How to Deploy a Secure FTP (SFTP) Service on Microsoft Azure

How to Deploy a Secure FTP (SFTP) Service on Microsoft Azure

Deploying a secure Azure FTP server in your network helps you secure the storage, sharing, and management of your mission-critical files. When integrating this service with Files.com, you further enhance the capabilities of your business to tackle the secure sharing of files and it enables you to widen the reach of your collaborative workforce.

We will have a look at all these features and capabilities. For now, let us start with the basics…

What is an FTP service?

The term file transfer protocol (FTP) refers to the process of transferring files between devices over a network. For the process to work, one party needs to allow the other one to send or receive the files before the transfer can be completed.

The FTP protocol was originally used as a way for users to communicate and exchange information between two physical devices. Today, it is commonly used to store files in the cloud, offering even more secure data storage capabilities on remote servers.

FTP service is a Microsoft Windows service that runs on servers also running Microsoft Internet Information Services (IIS). It is a service that supports the standard FTP protocol and allows users to upload and download files between FTP clients and FTP servers over the Internet.

The FTP protocol – and the server-client setup – can be used in any networked environment. It can be applied in personal, small business, or enterprise network architectures to transfer files from one computer system to another or by websites to upload or download files from remote servers.

What is SFTP?

The Secure File Transfer Protocol (SFTP) is also a file protocol for transferring large files over the Internet. It builds on the FTP protocol and includes Secure Shell (SSH) security components.

SSH is a cryptographic component of Internet security that was designed by the Internet Engineering Task Force (IETF) for greater web security. SFTP is used to transfer files securely using SSH and encrypted FTP commands to prevent attacks using techniques like password sniffing and the exposure of sensitive information in plain text, as well as against man-in-the-middle attacks.

The SFTP protocol runs over the SSH protocol. It uses the normal SSH port 22 and supports multiple concurrent connections and operations. The client, meanwhile, identifies each operation with a unique number that must match the server’s response. This means multiple requests can be processed asynchronously. The SFTP protocol is initiated only when the user uses SSH to log into the server to avoid leaving additional ports exposed or maintaining additional authentications.

An SFTP server requires both communicating parties to authenticate themselves by either providing a user ID and password or by validating an SSH key – or using both methods. One-half of the SSH key is stored on the two clients, while the other half is stored on the server and associated with their account as a “public key”. It is only when the SSH key pair matches that it can be deemed a successful authentication.

What are the advantages of SFTP service on an Azure FTP server?

There are several advantages to using SFTP service on an Azure FTP server, including:

  • Azure authentication The cloud platform offers username and password combinations with the added benefits of SSH keys to ensure user authentication.
  • Enhanced security Administrators can limit their SFTP services by creating containers and defining which IP address ranges can access them.
  • Access control They can also configure their servers to give access to multiple users and define who can do what with the shared resources.
  • Isolated services The integration of SFTP services into an existing Azure VPN allows for the isolation of SFTP access to local users within the Azure environment using private IP addresses and end-to-end VPN access.

All this, basically, adds to a more secure file storage and sharing experience with ease.

Deploy SFTP on an Azure FTP server – a step-by-step guide

Let us now move on to how you can deploy your own Azure FTP server. There are two steps involved when it comes to deploying SFTP on an Azure FTP server:

  1. Creating an Azure Container Instance (ACI) with an Azure File Share as storage support

This is the basic approach. It is a cost-effective, simple, and fast-to-deploy SFTP solution. ACI is backed up by Azure File Share, which is a robust and persistent storage solution.

  1. Integrate Azure storage with a third-party cloud file-sharing solution such as Files.com

Adding Files.com allows you to integrate your Azure server with the cloud storage platform. This allows you to mount Azure’s blob storage into Files.com’s SFTP service. This way, you get a file-sharing and storage solution that is even more secure and dynamic. The two deployments can automatically synchronize to lessen any manual intervention that may be required.

Let us have a look at how we can do this.

Create an Azure Container Instance (ACI) with an Azure File Share as storage support

An Azure Container Instance, or ACI is a managed service that allows you to deploy and run containers directly from the Microsoft Azure Cloud without you having to worry about providing the underlying infrastructure.

Create a Blob Storage

Microsoft Azure allows you to create a file storage space that can be accessed from anywhere over the Internet using HTTP and HTTPS protocols.

First, we will create our blob storage on Microsoft Azure. Here are the steps:

  1. Sign in to Microsoft Azure by going here.
  2. Click on the Storage Accounts menu that is located midway down the left panel. You should see the available storage account(s) – if any – to choose from.

Azure Storage Accounts menu

  1.  You can go ahead and click on the Create button on the top left pane to create a new one. You should see the Storage Account Creation screen.

Azure Create Resources

  1. Enter the requested data, including your Resource group name and Storage account name. Then, click on the Review + create button at the bottom. You should now get to see the Review Configuration screen.

Azure Blob Create Storage Account

  1. It is time to review all configuration information and, upon approval, go ahead and click on the Create button.

And you’re done.

Create an ACI Container

Let us move along and see how we can create a container on the Azure portal to deploy the SFTP server.

You can follow the steps below to create your container:

  1. Once you have signed in to the Azure portal, go to your storage account. Your screen should look something like this:

Azure Deployment is Complete

  1. Go to Data storage and then click on Containers. Next, click on the +Container button at the top of the central panel. Note that you will be asked to provide information like your container name and access levels.

Azure Storage Blob Container

  1. Input your container name and access level; then click on the Create button to create a new ACI container.
  2. Now, go into your newly created container.
  3. Click on the Upload button to upload some files from your local drives to the container instance.

Azure Blob Upload Files

  1. After selecting your files from the local drives and clicking on the Upload button, you should see your uploaded files on the following screen.

Integrate Azure SFTP with Files.com File Sharing Service

Files.com is a cloud file-sharing and storage solution that allows you to mount and synchronize files between your Azure blob storage and the Files.com repository.

Let us go ahead and, with the help of the following steps, see how we can mount Azure blob storage on Files.com:

  1. You can sign up for a 7-day FREE trial of Files.com; it will do for now. You can choose to continue to use Files.com by upgrading your subscription once you have made up your mind.

Files.com sign up and dashboard

  1. Click on Integrations to get a list of all supported services.
  2. Click on Microsoft Azure Blob Storage.

Files.com Integrations and Azure

  1. Click on Add Microsoft Azure as a remote server, and you will be asked to provide information about your Azure storage and its access key.

Files.com enter Azure storage details

  1. Provide the Connection name, Azure Storage Account, Container name, and access key, and click on the Save button. Once you are connected to Azure. You should see the following screen:

Files.com enter Azure setup complete

  1. Click on the Files on the dashboard.
  2. Click on New Folder to create a folder that you will use on Files.com.
  3. Once you have entered your desired folder name, you can click on the Create button to create your folder.
  4. Now, go ahead and take a peek at your newly created folder – click on Folder settings to make changes.
  5. Next, click on Remote server mount to mount your Azure storage; you should see the different mount options that are available to you. In your case, you need to then click on Add new remote server mount.
  6. Select your Azure blob storage account, provide your root directory path (/), and finally click on the Save button.
  7. After a successful mount, all files from your Azure blob storage will now be mounted on Files.com.

And, that’s it. You have combined your Azure and Files.com deployments to create a secure Azure FTP server. You can now mount, manage, and sync your files and folders – which are stored on Azure – using the Files.com dashboard.

But, why the need for Files.com integration?

This is a good question and the reason we need it is that Files.com offers the following features and advantages:

  • Enhanced security All file transfers to and from the platform are protected with SFTP and FTPS, and it also allows for HTTPS connections to files and folders.
  • Encryption All data stored on Files.com are encrypted for additional security.
  • Two-factor Authentication (2FA) There is even more security thrown in to make sure the users asking to access data are indeed who they say they are.
  • Collaboration Additional third-party solutions can be integrated into the deployment for better use and processing of the data. Examples include Google Workspace or Microsoft 365 which can be allowed to access the files directly.
  • Easier management Adding a SaaS service into any architecture makes it easier to manage as most of the responsibility in the backend is covered by the service provider – in this case, Files.com. Administrators simply need to work with the access and storage of their files.
  • Centralized control Regardless of server or user locations, administrators only have to deal with a single interface to manage any, and all, deployments.

As can be seen, Files.com allows for custom file and folder security on top of the robust security that Azure and the platform itself have to offer. Easier scalability and accessibility also make this an ideal integration.

Start your Azure SFTP server deployment today!

Whether you are a small business or a large enterprise, you need to have at least one secure Azure SFTP server to accommodate your file storage and sharing. With the Azure and Files.com integration, we have just seen, you can deliver this critical file management and access solution.

Let us know your thoughts, comments, or questions. Leave us a line below.

Leave a Reply