Please update your browser.
Recommended Best Practices
J.P. Morgan is committed to sharing information about best practices that are commonly used to help keep file transmissions reliable and secure. Please review the information below and apply these practices to the extent possible to improve your experience with J.P. Morgan Host-to-Host.
Host-to-Host has two independent environments: Client Acceptance Testing (CAT) and Production.
Clients are required to use separate security credentials in each of the environments.
Please note that production data must never be transmitted to the J.P. Morgan CAT environment, nor should test data ever be sent to the J.P. Morgan production environment, except as specified by special setups that are designed for production verification testing.
J.P. Morgan strongly recommends that you keep your environments and applications up to date with respect to security patches and currently supported software versions.
We will, without notice, routinely update the Host-to-Host environments to ensure that proper versioning and applicable security patching is up to date.
Failure to maintain your applications at current release versions may result in connectivity errors.
All connectivity to Host-to-Host servers must be addressed to the URL that you have been assigned.
It is J.P. Morgan's policy to utilize multiple data centers for connectivity as part of our resiliency strategy. This strategy requires that we periodically switch data centers as a normal course of business. Because this will be routinely done without notice, clients must not use direct IP addressing or cache Host-to-Host IP addresses for an extended period of time.
Clients who insist upon the use of hard-coded IP addressing must assume the responsibility for service interruptions that may result when planned or unplanned events result in IP address changes on the J.P. Morgan infrastructure. J.P. Morgan is unable to change its resiliency-related business practices, and is unable to make special accommodations for the use of hard-coded IP addressing.
Concurrent Logon Sessions
It is J.P. Morgan's policy to limit the number of concurrent sessions allowed on Host-to-Host. J.P. Morgan recommends establishing a single connection to transmit and/or retrieve files and immediately disconnect upon completion. Clients who insist upon using multiple concurrent sessions may experience temporary connection failures due to exceeding the maximum number of allowed sessions. Impacted clients will resume normal operations as their open sessions above the maximum allowed threshold are disconnected.
J.P. Morgan is a large organization with a highly distributed, globally load-balanced proxy infrastructure. We own two Class B/16s of IP address space that have been specifically reserved for services hosted globally within our own public DMZ infrastructures. Since we are a known business partner accessing services over the Internet and we only source transmissions from hosts under our management, we hope clients would not have concerns to trust this address space.
Firewalls should be configured to allow traffic across the two J.P. Morgan Class B IP ranges:
- 126.96.36.199 — 188.8.131.52
- 184.108.40.206 — 220.127.116.11
J.P. Morgan has regularly scheduled maintenance windows for the Host-to-Host environments:
- Production: Saturday 8 p.m. ET – Sunday 5 a.m. ET
- Client Acceptance Test (CAT): Tuesday 5 p.m. – 10 p.m. ET and Thursday 5 p.m. – 10 p.m. ET
We will conduct routine updates and patching during these times, and it may be necessary, on occasion, to make Host-to-Host unavailable to clients. To minimize disruption, it is strongly recommended that clients avoid scheduled transmissions during these maintenance windows.
If you experience connectivity issues during one of these windows, please retry after the window has expired.
Please consider the following best practices when setting up your file transmission operation to help reduce transmission failures:
- Use DNS addressing with short-lived address caching.
- Make sure that your system is using current security credentials — both yours and ours.
- Ensure that your system provides confirmation of both success and failure conditions.
- On a connectivity failure, automatically retry the connection. After three successive failures, publish an alert to your operations team. If assistance is required, contact J.P. Morgan.
- Track failures over time, such that you may identify an intermittent problem.
- Refresh your DNS/IP addressing cache whenever a connectivity failure occurs.
- Make sure that transaction acknowledgements and confirmations that are generated and sent to you by J.P. Morgan are distributed to your business users.
- Make sure that there is a current email address on file at J.P. Morgan so that you receive notifications from us. J.P. Morgan will send automated email notifications on certain failure conditions.
If a failure occurs after successful delivery of a file to us, do not resubmit without consulting with the J.P. Morgan support team.
If you have any of the following requirements, please discuss with the J.P. Morgan technical team prior to implementation:
- You must send more than 1000 files in a single day
- You must send many files in a very short period of time
- You must send or receive very large files (> 100MB)
If you are sending a large number of files in a short period of time, this may trigger a denial of service attack alert at J.P. Morgan. To protect its clients, J.P. Morgan may take action to terminate a connection and disable an account when such alerts occur.
You should note that Host-to-Host often acts only in the capacity of sending your files to target systems, and that there may be limitations to the speed by which those systems may receive and process files. Because of this, there are times when it may be necessary to adjust the timing of your file delivery process. Please discuss all high volume considerations with the J.P. Morgan technical team prior to implementation.
If you are not sure whether we received your file, or if a failure occurs after successful delivery of a file to us, do not resubmit the file without consulting the J.P. Morgan support team. Resubmission may result in a duplicate file.
Know that certain files cannot be recovered, and must be re-sent. This includes, although not exclusively, any file with improper naming, and any file for which the digital signature could not be confirmed.
If J.P. Morgan detects a virus within a received file, the file will be quarantined, and will not be processed. We will invoke our standard process to notify you and instruct you to send a clean file.
Repeated occurrences of virus detection may result in the locking of your Host-to-Host account.
Contact the Solution Center Transmissions Support team at 978-805-1200 with any questions about the Host-to-Host platform. Representatives are available to assist you, 24 hours a day, Monday through Friday. Please note that the support team cannot advise on specific actions needed to make required changes to your systems. You should contact your application vendors for assistance.
You're now leaving J.P. Morgan
J.P. Morgan’s website and/or mobile terms, privacy and security policies don’t apply to the site or app you're about to visit. Please review its terms, privacy and security policies to see how they apply to you. J.P. Morgan isn’t responsible for (and doesn’t provide) any products, services or content at this third-party site or app, except for products and services that explicitly carry the J.P. Morgan name.