infrastructure

Mutual SSL ie certificates issued from the SFTP software.

h) Applicable charges for connectivity

None

C. SWIFT FileAct

a) What is SWIFT FileAct?

SWIFT FileAct provides a way to transfer large volumes of data in different formats to your correspondents, whether you need to transfer mass payments information, documents, images, or other data. In the case of TI you can opt to receive your FTI, PTI and / or IOD files using SWIFT FileAct.

The mechanism used by Nedbank to transfer TI files on SWIFT FileAct is to use store and forward.

Note: Nedbank only uses store and forward for TI, ie realtime is not available.

b) Information required from you:

  • Your SWIFT Address for QA and Production environment. Nedbank will accept the BIC8 or BIC11 SWIFT address.
  • Requester DN Example: o="Client BIC",o=swift

c) Nedbank information you would require:

  • Nedbank SWIFT Address for QA and Production environments are NEDSZAJJ.
  • This information will be applicable to PTI, FTI and IOD:
  • Request Type o PTI = pain.xxx.irtrpt or pacs.xxx o FTI = pain.xxx.eodrpt or pacs.xxx o IOD = pacs.xxx
  • Responder DN: o=nedszajj,o=swift
  • Files for File Act must not be compressed
  • SWIFT Fileact Service to be used for store and forward: o QA = swift.generic.fast!p o Prod = swift.generic.fast

d) Hardware / Software requirements

  • SWIFT Alliance Gateway

e) Licensing

There are no licencing requirements from Nedbank but you need to have a valid SWIFT Address.

f) Security infrastructure

FileAct uses SWIFTNet Public Key Infrastructure (PKI) that enables the authentication and the integrity control for every file transferred.

g) Applicable charges for connectivity

SWIFT charges a FileAct usage fee per transferred file. The transfer fees vary according to the size (in bytes) of the file and the institution's global tier. Nedbank will not levy a charge for connectivity, you will be charged as per your agreement with SWIFT.

D. Email

a) What is email?

Electronic mail, most commonly referred to as email is a method of exchanging digital messages from an author to one or more recipients.

b) Information required from you

In order to use this protocol you must have a valid email address.