AS2 (Applicability Statement 2) is a file transfer protocol (FTP) that supports fully automated, server-to-server file transfers. It's suitable for two or more parties who often transact with each other and require paper-free transfers that ensure message integrity, security and reliability.
Although capable of transmitting almost any type of data over the Internet, AS2 is mostly associated with the transmission of EDI messages. To give you a good understanding of AS2, we need to start with Electronic Data Interchange (or EDI) first.
EDI is an efficient method for exchanging electronic documents used in support of interorganizational and intraorganizational transactions. EDI was first used by the transportation industry in the 1960s and was eventually picked up by retailers, grocers and more.
When two organizations or two departments (in the case of intra-company transfers) transact or engage in a business process, they normally exchange supporting documents, often in paper form. For instance, a company and its supplier may exchange requests for quotations (RFQs), purchase orders, purchase order acknowledgements, shipping notices, invoices and many others.
To expedite these processes, many businesses eliminate the use of paper and transmit electronic documents instead. Some companies manually encode the supporting document and then send it to the other party via email. Others use EDI.
EDI is mostly carried out automatically between computer systems. In other words, it rarely involves human intervention (aside from exceptional cases like maintenance, troubleshoots or audits). More importantly, the contents of an EDI document or message are structured in a certain way and are based on a family of standards.
Because EDI data is standardized, it is possible to automatically generate its contents using data from business applications (e.g. inventory, accounting, sales, purchasing, delivery, etc.) or an ERP system. Correspondingly, it is also possible to extract data from an EDI message and make it available to business applications — again, without human intervention.
As the illustration below suggests, an EDI mapping/translation software can be used to convert application data to EDI or the other way around, i.e., EDI to application data.
There are several benefits when you exchange business documents in this manner. You can:
The first implementers of electronic data interchange came from the automotive industry, where it was introduced alongside Just-In-Time and Lean Manufacturing processes. EDI made it possible for the geographically dispersed and heterogeneous systems of different suppliers to connect and transact quickly, seamlessly and efficiently. Today, EDI is implemented in various industries, including finance, insurance, transportation, supply chain and many others.
In the U.S. healthcare industry, EDI is one of the key provisions in the Health Insurance Portability and Accountability Act (HIPAA), whose main objectives include the standardization of health care transactions.
But where does AS2 fit into all this?
See that orange bi-directional arrow in the figure above, the one connecting those two companies? AS2 plays a crucial role in that area. Let's talk about it now.
In EDI terminology, two parties who exchange information using EDI are called trading partners. Obviously, geographically separated trading partners must share a common method for transmitting/receiving messages over a WAN. The traditional way of exchanging EDI messages is through what is known as a Value-Added Network or VAN.
VANs are third-parties that operate like post offices, i.e., they receive EDI messages from a sending trading partner and forward it to the intended recipient. Trading partners must subscribe to the same VAN (or at least to VANs that are interconnected) in order to successfully engage in EDI.
Today, however, more and more organizations are avoiding VANs and are instead exchanging their EDI messages over the Internet through commonly used protocols. This option is more affordable to small trading partners who have limited budgets. And because most organizations are already connected to the Internet, this method also allows businesses to quickly onboard new trading partners.
Of course, there's one major problem when you send data over the Internet. Your data will be exposed to numerous threats. So if the EDI messages you send contain sensitive or confidential information, they have to be secured. AS2 can provide the needed security.
AS2 possesses attributes designed to ensure secure file transfers. These include:
AS2 is normally delivered over HTTP/S (HTTP or HTTPS). As a result, you likely won't have to make additional configurations on your firewall to allow those EDI messages through.
Now let's trace the flow of a typical AS2 data transfer.
To protect your EDI messages with data-in-motion encryption, your AS2 file transfer has to be sent over HTTPS. HTTPS encrypts data using SSL. In addition, it allows your server to affix a digital signature that will enable the receiving trading partner to verify whether the message came from an identified source. An AS2 transmission done over HTTPS basically looks like this:
Note: The server in the figure below corresponds to the machine marked "Communications" in the previous figure.
Here's what happens at each step:
AS2 also provides trading partners with a means to issue electronic return receipts known as MDNs. An MDN or Message Disposition Notification serves as a confirmation that the transmission went through successfully. Basically, upon arrival of the EDI message, the receiving server automatically issues an MDN, affixes its digital signature to it, and then sends it back to the message sender.
This is how the AS2 transmission would look like when MDN is applied.
The best way to transmit AS2 is through a managed file transfer server. When delivered through an MFT server, AS2's built-in security can be augmented by other secure features like logging, access control, DLP, strong authentication and many others. Read more about the essential attributes of a secure file transfer.
DLP or data loss prevention, in particular, can help you detect sensitive data in your EDI messages - a must for companies operating in industries covered by regulations like PCI-DSS, HIPAA, SOX, and GLBA.
Another key advantage of transmitting AS2 using a managed file transfer server is that the same MFT server can be used to accomplish a full range of other file transfer tasks.
Lastly, a managed file transfer server like JSCAPE MFT Server supports triggers. Triggers are used in automating business processes and are essential in implementing EDI. To learn more about triggers, view these videos:
Using Trading Partners in JSCAPE MFT Server - Part 1
Using Trading Partners in JSCAPE MFT Server - Part 2
or read these posts:
Using Triggers to Automate File Deletion
Using Regular Expressions in Triggers - Part 1
EDI transactions are under more scrutiny as data security becomes a primary focus of both business and IT leaders. AS2 provides additional benefits for businesses looking to share point-to-point payloads over the internet, including:
Would you like to try this yourself? JSCAPE MFT Server is platform-agnostic and can be installed on Microsoft Windows, Linux, Mac OS X and Solaris, and can handle any file transfer protocol as well as multiple protocols from a single server. Additionally, JSCAPE enables you to handle any file type, including batch files and XML. Download your free 7-day trial of JSCAPE MFT Server now.
How To Set Up An AS2 Server With JSCAPE: A QuickStart Guide
How To Set Up Automated AS2 File Transfers