This article walks you through the AS2 protocol and how to set up a Boomi AS2 Server from a networking perspective.
AS2 (Applicability Statement 2) is the most commonly used protocol for transmitting EDI data. The data is encrypted and sent via HTTPS. The messages use S/MIME format, and data is then wrapped in an AS2 wrapper that contains the sender’s and receiver’s information. This information is used to validate that the sending and receiving parties are who they say they are. The AS2 wrapper also allows for the exchange of Message Disposition Notification (MDN) to confirm the successful reception of the message or communicate any errors. Here is what the AS2 wrapper looks like visually from a high-level overview.
The AS2 transmission is done via the HTTP protocol, which can incorporate an SSL handshake via HTTPS. Most organizations opt not to use SSL even if they’re doing HTTPS because it’s yet another certificate to keep track of and have to renew with their Trading Partners every year. Still, it is another layer of security that can be added. Please note that the SSL certificate is different from your AS2 certificate, which is used for encrypting and signing the EDI message. The SSL certificate lives at the HTTP layer, while the AS2 certificate is for the AS2 layer. Here’s how the HTTP wrapper looks with the AS2 message so you can visualize it.
AS2 Server Networking
Now that we understand the message structure, we can start to understand how that network traffic needs to be configured. Multiple IT infrastructure items need to be taken into consideration for the Boomi AS2 EDI server to work correctly and be able to communicate with an EDI Trading Partner.
Please refer to the diagram below for visualization purposes.
All external communication is done via HTTPS, which should go through port 443.
- The first thing that is needed is an external public-facing URL and IP address that the trading partner can reach. An example of this is https://edi.xtivia.com/as2.
- Your organization will need to open port 443 on your firewall and create routing rules to forward the traffic from that public URL to your internal Boomi load balancer.
- A load balancer should sit between your Boomi AS2 Server and the external firewall that will hand off the traffic to your AS2 server.
- This is where you can do port translation from HTTPS traffic on port 443 to HTTP traffic on port 9090 so that you don’t have to manage SSL certificates on your Boomi AS2 server. You can bypass the port translation if you will be maintaining SSL certs on your Boomi servers. However, it is recommended that you don’t, as it is another maintenance item that you will need to keep track of.
While AS2 networking with multiple protocol layers can be quite daunting at first glance, it shouldn’t deter you from Boomi EDI implementation. With the correct resources and expertise, the setup process can be smooth and painless. There are other nuances that you will need to take into account, but this is the high-level networking routing that will be needed. XTIVIA has helped many clients with their EDI implementation and helped guide their IT teams through the setup of the Boomi infrastructure. Feel free to reach out to us for any questions or assistance you might need. Don’t forget to check out our other Boomi EDI implementation blog posts.
For more information, please feel free to contact us!
Please check out our other blog posts for more information about Boomi EDI implementation.