AS2 (Applicability Statement 2) is a file transfer protocol that enables organizations to conduct fully automated, server-to-server file transfers. You can use it to exchange business documents with one or more parties in a paper-free manner. AS2 can be used for exchanging digitized purchase orders, invoices, healthcare claims and other types of business documents. By exchanging these files through AS2, you can ensure message integrity, confidentiality and reliability.
AS2 is based on the Hypertext Transfer Protocol (HTTP) and incorporates Secure/Multipurpose Internet Email Extensions (S/MIME) for business-grade messaging. AS2’s built-in electronic receipt functionality, known as Message Disposition Notification (MDN), is a function of S/MIME. Since firewalls are normally configured to allow HTTP and HTTPS (HTTP secure) connections, you won’t have to apply any configuration changes to your firewall for AS2 to work.
The AS2 protocol can transfer almost any type of file over the Internet. However, it’s more closely associated with EDI messages. To get a good grasp of AS2, you need to understand what Electronic Data Interchange is first.
EDI is a standardized, scalable and efficient method for exchanging digitized business documents used in inter-organizational and intra-organizational transactions. It originated in the transportation industry in the 1960s, but was eventually adopted by other industries like retail, e-commerce, healthcare and manufacturing.
When two organizations or two departments (in the case of intra-organizational transfers) transact or participate in a business process, they normally exchange supporting documents. For example, a manufacturer and its supplier may exchange requests for quotations (RFQs), purchase orders, shipping notices, invoices and so on. Or, in the healthcare industry, hospitals and insurance companies may exchange healthcare claims, eligibility verification, claim status inquiries and so on.
These supporting documents used to be exchanged in paper format. As you might have experienced yourself, manual processing of paper-based documents is error-prone, slow and inefficient. To streamline the processes involved, many organizations replace paper-based documents with electronic documents. Some of these companies manually encode the supporting document and then send it to the other party via email. Others, on the other hand, use EDI.
EDI-based transactions are usually carried out automatically between computer systems. They rarely involve human intervention. In most cases, humans only get involved when the systems require maintenance, troubleshooting or audits.
EDI documents follow a standardized format or structure. By leveraging automation scripts, integration middleware, EDI translation tools or other intermediary software, you can automatically generate EDI documents using data sourced from business applications (e.g. those used in inventory, accounting, sales, purchasing, etc.) or an Enterprise Resource Planning (ERP) system. Similarly, you can automatically extract data from an EDI message and make it available to business applications and your ERP system.
This diagram illustrates what we mean:
You can gain substantial benefits when you exchange business documents through EDI. For instance, you can:
Some of the first adopters of electronic data interchange came from the automotive industry. Car manufacturers used EDI alongside Just-In-Time and Lean Manufacturing processes. EDI made it possible for the geographically dispersed and heterogeneous systems of car manufacturers and their different suppliers to connect and transact quickly, seamlessly and efficiently. Today, EDI is implemented across various industries, including finance, insurance, logistics, supply chain and many others.
In the United States healthcare industry, the use of EDI is mandated by the Health Insurance Portability and Accountability Act (HIPAA). HIPAA’s key objectives include the standardization of health care transactions, an undertaking that’s perfect for EDI.
But where does AS2 fit into all this?
Do you see that orange bi-directional arrow in the diagram above, the one connecting Company A and Company B? AS2 plays a crucial role in that area .
Let's talk about it further and if you want to experience AS2 in action, request a free JSCAPE MFT Server trial.
Two parties that exchange information through EDI are called trading partners. When two trading partners operate in two different geographical locations, they must agree on a common method for transmitting and receiving EDI messages across a wide area network (WAN). In the past, the most common solution for this type of undertaking used to be a Value Added Network (VAN).
VANs are third-party service providers that act like post offices. They receive EDI messages from a sending trading partner and then forward them to the receiving trading partner. For this method to work, both trading partners must subscribe to either the same VAN or to interconnected VANs.
These days, however, organizations are shifting from VANs to internet-based solutions that use file transfer protocols like standard File Transfer Protocol (FTP), SSH File Transfer Protocol (SFTP) and AS2.
This shift, which cuts the middleman, is largely due to the lower barrier to adoption and Total Cost of Ownership (TCO) associated with using internet-based protocols compared to VANs. Most organizations are already connected to the internet and are even actively using internet-based solutions. Thus, by going this route, organizations can leverage existing infrastructure. It also means organizations can easily onboard new trading partners through this option.
One of the biggest problems with exchanging EDI data over the internet, however, is the increased exposure to cyber threats. Since most EDI transactions involve sensitive data, they have to be secured. AS2 readily provides the security needed to address this problem.
AS2 is equipped with features that enable secure file transfers. These features include:
AS2’s built-in security features make it suitable for business-to-business (B2B) data exchanges. For this reason, large enterprises like Walmart, Unilever and General Motors, either require or recommend the use of AS2. If you need to transact with large enterprises, you may have to adopt AS2 to achieve interoperability with those enterprises.
If all this still sounds vague, an overview of how a typical AS2 data transfer works might enlighten you.
To ensure data security, AS2 file transfers are usually sent over HTTPS. HTTPS encrypts data in transit using SSL/TLS. It also enables trading partners to use digital certificates for mutual authentication. For added security, you can augment HTTPS with AS2’s built-in encryption functionality. Regardless whether you use AS2’s built-in encryption or not, an AS2 transmission done over HTTPS is already secure and looks like this:
Note: The AS2 server in the diagram below corresponds to the machine marked "Communications" in the previous diagram.
Let’s break that diagram down:
If MDN is enabled, one more step would be added. This is how the AS2 process flow shown earlier would then look like.
Rising cyber threats and increased pressure to achieve regulatory compliance is pushing business leaders to focus more on data security. These factors further strengthen the case to deliver EDI transactions through AS2. That said AS2 offers more business benefits than just enhanced security. These benefits include the following:
The best way to implement AS2 is through a managed file transfer (MFT) server. An MFT server like JSCAPE MFT Server by Redwood can augment AS2’s built-in security functions with complementary security features such as data-at-rest encryption, logging, access control, data loss prevention (DLP), strong authentication and many other essential attributes of a secure file transfer.
DLP, in particular, can help you detect sensitive data in your EDI messages and prevent it from leaking out. The presence of this capability is crucial for companies operating in industries governed by laws and regulations like PCI-DSS, HIPAA, SOX and GLBA.
A managed file transfer server doesn’t just support AS2. It also supports a wide range of other file transfer protocols such as FTP/S, HTTP/S, SFTP and Odette File Transfer Protocol (OFTP). This will allow you to interoperate with any trading partner that prefers to exchange data through other file transfer protocols. JSCAPE MFT is Drummond-certified. The Drummond Group tests software applications to ensure reliability and interoperability between certified products.
Lastly, a managed file transfer server like JSCAPE MFT Server is fully equipped with automation-enabling capabilities. These capabilities enable you to automate business processes. To learn more about JSCAPE MFT Server’s automation features, view these videos:
Using trading partners in JSCAPE MFT Server - part 1
Using trading partners in JSCAPE MFT Server - part 2
or read these posts:
Using triggers to automate file deletion
Using regular expressions in triggers - part 1
Indeed, JSCAPE MFT Server is built to accomplish a full range of file transfer workflows.
Would you like to try this yourself? JSCAPE MFT Server is platform-agnostic and can be installed on Microsoft Windows, Linux, Mac OS X and Solaris. Additionally, JSCAPE enables you to handle large file transfers and any file type, including batch files and XML. JSCAPE MFT Server also has an API that allows you to manage it programmatically. Ready to evaluate JSCAPE in your own environment? Here are your next steps: