These are the roles that are needed:

  • Admin

Direct transfers

This section explains the direct transfer feature of the ISG. The host ISG below is the ISG that starts with the assets, and the client is the ISG is scheduled to receive them.

Direct transfers work between ISGs running on any platform. The gateways are only able to transfer files directly if they are able reach one another, and both need to be able to reach iconik. Note that iconik does not need to be able to reach the ISG. This means that they can all be behind firewalls, as long as they are able to reach each other. All communication is performed over HTTPS so it is possible to configure the gateways to communicate via an HTTPS proxy if that is required. This can however have performance implications so use with care.

The direct transfer feature will only be used if there is a Direct transfer Address configured for the host ISG. If that is not configured the transfer will fall back to using the host ISG's default cloud storage as intermediate location.


By default, the direct transfer feature is turned off for all your storages. In this setup no ports are opened, and transfers will use the fallback transfer method where the files is transferred via the default cloud storage.

If you do not specify which port as part of the transfer URL then the default 8443 will be used.

Example addresses

  • Assuming the network configuration allows for access to, this will try to reach the ISG on port 42069.

Note that all of these use the HTTPS protocol. This is the only supported protocol for transfers at this time.


If transfers from the host ISG to the client ISG fail, start by start by verifying that HTTPS connections from the client to the host succeed. You can test this by trying to reach https://{your remote address}:{port}/v1/healthcheck/. This will try to connect to an endpoint on the ISG to check for availability. Do note that the certificate on the endpoint will not be trusted by your computer, but should match the certificate on the host ISG and will be trusted by the client ISGs. This endpoint should respond with {"status": "Ok"}. You can run use the command curl -k https://{your remote address}:{port}/v1/healthcheck/ on a MacOS or Linux ISG.

Start by verifying the following:

  • Verifying that a Direct Transfer Address is configured on the host ISG's storage configuration page.
  • Verify that the address either is an IP address or that the hostname exists in DNS.
  • Depending on your platform, the ISG may not be able to bind to system protected ports such as 443. We recommend the use of higher numbered ports such as ports from the range 8000-9000.
  • Check the ISG logs for any error messages.

Learn more