Secure File Transfer Management for BrokerTec and EBS

CME Group offers Secure File Transfer Protocol (SFTP), a file transfer protocol service that uses the SSH protocol and public / private key authentication to securely transfer data to / from CME Group and customers. With this technology offering, data within directories is also secured.

Firm designated Back-Office Admin Managers (AM) are assigned the responsibility for managing SFTP IDs and granting permission to additional individuals to create and manage SFTP IDs; by submitting a registration form or using self-service application functions.

Use the below functions to create / manage IDs and secure profiles to authenticate access to view reports over a secure connection.

Note: This SFTP service is used only for BrokerTec and EBS trade data files. Clearing and SPAN2 file downloads are available from the dedicated Clearing SFTP Server.

• Request SFTP Access
• Access SFTP Management
• Assign User Permission
• Creating SFTP ID
• Claiming SFTP ID
• Accessing SFTP Data and Reports
• Inbound Public SFTP Keys

 

Request SFTP Access

• Futures & Options: To receive a secure SFTP ID and Password or install a public key, contact CME Clearing Services:
• onboarding@cmegroup.com
• 1 312 338 7112
• BrokerTec/ EBS: See SFTP Process (below). To designate / update AM assignment or resolve access issues, contact Enterprise Application & System Entitlements (EASE).

 

BrokerTec Report Setup

1. Entity registers for SFTP and designates a Back-Office Admin Manager who:

• Requests Post Trade Reporting access by completing and submitting the SFTP Production Registration form.
• Requests Billing Group report access by completing and submitting the BrokerTec Billing Group SFTP Production Registration Form.

2. CME Group creates a SFTP account for the entity, then notifies the Back-Office Admin Manager.

Prior to entitlement assignment, users must have a valid CME Group Login; and activation token.

3. The Back-Office Admin Manager, accesses SFTP Management to authorize individuals at their firm to create and manage SFTP IDs.
4. Authorized users can access SFTP Management to create SFTP IDs.
5. Authorized users can add a SSH Key to login to SFTP; instead of using a password.
6. After setup and user entitlement assignment, authorized users can receive / review report details via EREP/SFTP (as applicable).

Note: Receiving and Sending Encrypted Files
- To receive encrypted files from CME Group, an authorized user must create a PGP public key for the SFTP ID.
- To send encrypted files to CME Group, an authorized user can download the CME Group PGP Public Key for encryption.

See also: BrokerTec Reporting guide, which requires BrokerTec Portal access.

 

EBS Report Setup

To request EBS report access:

1. CME Group Login: Users must create or use an existing CME Group Login to register for EBS reporting services and application access to EREP / SFTP / Request Center (ESS).

For application access requests, users (including back-office admin managers) provide their CME Group Login ID and secure token to their entity administrator.

Note: CME Group or entity administrators will never ask for your password.

2. Contact Global Account Management (GAM): CME Group offers a suite of tools to help customers manage registration and on-boarding to applications and services. To get started with self-service solutions and obtain the CME Customer Center Self-Service form, contact GAM.

• For an overview of EBS services, including onboarding, reporting services and registration forms, refer to the EBS Operational Readiness Guide and Applications and Services.

3. Submit Self-Service Form: Submit the completed CME Customer Center Self-Service form to GAM.

See also: CME Customer Center Self-Service Overview

The self-service form is completed by the Entity Officer who identifies back office admin manager(s) that are responsible for:

• System administration
• Assigning user entitlements
• EREP/SFTP application configuration
• Approving self-service requests submitted by entity users
• Submitting EREP/SFTP report registration forms

4. Submit EBS EREP and SFTP Report and Billing Registration Form(s):

• EBS Standard Report EREP Registration form: Request access to a standard set of reports, including: EBS EFIX, EBS Operations and EBS Spot & Metals.
• EBS Credit Report EREP Registration form
• EBS Regulatory Report EREP Registration form
• EBS Session Report EREP Registration form
• EBS Billing Report EREP Registration form
• EBS SFTP Production Registration form - Institution Report
• EBS Institutional Report EREP Registration Form: Request access to institutional reports for spot and metals, billing and credit
• EBS SFTP Post Trade Registration form - Production

For additional setup details, including reports associated with each form, refer to EBS Reporting

 

Access SFTP Management

1. Select the User icon > My Profile.

2. From the My Account menu, select SFTP Management.

Note: The availability of this page is determined by assigned user entitlements.

1. View Details
2. Remove Account Access
3. Remove All Access
4. Permission New User

 

Assign User Permission

Before users can manage SFTP functions, a Back Office Admin Manager must assign permissions to create and manage SFTP IDs.

Prior to adding a new user, request their CME Group Login ID and token, which is used to identify the user.

1. Navigate to the SFTP Management function.

2. From the SFTP Management page, select Permission New User.

3. From the Permissions User for SFTP ID Creation screen, specify user information.

• User: Users must have a valid CME Group Login and token

To obtain a temporary token, users must access CME Group Login > My Profile to generate a token, then provide to the AM.

• Account Type: Clearing, Regulatory, Trade Repository, Billing Group, etc

• Entity: Assigns SFTP management permission to the specified entity and account combination.

4. To finalize permission assignment, select Submit, then confirm the password dialog (to validate your entitlement to assign this permission).

 

Creating SFTP ID

The following procedures illustrate the process to create a SFTP ID for a given entity, account type and account and appears for users authorized by the firm's back office admin manager to create and manage SFTP IDs.

1. From the My SFTP IDs screen, select Create SFTP ID.

2. On the screen that appears, specify SFTP ID Details.

• Account Details

• Account Type: Select Clearing, Regulatory, Trade Repository, Billing Group, Owner Group, etc
• Entity
• Account Name: Up to 50 alphanumeric (A to Z, and 0 to 9) characters and unique at the entity
• Authentication Details: Yes (specify SSH public key) or No (specify PGP public key)

 

Set up SSH Authentication from My Account page

The following instructions illustrate the process to add Secure Shell Key (SSH) for SFTP ID authentication. SSH authentication provides enhanced security for files transfers that currently use default User ID and Password authentication.

1. Select the User icon > My Profile.

2. From the My Account menu, select SFTP Management.

3. In the Actions column, select the SSH icon () for the SFTP ID to manage.

4. On the dialog that appears enter a valid (RFC4716 format) SSH Public Key, then select Submit.

A security code is sent to the mobile phone registered to the Profile.

5. Verify the multi-factor push on the mobile device.

 

Set up PGP Encryption from My Account page

The following instructions illustrate the process to create then enable a PGP Key for encryption. PGP encryption provides enhanced security for file transfers that currently use default User ID and Password authentication.

The key is used to encrypt files prior to sending to CME Group but is not uploaded as the encryption key for the SFTP ID.

1. Select the User icon > My Profile.

2. From the My Account menu, select SFTP Management.

3. In the Actions column, select the PGP icon () for the SFTP ID to manage.

This PGP key is used for the user created SFTP ID to enable encryption.

4. On the dialog that appears enter a valid PGP Public Key, then select Submit.

Note: To remove / clear the PGP public key, select Delete.
A confirmation message confirms the deletion.

5. Select Submit.

The PGP key is enabled after SFTP ID creation.

 

Claiming SFTP ID

Use the Claim SFTP ID function when the user that manages a SFTP ID is no longer with a firm but data is sent / received via the ID.

Prior to claiming a SFTP ID, ensure the claiming user is associated with same entity as the ID as the AM or authorized user.

Note: To assign permissions to claim a SFTP ID, view Manage User Permissions.

• To Claim a SFTP ID:

1. From the My SFTP IDs screen, select Claim SFTP ID.

2. On the screen that appears enter the SFTP ID to claim and associated Password, then select Submit.

A confirmation dialog appears, indicating success or failure.

 

Access SFTP Data and Reports

Using SFTP, you can connect to CME Group systems to send and receive files, using an application enabled for ssh encrypted login.

Public / private key authentication is allowed to secure connections, using SSH public key file format (RFC4716).

• To establish a connection and access files:

1. Using the password, SSH or PGP key authentication, log in to access CME Group directories (incoming / outgoing):

Futures & Options / BrokerTec / EBS: Production access via internet

• Address: sftp.cmegroup.com
• IP address: 205.209.196.150
• Port: 22

Futures & Options: Production access via leased line WAN

• Address: sftp.cmegroup.com
• WAN CDN connection VPN IP address: 167.204.72.96
• WAN Futures &Options: 167.204.41.34
• Port: 22

BrokerTec: Production access via leased line WAN

• Address: sftp.cmegroup.com
• WAN CDN connection VPN IP address: 167.204.72.96
• Port: 22

EBS: Production access via leased line WAN

• Address: sftp.cmegroup.com
• IP address: 167.204.72.206
• Port: 22

2. After successful login, the root directory appears with default directories to access files.

Directory paths are case sensitive and must be entered exactly as indicated.

Folders and directory path are available as described below:

• incoming: Confidential data files submitted by firms. Firms upload files as required by CME Group.
• outgoing: Confidential files, from CME Group, for firms to download and review or complete.
• pub: A file folder that can be setup with subdirectories to send and receive files.
• Sample report filenames:

BrokerTec

• BTEC111_IDY.[Business_Date].BTEU.[GFID].[master account].csv
• BTEC111_EOD.[Business_Date].BTEU.[GFID].[master account].csv

EBS: End of Day report format

EREP

• CEOD200_EBS_(GFID)_yyyy-mmm-dd.csv

In this example CEOD200 is the EOD Client Order Events - EBS Market - Daily Report, which is available via EREP.

• CEOD200_EBS_(GFID)_yyyy-mmm-dd.csv

SFTP

• CEOD200_(yyyymmmdd).EBS.(GFID).OG_(CID).csv

In this example CEOD200 is the EOD Client Order Events - EBS Market - Regulatory - Daily Report, which is available via SFTP.

• CEOD200_(yyyymmmdd).EBS.(GFID).OG_(CID).csv

Reports are updated at:

US

• 9:00 AM CT
• Intraday: every hour
• 4:30 PM CT

 

• Inbound Public SFTP Keys

This PGP public key is used by the customer to encrypt files before sending to CME Group.

To encrypt your files before uploading to CME SFTP, use the following key:

• Production Environment

https://www.cmegroup.com/content/dam/cmegroup/misc/sftp-key/CMEGroup_PROD_PGP_pubkey.asc