SFTP Gateway is a pre-configured SFTP server that transfers files to Azure Blob Storage.
Version 3 lets you read and write directly to Blob Storage, using the SFTP protocol. This version also includes a folder management feature for configuring sharing scenarios such as multi-user read/write to the same Blob Storage location.
To start, you provision SFTP Gateway from the Azure Marketplace. This takes you to the VM creation wizard in the Azure portal.
Azure Marketplace Steps
You first need to subscribe to the SFTP Gateway product. Doing so allows your Azure account to provision the SFTP Gateway VM offer.
Navigate to the SFTP Gateway product on the Azure marketplace
You should see the following screen:
On the Plans + Pricing tab, you should see SFTP Gateway 3.2 from the drop down menu.
Click the Get it now button.
You will see a modal that may ask you for basic profile information:
Make sure the Software plan is set to SFTP Gateway 3.1.
Fill out the required fields if necessary, and click the Continue button.
Azure Portal Steps
You will be taken to the Azure Portal:
Under Plan, choose SFTP Gateway 3.1 from the drop down menu. Then, click Create.
It will bring you to the Create a virtual machine wizard.
Create a VM
On the Basics tab, fill out the following information:
- Resource Group: Click Create New and enter a name. Or, select an existing one from the drop-down menu.
- Virtual machine name: Enter a name for your VM. Since this is Linux, try to use only lowercase letters and hyphens.
- Region: Select a region.
- Image: This should be pre-populated, since you were directed here from the Azure Marketplace.
- Size: For testing purposes, you can use B1ms. For production, we recommend one of the D sizes.
- Authentication type: Select SSH public key authentication (or password).
- Username: Enter a username, such as azureuser.
- SSH public key: Paste in a public key in which you have access to the private key.
- Public inbound ports: Keep this at the default, which is to allow
SSH (22). You will later configure advanced options on the Networking tab.
- Licensing: Skip this field since it's not required (despite having a "*"), or select a license if you have one.
The form looks like this:
Note: Port 22 is open to the world, because the SSH protocol is on port 2222.
Note: To create an ARM template, see this article.
Click on the Networking tab, and configure the following options:
- Virtual network, Subnet, Public IP: These should auto-populate based on information you provided earlier.
- NIC network security: Select Advanced
- Configure network security group: Click Create new
Configure inbound rules on the network security group.
This is where you grant your IP address access to ports 22, 2222, 80, and 443.
Click + Add an inbound rule
In the Add inbound security rule window to the right, edit the following fields:
- Source: Change this from Any to IP Addresses
- Source IP addresses/CIDR ranges: Paste in your IP address, followed by /32 to specify a range of a single IP. Note: You can get your current IP address from http://checkip.dyndns.org
- Service: Make sure this says Custom
- Destination port ranges: Change this to "22,2222,80,443"
- Name: Change this to something descriptive, like Sysadmin-access
Click OK at the bottom to close the Add inbound security rule window.
Click the Review + create tab on the top
It will take a few moments to validate. You should see "Validation passed" in green. Otherwise, go back and address any issues.
Review your information and click Create on the bottom.
It will take a few minutes to provision your VM.
Once complete, you should see your Resource Group with the following resources:
- Virtual machine: This is the SFTP Gateway server.
- Public IP address: When you stop the VM, you will be given the option to reserve the IP address. Make sure you do so.
- Network security group: This acts as a firewall for the VM.
Access the Admin Interface
To access SFTP Gateway admin interface, go to the VM details page and copy the Public IP address (Fig-1).
Paste the URL in the address bar of your browser.
The next step is to go through the First Launch Experience to create your first web admin account.
For more information, we have a video that walks through setting up SFTP Gateway on Azure.