Azure SFTP

First of all, what is SFTP?

Secure File Transfer Protocol (SFTP) is nothing else than a protocol that uses secure shell encryption for transferring data safely.

SFTP is a protocol that won’t die, being deeply embedded in inter-enterprise workflows and the cloud vendors are offering it as a Service.

AWS was the first to offer a fully managed SFTP Service for Amazon S3. Now it’s Azure’s turn, even if it is still in Preview as of 15/02/2022, the solution looks very promising.

First of all it is based on Azure storage accounts which means no SFTP server will be visible to the end user. Secondly it uses the Azure Data Lake hierarchical file system on top of blob storage, offering the option to enable a hierarchical namespace and unlock capabilities such as file and directory-level security and faster operations.

Both solutions, from AWS and Azure, are implemented on top of REST-based file systems: Azure uses blob storage and AWS uses S3.

AWS SFTP provides access to specific S3 buckets and prefixes per user, who can then use SFTP to upload, download, and delete files to and from these buckets.

Azure SFTP, on the other hand, is requiring an identity associated with that credential for the storage account. That identity is called a local user. Local Users are a new form of identity management provided with SFTP support. You can add up 1000 local users to a storage account.

SFTP and the hierarchical namespace

SFTP support requires blobs to be organized into on a hierarchical namespace. So, it organizes objects (files) into a hierarchy of directories and subdirectories in the same way that the file system on your computer is organized.

The interoperability between SFTP and REST can be translated by saying you get the best of both worlds: old school folders organized into a hierarchy of directories and sub directories, but also modern access through REST APIs and Azure SDKs.