You can now easily and securely transfer files to Azure Blob Storage with SFTP Gateway.
We’re proud to announce that SFTP Gateway is now available on the Microsoft Azure Marketplace!
SFTP Gateway is a secure-by-default, pre-configured SFTP server that saves uploaded files to Azure Blob Storage. It is built on the base Ubuntu 18.04 image from Canonical found on Azure.
SFTP is still commonly used to support long-established business processes and securely transfer files with third party vendors. And it doesn’t make much sense for you to spend time and engineering resources on building your own SFTP server.
So we’ve built a simple, secure, and reliable way for Azure users to transfer files. You can use SFTP Gateway as a traditional SFTP server or to upload files to Azure storage.
Product Features
Here are some of the key features of the product:
- Simple deployment: You can deploy SFTP Gateway with a few clicks from the Azure Marketplace. Check out the video below to see how easy it is to set up the product in just 11 minutes.
- Easy user management: SFTP Gateway includes an admin web interface so you can manage users without the command line. The admin web interface lets you create users, configure their SSH key, and set a Blob Storage upload location. SFTP Gateway also provides RESTful and command line interfaces for easier scripting.
- Security: SFTP users are configured with SSH public key authentication by default. This is more secure than passwords, which can be weak and are sent over the wire. Password authentication can still be enabled if necessary.
SFTP Gateway Architecture
The architecture of SFTP Gateway looks like this:
- An Ubuntu-based Linux VM sits in a Network Security Group that has ports 22, 80, and 443 open (you have to open these ports yourself).
- An admin user manages SFTP users from a web interface.
- SFTP users upload files that gets pushed to Azure Blob Storage.
- That’s it!
Learn More
We are excited to help companies using Microsoft Azure to transfer files to Azure Blob Storage.
To learn more about the product, check out the SFTP Gateway product page on the Azure Marketplace.
And feel free to email us at azure-support@thorntech.com with any questions.
Please let us know what you think about the product!
Is there an option to download files that exist in the azure blob storage?
I’ve implemented this solution to replace our current on-prem SFTP server. I’m fairly new to Azure but I can’t seem to figure out how to connect to the web interface in order to create individual SFTP sites.
Hi Kevin,
Thanks for trying SFTP Gateway for Azure! Someone from our support team will reach out to you to address your issue. Thanks.
Hello,
Thanks for the training video. I am interested in finding a new solution for SFTP service on Azure, but I am not familiar with Linux OS, so I cannot use this service, unfortunately. I wished you could develop the windows platform as well.
Regards
Elnaz
We are currently working on a new release of the product that will greatly simplify set-up. For a standard installation, configuration will be available directly from the Admin Web Interface versus having to connect directly to the server. Our target for this next release is the end of November 2019. Thanks!
Hi Mike, I’m interested in purchasing this but after reading this comment I’m thinking I should wait for the new version. Any new features to look forward to in the newest release?
Hi Daniel,
Many of the new features in the next release will be to improve the functionality of the web admin portal. In the next release, you’ll be able to use the portal to configure the admin and SFTP users with password authentication (instead of the default SSH key auth) and also configure Storage Account credentials. Hope this helps!
Awesome. I will wait for the new product.
Can I integrate this with Azure Key Vault for Users and blob storage? How does it manage access to files and data in storage account?
Hi Chetan,
Access to the Storage Account is through Storage Account access keys, which are set in the config file `/opt/sftpgw/application.properties`. Here is a knowledge base article that has steps for setting the access keys:
https://help.thorntech.com/docs/sftp-gateway-azure/azure-initial-configuration/
Currently, there is no built-in integration with Azure Key Vault. Feel free to email us at azure-support@thorntech.com so we can further discuss your use case.
Thanks!
Robert
Hi,
I am looking solution for upload files from different vendors to blob storage using users/password on SFTP gateway, restirctions is each user when login only see own folder and be able to copy file, after copy they can see files but can’t open or delete.
One parent storage account can see all files and be able to azcopy inhouse, is it possible with SFTP gateway
Regards
Hi John, at a high level overview, each SFTP user is chrooted to a location within their own home directory, so they won’t be able to see each other’s files. As for files being read-only after upload — we don’t have that specific feature. But, you can point the user’s “uploads” directory to a specific location in Blob that syncs to the user’s “download” directory. So from the user’s perspective, they upload a file to “uploads”, it disappears, and a few minutes later there’s a read-only copy in their “downloads” directory. As for the storage account, an admin on your side should be able to run azcopy or az cli commands as long as you have access keys. Feel free to email us at azure-support@thorntech.com, and we can continue the conversation there.
Hi,
You mentioned that SFT-gateway is a secure solution.
Is it deployed with an anti-virus or is it left at the discretion of the customer ?
Also, how to follow up with Ubuntu patches and update ?
Would you recommend to turn on automatic update ?
Last but not least, is there a way to backup the users configuration ?
Thanks
BR
Alain
Hi,
I have now tried to use this server for a couple of days with no luck. New problems each time. After recreate the SFTP Gateway server today the admin web don’t respond at all. Last time the server stopped after uploading a user key. Sad for such a great concept.
Regards
Jan Isaksson
Hi Jan,
Sorry for the inconvenience! I believe we are waiting for feedback from you regarding your support ticket. We look forward to helping you get your instance working correctly!
I did a mistake of not enabling port 80 and 443- how can i enable them so i can get to the management console
Hi Priyantha, you can edit your Network Security Group rules to allow ingress on ports 80 and 443. We have an article which sort of covers the topic, but the steps are going to be a bit different for editing an existing NSG. https://help.thorntech.com/docs/sftp-gateway-azure/azure-launch-a-vm/#go-through-the-create-a-virtual-machine-wizard Feel free to reach out to us at azure-support@thorntech.com if you would like me to elaborate. Thanks! Robert
Do you have the architecture and instructions to setup a Highly-Available and Load Balanced SFTP Gateway in Azure?
Hello John,
SFTP Gateway for Azure can support High Availability, however, we do not have an automated setup in the current version. We do have this feature on our roadmap for a future release. If you need this solution sooner, we offer a Premier Support option (https://www.thorntech.com/products/support/) where we can develop this for you.
Please contact azure-support@thorntech.com if you’re interested in Premier Support or if you would like to be put on our email notification list for when this feature is released. Thanks.
Hi
I spin up the gateway machine today but i dont see the storage-account-setup in utilities under /usr/local/bin. i ran a find too couldnt find it
To make SFTP Gateway for Azure easier to use and configure in version 2.001.00, we have removed the storage-account-setup script and moved this functionality into the admin web interface. You can find fields for setting these configurations in the Settings page of the web interface.
This can also be set from the SFTP Gateway CLI. You can run the command `sudo sftpgw update-system-config help` to see the parameters for setting the storage account name and key.
Any chance that authentication to the Storage Account is possible via a Managed Service identity and not an Access key?
I’d rather not use Access Keys, for all sorts of reasons MSi would be a much better solution.
Alternatively, has there been any use cases with using dynamic access keys via a PAm solution (such as hashicorp vault or even Azure key Vault?).
Thanks