J.P. Morgan is committed to sharing information about best practices that are commonly used to help keep file transmissions reliable and secure. Please review the information below and apply these practices to the extent possible to improve your experience with J.P. Morgan Host-to-Host.
Host-to-Host has two independent environments: Client Acceptance Testing (CAT), also known as User Acceptance Testing (UAT), and Production.
Clients are required to use separate security credentials in each of the environments.
Please note that production data must never be transmitted to the J.P. Morgan CAT environment, nor should test data ever be sent to the J.P. Morgan production environment, except as specified by special setups that are designed for production verification testing.
J.P. Morgan strongly recommends that you keep your environments and applications up to date with respect to security patches and currently supported software versions.
We will, without notice, routinely update the Host-to-Host environments to ensure that proper versioning and applicable security patching is up to date.
Failure to maintain your applications at current release versions may result in connectivity errors.
J.P. Morgan has regularly scheduled maintenance windows for the Host-to-Host environments:
Effective October 1, 2024 the Production maintenance window will change:
We will conduct routine updates and patching during these times, and it may be necessary, on occasion, to make Host-to-Host unavailable to clients. To minimize disruption, it is strongly recommended that clients avoid scheduled transmissions during these maintenance windows. If you experience connectivity issues during one of these windows, please retry after the window has expired.
All connectivity to Host-to-Host servers must be addressed to the URL that you have been assigned.
It is J.P. Morgan's policy to utilize multiple data centers for connectivity as part of our resiliency strategy. This strategy requires that we periodically switch data centers as a normal course of business. Because this will be routinely done without notice, clients must not use direct IP addressing or cache Host-to-Host IP addresses for an extended period of time.
Clients who use hard-coded IP addressing must assume the responsibility for service interruptions that may result when planned or unplanned events result in IP address changes on the J.P. Morgan infrastructure. J.P. Morgan is unable to change its resiliency-related business practices, and is unable to make special accommodations for the use of hard-coded IP addressing.
J.P. Morgan is a large organization with a highly distributed, globally load-balanced proxy infrastructure. We own specific IP address space that has been specifically reserved for services hosted globally within our own public DMZ infrastructures. Since we are a known business partner accessing services over the Internet and we only source transmissions from hosts under our management, we hope clients would not have concerns to trust this address space.
Firewalls should be configured to allow traffic across the J.P. Morgan owned IP ranges below:
Please note that J.P. Morgan Host-to-Host will replace our SSH keys and SSL certificates annually, while our PGP key will be replaced every 2 years.
Please consider the following best practices when setting up your file transmission operation to help reduce transmission failures:
If you receive failure notifications from J.P. Morgan, please contact us prior to resending files in order to prevent duplicate transactions.
Certain behaviors may result in service disruptions and impact your ability to upload and download files requiring corrective action.
The following behaviors should be avoided to prevent service disruption or performance.
If you have any of the following requirements, please discuss with the J.P. Morgan technical team prior to implementation.
It is J.P. Morgan's policy to limit the number of concurrent sessions allowed on Host-to-Host. J.P. Morgan recommends establishing a single connection to transmit and/or retrieve files and immediately disconnect upon completion. Clients who insist upon using multiple concurrent sessions may experience temporary connection failures due to exceeding the maximum number of allowed sessions. Impacted clients will resume normal operations as their open sessions above the maximum allowed threshold are disconnected.
If you are sending a large number of files in a short period of time, this may trigger a denial of service attack alert at J.P. Morgan. To protect its clients, J.P. Morgan may take action to terminate a connection and disable an account when such alerts occur.
You should note that Host-to-Host often acts only in the capacity of sending your files to target systems, and that there may be limitations to the speed by which those systems may receive and process files. Because of this, there are times when it may be necessary to adjust the timing of your file delivery process. Please discuss all high volume considerations with the J.P. Morgan technical team prior to implementation.
If you are not sure whether we received your file, or if a failure occurs after successful delivery of a file to us, do not resubmit the file without consulting the J.P. Morgan support team. Resubmission may result in a duplicate file.
Know that certain files cannot be recovered, and must be re-sent. This includes, although not exclusively, any file with improper naming, and any file for which the digital signature could not be confirmed.
If J.P. Morgan detects a virus within a received file, the file will be quarantined, and will not be processed. We will invoke our standard process to notify you and instruct you to send a clean file.
Repeated occurrences of virus detection may result in the locking of your Host-to-Host account.
Contact the Solution Center Transmissions Support team at 978-805-1200, or by emailing HosttoHost.helpdesk@jpmorgan.com, with any questions about the J.P. Morgan Host-to-Host platform. Representatives are available to assist you, 24 hours a day, Monday through Friday. Government, municipal and public sector clients should call 844-718-0643. Please note that the support team cannot advise clients on specific actions needed to make required changes to their systems. Clients should contact their application vendors for assistance.
All trademarks, trade names and service marks appearing herein are the property of their respective owners