7

I have a partner who would like us to use a commercial product called Connect Direct where we would normally use ssh based scp or sftp. Besides reading their website, which is of course not quite impartial, is there any material (or do any of you have any opinions or info) on why this software is better than cron (or at) and scp scripting?

Kyle
  • 1,849
  • 2
  • 17
  • 23

4 Answers4

9

Having used Connect Direct, I would say avoid it if you can.
My reasons are:

  • Is very hard to set up (it took our infrastructure team a year)
  • There is a massive learning curve to the application, no one here really understands it still
  • We haven't found it any more reliable than psftp and a cron job.

On its plus sides:

  • Banks seem to love it
  • When it works it guarantees that the file is sent and received and you can be quite sure that the communication is secure.
Andrew Cox
  • 268
  • 3
  • 6
  • As you point out, massive learning curve and that means that you are insecure due to complexity. You put your data at risk because the security isn't simple and obvious. – Scott Alan Miller May 08 '13 at 21:04
  • Crazy. An app that transfers files takes a team of people a whole year to set up properly? if it took more than a day for one person I'd say it's rubbish, avoid it at all costs! On the other hand, maybe your partner company is insisting and they are a bank. I'd still push back if I were you – hookenz May 08 '13 at 21:37
  • Connect:Direct is also used to transfer data between legacy mainframe systems (more often on IBM mainframes nowadays) and other systems. – ShooShoSha Oct 11 '17 at 22:01
  • Your infrastructure team took it a year? how many minutes did they alloted for this setup in a day? I only took 3 hours to setup C:D on a client. – EAL Mar 18 '18 at 12:08
7

Wikipedia has some nice information at: http://en.wikipedia.org/wiki/NDM.

From what I can ascertain with a bit of searching, it was built to guarantee stability with arguably less of a compromise in speed than similarly flexible solutions.

Rushyo
  • 227
  • 2
  • 9
  • 3
    Hmm it's probably inferior to rsync+ssh in that respect. – niXar Aug 27 '09 at 15:12
  • 1
    Agreed, Rsync, SFTP and SSH seem to replace all NDM functionality in open, free and, most importantly, easy to understand, ergo secure, ways. NDM is too complex to use in any situation requiring a modicum of security unless it is a full time NDM position where people use it day in, day out and manage all aspects of it. – Scott Alan Miller May 08 '13 at 21:06
  • 1
    I think wikipedia article was moved to https://en.wikipedia.org/wiki/Connect:Direct – industryworker3595112 Sep 29 '16 at 07:21
  • The problem with the wiki page (NDM or its new home Connect:Direct), the article does not cite enough independent sources about its functionality. – ShooShoSha Oct 11 '17 at 22:00
4

My biggest concern with Connect:Direct is how unnecessarily complex it is. That it is costly and outdated is another issue. And that it is closed source and doesn't have the industry support, eyeballs and testing that OpenSSH is still another issue. My key concern with CD is that it violates one of the most fundamental security concerns - that "complexity is the enemy of security." You can be complex or you can be secure but you can't be both. From a high level, I feel that Connect:Direct is insecure through its own complexity. I can only assume that there are many other security blunders under the hood - being closed source and barely used makes it easy to hide or ignore other types of security problems. I would not have faith in this product. I'm not happy at all that I've had to use it.

Scott Alan Miller
  • 487
  • 4
  • 7
4

Sometimes you've got to ditch mainframe era technology, even if it used to be top-notch and cost an arm and a leg. From the description I fail to see what Direct:Connect provides that isn't matched or outclassed by scripted rsync, ssh, or even (depending on your needs) tar.

dlamblin
  • 929
  • 2
  • 10
  • 20