There have been various ways of getting data to and from Azure Blob storage for some time, but SSH File Transfer Protocol (SFTP) isn’t something that Microsoft has natively supported.
Historically, organisations that wanted to push data to Azure via SFTP would have to host an SFTP server installed on a virtual machine, incurring the hosting and software costs, then map the writing of the data to the Blob Storage.
However, all of that is about to change when SFTP for Azure Blob Storage becomes available in the public release. I took a look at the documentation to get a view of what was being made available, in short, Microsoft are providing a serverless implementation of an SFTP endpoint, which in theory could reduce the cost of moving data to Azure. In theory!
Microsoft has confirmed that the usual underlying infrastructure and transportation charges will apply when using the SFTP implementation, but they have not ruled out charging for the SFTP service either. Microsoft stated, “SFTP might incur additional charges when the feature becomes generally available”. I’ll be tracking the evolution of this service and will update this post when I find out more about the pricing structure.
- It runs as a serverless application which should reduce runtime and therefore costs
- Writes directly to Blob Storage accounts
- Good number of options for SSH Key creation and management
- It’s not available from a UK datacentre, our nearest option is Ireland (North Europe)
- Service will only be available on Azure Data Lake storage Gen2, although I expect most Enterprises are likely to already be using this.
- Only authentication option is a local user
- Multifactor authentication is not supported
- No control over password generation
- No clear pricing structure is available yet – and recurring fees are likely to be based on application runtime. Data throughput and storage requirements will affect other infrastructure costs.
- It is unclear what support will be provided
Whilst Microsoft are only just starting out on their SFTP journey, the functionality in this first iteration is extremely limited. This the type of offering is geared towards enabling DevOps teams to integrate SFTP into a new or pre-existing back-end service to consume data via SFTP, alongside all the other ingestion options.
Microsoft’s SFTP server lacks a lot of the standard security features which you’d get from a commercial application, or even an open source system, such as IP whitelisting and blacklisting – but I suspect that this might be possible within the wider context of the Azure platform.
If you’re looking at this from a DevOps perspective, Microsoft have kindly listed a number of more technical limitations of their product which you can take a look at the link below.
In my opinion this offering doesn’t provide the breadth of features most organisations would expect to secure the transfer of their data. I expect Microsoft to address a few the issues, but various commercial SFTP server software solutions are a long way ahead, easier to integrate and crucially has ongoing support.
Product overview – https://docs.microsoft.com/en-us/azure/storage/blobs/secure-file-transfer-protocol-support
How to configure – https://docs.microsoft.com/en-us/azure/storage/blobs/secure-file-transfer-protocol-support-how-to
Known issues – https://docs.microsoft.com/en-us/azure/storage/blobs/secure-file-transfer-protocol-known-issues