Update II: Final customers testing session added for Saturday, May 9th.
CME plans to install a software update to CME Secure SFTP on Saturday May 9, 2015. With this enhancement, CME will no longer support “Open SSH public key format” that is currently used by some of clearing firms to connect to CME SFTP. Instead CME will now support “SSH Public Key File Format (RFC4716)” effective May 9, 2015.
To help SFTP customers with this enhancement, CME will conduct a final testing in production on Saturday, May 9th. Please note: all firms that utilize public key to access CME SFTP are required to participate in Production testing on May 9th. If you do not participate in this testing, you will risk your firms’ ability to access CME SFTP following the upgrade.
This change will impact connectivity to the following CME SFTP sites:
- Internet based “sftpng.cmegroup.com” IP: 188.8.131.52.
- WAN connection to IP: 184.108.40.206.
To help with this enhancement, CME will convert the majority of the Open SSH Public Keys to SSH Public Key File Format RFC4716. Some customers with special public keys will need to convert their current production keys to RFC4716 format. CME is directly reaching out to those customers and providing them with key conversion instructions.
Firms can test this enhancement now by connecting to the CME Test SFTP site. Below please find the site information and testing procedure:
- Internet based site address: sftpcert.cmegroup.com;
- Web based site IP address: 220.127.116.11.
- Public keys are copied from Production to the testing site expect the special public keys which require firms to convert them.
- Firms can connect using their public keys and using the same credentials currently used for Production SFTP site.
- Firms can send test date files into the Incoming folder
- Or Download test file “CME.Cipher.Test.xml” from the Outgoing folder.
- When the user is able to access their SFTP account, upload or download the test file, then testing is successful.
Please note the following regarding the Test SFTP site.
- Some firms who access the site for the first time might be required to add the site DNS and IP address into their firewall.
- Other firms who rely on the DNS name only for the SFTP site, may access the site without the need to add the site IP address to their firewall.
- CME doesn’t require adding the firms’ source address information for this site.
Mock Testing in Production on May 9th:
- We encourage all firms to participate in this final testing their connectivity in production on May 9th.
- Customers utilize Public Key are required to participate in the testing since they are impacted the most by this enhancement.
- To test this enhancement, firms are encouraged to execute some of their upload or download jobs as they do in production.
- Any data files submitted to CME SFTP will be deleted. Similarly, firms are expected to delete any data files downloaded as part of this testing.
- Testing window is between 8:00 AM to 12:00 Noon CST.
- If you are interested in testing in Production on May 9th, please let us know by sending an email to firstname.lastname@example.org.
For more information please contact CME Clearing at (312) 207-2525.
For a printer-friendly version of this advisory, please click here.