Menu
We have a requirement to create large (1G-16G) row data reports compress and encrypt them. Our customers will consume those reports over sFTP. We are replacing an existing implementation so our customer should get this change transparently.
Azure Blob service does not expose sFTP service so we will need some way to facade it with sFTP service. Something similar to FTP to Azure Blob Storage Bridge based on worker role. The worker role will expose sFTP endpoint to the outside world. We will setup a container per customer and limit the access from worker roles only so containers will be protected from direct access.
My questions are:
Related Questions:
In Windows Azure: What are web role, worker role and VM role?
Azure Architecture Design
904
You could possibly achieve this by simply exposing the blob storage endpoints directly over HTTPS and look to use Shared Access Signatures (http://www.windowsazure.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/) to restrict access to those blobs.
Based on your feedback then - perhaps look to leverage Linux to run an sFTP server and use either the Java, Node or PHP Azure SDKs to achieve the same objective of pulling your content from blob storage on a scheduled basis without the need of a worker role (cron should see you right). To be honest you'll be doubling your storage use (not that it's that expensive) as you'll pull the blob out of storage and onto the VHD of your VM but this approach would work.
I notice you said you were encrypting the files written to blob storage - you could just use a PKI approach and share the key with customers allowing them to pull directly via HTTPS. Anyway, sFTP it appears to be :).
140
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
