SFTP Gateway Support

3.0

Planning your cutover

Overview

This article will go over the different types of cutovers (DNS or IP). Which cutover type largely depends on your specific use case.

DNS cutover

A DNS cutover is the ideal situation. You can migrate between environments (or roll back) without having to touch your infrastructure.

To be eligible to perform a DNS cutover, your existing SFTP users must already be connecting via a DNS hostname (e.g. sftp.thorntech.com).

A side note for performing any DNS cutover work. Before you do anything that impacts production, you should set the TTL (time to live) value to the lowest allowed value (e.g. 300 which is 5 minutes). This will reduce your production downtime to a minimum.

There are different strategies for setting up your DNS records, which will be covered below:

Simple DNS cutover example

Starting with the simplest example, let's say you have a v2 server with the following DNS record:

Host A record:
sftp.thorntech.com => 1.2.3.4

In this case, 1.2.3.4 represents the IP address of your v2 server.

To perform a cutover to a new v3 server with the IP of 5.6.7.8, you would modify the Host A record to point to the new IP:

Host A record:
sftp.thorntech.com => 5.6.7.8

Once the Host A record is updated, you will have to wait for your DNS changes to propagate. This may take several hours, depending on the TTL value.

Going from single VM to HA

A more complicated example would be going from a standalone server to an HA stack. HA uses a network load balancer which has a CNAME as its DNS endpoint. So you would have to first convert your records to CNAMEs.

Let's say your v2 server has the following DNS record:

Host A record:
sftp.thorntech.com => 1.2.3.4

Create another Host A record, and this is dedicated to the v2 server:

Host A record:
sftp-v2-server.thorntech.com => 1.2.3.4

Then, create a CNAME record that points to the server's A record:

CNAME record:
sftp.thorntech.com => sftp-v2-server.thorntech.com

Note: You may need to delete the existing Host A record before it lets you create the CNAME. If this is the case, schedule this work to be performed during a maintenance window.

After making this change, wait several hours for your DNS changes to propagate. You can check by using the nslookup or dig commands to make sure your DNS records are configured correctly.

Now that you are on a CNAME, cutting over to the NLB's DNS hostname is straightforward. You would just update the CNAME record:

CNAME record:
sftp.thorntech.com => your.nlb.endpoint.for.the.v3.stack.microsoft.com

IP cutover

If your existing SFTP users are connecting via IP address, you will have to perform an IP cutover.

Note: After the migration, you should gradually have your SFTP users start connecting via a DNS hostname, which is a best practice.

Please see this KB article for detailed instructions. This article covers the following:

  • Migrating from a single VM to a single VM
  • Migrating from a single VM to an HA stack with load balancer
Deploy a v3 serverNext