You can now easily and securely transfer files to Azure Blob Storage with SFTP Gateway.
We’re proud to announce that SFTP Gateway is now available on the Microsoft Azure Marketplace!
SFTP Gateway is a secure-by-default, pre-configured SFTP server that saves uploaded files to Azure Blob Storage. It is built on the base Ubuntu 18.04 image from Canonical found on Azure.
SFTP is still commonly used to support long-established business processes and securely transfer files with third party vendors. And it doesn’t make much sense for you to spend time and engineering resources on building your own SFTP server.
So we’ve built a simple, secure, and reliable way for Azure users to transfer files. You can use SFTP Gateway as a traditional SFTP server or to upload files to Azure storage.
Product Features
Here are some of the key features of the product:
- Simple deployment: You can deploy SFTP Gateway with a few clicks from the Azure Marketplace. Check out the video below to see how easy it is to set up the product in just 11 minutes.
- Easy user management: SFTP Gateway includes an admin web interface so you can manage users without the command line. The admin web interface lets you create users, configure their SSH key, and set a Blob Storage upload location. SFTP Gateway also provides RESTful and command line interfaces for easier scripting.
- Security: SFTP users are configured with SSH public key authentication by default. This is more secure than passwords, which can be weak and are sent over the wire. Password authentication can still be enabled if necessary.
SFTP Gateway Architecture
The architecture of SFTP Gateway looks like this:
- An Ubuntu-based Linux VM sits in a Network Security Group that has ports 22, 80, and 443 open (you have to open these ports yourself).
- An admin user manages SFTP users from a web interface.
- SFTP users upload files that gets pushed to Azure Blob Storage.
- That’s it!
Learn More
We are excited to help companies using Microsoft Azure to transfer files to Azure Blob Storage.
To learn more about the product, check out the SFTP Gateway product page on the Azure Marketplace.
And feel free to email us at azure-support@thorntech.com with any questions.
Please let us know what you think about the product!
Is there an option to download files that exist in the azure blob storage?
I’ve implemented this solution to replace our current on-prem SFTP server. I’m fairly new to Azure but I can’t seem to figure out how to connect to the web interface in order to create individual SFTP sites.
Hi Kevin,
Thanks for trying SFTP Gateway for Azure! Someone from our support team will reach out to you to address your issue. Thanks.
Hello,
Thanks for the training video. I am interested in finding a new solution for SFTP service on Azure, but I am not familiar with Linux OS, so I cannot use this service, unfortunately. I wished you could develop the windows platform as well.
Regards
Elnaz
We are currently working on a new release of the product that will greatly simplify set-up. For a standard installation, configuration will be available directly from the Admin Web Interface versus having to connect directly to the server. Our target for this next release is the end of November 2019. Thanks!
Hi Mike, I’m interested in purchasing this but after reading this comment I’m thinking I should wait for the new version. Any new features to look forward to in the newest release?
Hi Daniel,
Many of the new features in the next release will be to improve the functionality of the web admin portal. In the next release, you’ll be able to use the portal to configure the admin and SFTP users with password authentication (instead of the default SSH key auth) and also configure Storage Account credentials. Hope this helps!
Awesome. I will wait for the new product.
Can I integrate this with Azure Key Vault for Users and blob storage? How does it manage access to files and data in storage account?
Hi Chetan,
Access to the Storage Account is through Storage Account access keys, which are set in the config file `/opt/sftpgw/application.properties`. Here is a knowledge base article that has steps for setting the access keys:
https://help.thorntech.com/docs/sftp-gateway-azure/azure-initial-configuration/
Currently, there is no built-in integration with Azure Key Vault. Feel free to email us at azure-support@thorntech.com so we can further discuss your use case.
Thanks!
Robert
Hi,
I am looking solution for upload files from different vendors to blob storage using users/password on SFTP gateway, restirctions is each user when login only see own folder and be able to copy file, after copy they can see files but can’t open or delete.
One parent storage account can see all files and be able to azcopy inhouse, is it possible with SFTP gateway
Regards
Hi John, at a high level overview, each SFTP user is chrooted to a location within their own home directory, so they won’t be able to see each other’s files. As for files being read-only after upload — we don’t have that specific feature. But, you can point the user’s “uploads” directory to a specific location in Blob that syncs to the user’s “download” directory. So from the user’s perspective, they upload a file to “uploads”, it disappears, and a few minutes later there’s a read-only copy in their “downloads” directory. As for the storage account, an admin on your side should be able to run azcopy or az cli commands as long as you have access keys. Feel free to email us at azure-support@thorntech.com, and we can continue the conversation there.
Hi,
You mentioned that SFT-gateway is a secure solution.
Is it deployed with an anti-virus or is it left at the discretion of the customer ?
Also, how to follow up with Ubuntu patches and update ?
Would you recommend to turn on automatic update ?
Last but not least, is there a way to backup the users configuration ?
Thanks
BR
Alain
Hi,
I have now tried to use this server for a couple of days with no luck. New problems each time. After recreate the SFTP Gateway server today the admin web don’t respond at all. Last time the server stopped after uploading a user key. Sad for such a great concept.
Regards
Jan Isaksson
Hi Jan,
Sorry for the inconvenience! I believe we are waiting for feedback from you regarding your support ticket. We look forward to helping you get your instance working correctly!
I did a mistake of not enabling port 80 and 443- how can i enable them so i can get to the management console
Hi Priyantha, you can edit your Network Security Group rules to allow ingress on ports 80 and 443. We have an article which sort of covers the topic, but the steps are going to be a bit different for editing an existing NSG. https://help.thorntech.com/docs/sftp-gateway-azure/azure-launch-a-vm/#go-through-the-create-a-virtual-machine-wizard Feel free to reach out to us at azure-support@thorntech.com if you would like me to elaborate. Thanks! Robert
Do you have the architecture and instructions to setup a Highly-Available and Load Balanced SFTP Gateway in Azure?
Hello John,
SFTP Gateway for Azure can support High Availability, however, we do not have an automated setup in the current version. We do have this feature on our roadmap for a future release. If you need this solution sooner, we offer a Premier Support option (https://www.thorntech.com/products/support/) where we can develop this for you.
Please contact azure-support@thorntech.com if you’re interested in Premier Support or if you would like to be put on our email notification list for when this feature is released. Thanks.