Recently Microsoft have released into Public Preview SFTP for Storage Accounts. Last month, one of the customers I work with wanted to have a look as a proof of concept, with a view to replace their current implementation, once it is released in General Availability.

This was a perfect reason to look into deploying it to have my own investigation into the public preview.

There are a few steps needed to get the storage account deployment correctly.

Configuration

1. Enable subscription preview feature.

   Before you can use the feature it needs to be enabled within the subscription due to it’s preview status. This can be done by running the following command

    AZ CLI
    az feature register --namespace Microsoft.Storage --name AllowSFTP
    PowerShell
    Register-AzProviderFeature -FeatureName "AllowSFTP" -ProviderNamespace "Microsoft.Storage"
   

   This also can be done via the Azure Portal and the Preview Features blade at the subscription level.

   

2. Deploy SA with hierarchical namespace.

   For the SFTP feature to be available the Storage Account needs to use a hierarchical namespace. During the deployment this option can be selected. According to the documentation you can also enable this for a pre-existing storage account. I personally did not do this all my testing was done with new General Purpose V2 Storage Accounts.

3. Enable SFTP.

   Once you have deployed a storage account with all the correct pre-requisites. You should be able to enable the SFTP feature. This can be done at creation for new Storage Accounts or via the Storage Account pane for already existing accounts.

4. Create user and home folder.

   You can now create specific FTP user accounts that can access the FTP site with either a Password or SSH public key for authentication.

   

   You can create new Containers or use existing ones and specific permissions for the user at time of creation.

   

   If you are using a password this is shown and copyable at this point.

   

   Note when creating new users and containers the names used must use lower-case letters and numbers only with a length between 3 and 64 characters.

5. Connect to SFTP site

   You should now be able to connect to the storage account using a SFTP client, using your password or public/private key pair. The username myaccount.myusername e.g sftpmbops.testuser1

Limitations

1. Little or No PowerShell / AZ CLI support due to Public Preview.

   ARM Templates and via the Azure Portal at the moment. Due to the public preview PowerShell and Azure CLI modules are currently not available.

2. Limited Regions during Preview.

   The number of regions are limited during the Public Preview and as such might not be an ideal location for users. Fortunately in my case it was available in a region they wanted to use. Below are the currently available locations

   • North Central US
   • East US 2
   • Canada East
   • Canada Central
   • North Europe
   • Australia East
   • Switzerland North
   • Germany West Central
   • East Asia
   • France Central
   • West Europe

3. Restricted to LRS and ZRS.

   Currently Geo replication is not supported in any aspect of the storage account tier. As such GRS (Geo-Redundant), GZRS (Geo-Zone-Redundant), RA-GRS (Read-Only Geo-Redundant)and RA-GZRS (Read-Only Geo-Zone-Redundant) are not supported. So if you are using the replication as part of your BC/DR planning then currently this isn’t for you.

Further Reading

Microsoft Docs