Azure SFTP Gateway Backup and Recovery

We have developed the following process for recovering SFTP Gateway users and configurations. This will be useful in the following cases:

• A region outage requires you to do a cold failover to another region
• You need to migrate or replicate to another region
• An SFTP Gateway instance is accidentally deleted

Note: The backup and recovery process captures the credentials for both password and SSH key based authentication.

Make sure you test this process thoroughly in your own environment.

Disclaimer: This backup and recovery strategy is intended for standard installations of SFTP Gateway. If you have customized your SFTP Gateway installation(s), please contact us at azure-support@thorntech.com to see if this solution will work for you.

Backup

---

Creating a backup

The SFTP Gateway backup script is a Python script that you install on your SFTP Gateway instance. The script backs up the following data to a single flat YAML file (and later gets compressed as a tar.gz file).

• user properties
• user passwords/keys
• global SFTP Gateway properties

This backup artifact can be imported into a new SFTP Gateway stack to restore settings and configuration.

The backup.py script will create a backup file named sftpgw-backup-YYYY-MM-DD-HH-MM-SS.tar.gz. By default, this file is saved in the/opt/sftpgw/backups directory (which gets created if it doesn't already exist).

Run a backup script to generate an artifact

1. SSH to the server as the administrator user (this is generally ubuntu)

2. Install pip and script dependencies

   sudo apt install -y python-pip 
   

3. Install script dependencies

   pip install pyyaml requests
   

4. Download the backup script

   cd /home/ubuntu/
   wget http://www.sftpgateway.com/backup-and-recovery/backup.py
   

5. Run the backup script

   sudo su
   python backup.py
   

6. Locate the backup artifact

   cd /opt/sftpgw/backups/
   ls -la
   

   Look for a backup file in the format sftpgw-YYYY-MM-DD-HH-MM-SS.tar.gz.
   This will later be used to recover SFTP Gateway users and configuration.

7. Move this backup artifact to your home directory

   cp -a /opt/sftpgw/backups/sftpgw-*.tar.gz /home/ubuntu/
   

8. In a different terminal session, copy this file to your local machine

   scp -i <private-key> ubuntu@<ip-address>:/home/ubuntu/sftpgw-*.tar.gz .
   

Transfer this artifact to the new VM and run a script to restore settings from the artifact

---

To import SFTP Gateway users and configuration:

1. Upload the backup artifact to the new server

   scp -i <private-key> sftpgw-*.tar.gz ubuntu@<ip-address>:/home/ubuntu/
   

2. SSH to the server as the administrator user

   ssh -i <private-key> ubuntu@<ip-address>
   

3. Download the recovery script:

   wget http://www.sftpgateway.com/backup-and-recovery/recovery.py
   

4. Install pip

   sudo apt install -y python-pip 
   

5. Install script dependencies

   pip install pyyaml requests
   

6. Run the python recovery script

   sudo python recovery.py sftpgw-YYYY-MM-DD-HH-MM-SS.tar.gz
   

7. If have the web admin UI open, make sure you hard-refresh the web browser to see the latest changes.

Your new instance will be in the same state as the original instance, including your users and SFTP Gateway configuration.