FTP to Azure Blob Storage

23
votes

I had to setup secure FTP to Azure Blob Storage using popular FTP clients (like FileZilla, for example). After doing lot of research, I came across a link that says:

Deployed in a worker role, the code creates an FTP server that can accept connections from all popular FTP clients (like FileZilla, for example) for command and control of your blob storage account.

Following the instructions of the link, I had implemented the same and deployed the worker role on Azure production environment and it was successful. But still I am not able to connect the FTP host server (provided by me in configuration file) using FileZilla. I don't know what I had done wrong or missed anything.

2
azureftpazure-storage-blobsazure-worker-rolesfilezilla
But.. why? There are already two very good FTP-style Azure Storage clients out there: storageexplorer.com and azurestorageexplorer.codeplex.comevilSnobu
@evilSnobu thanks!!! ....so you mean to say I don't need to have ftp setup and i can do so by using azure storage explorer. also can upload and download the blob files.techV
That's exactly right.evilSnobu
Do take a look at storageexplorer.com. It lets you connect to your storage account using a Shared Access Signature which doesn't include the account key.Gaurav Mantri
You would need to create a SAS URI either on a blob or the blob container (depending on what you're trying to do). You can create a SAS URI using this tool itself or programmatically. I would highly recommend reading azure.microsoft.com/en-in/documentation/articles/… to learn more about SAS. HTH.Gaurav Mantri

2 Answers

12
votes

But why?

There are already two very good FTP-style Azure Storage clients out there:
http://storageexplorer.com and http://azurestorageexplorer.codeplex.com

Both of them, as @Guarav well pointed out, can use a Shared Access Signature (SAS) to connect to Azure Storage without exposing the account key. You can then use a different SAS for each customer, if you're building a multi-tenant service - although if you think about it - that's not a very sound separation boundary.

Use a SAS

I would use a separate storage account for every customer. That way if a storage account gets compromised, it only affects one customer. The following limit applies:

From https://azure.microsoft.com/en-us/documentation/articles/storage-scalability-targets/:

Scalability targets for blobs, queues, tables, and files

Number of storage accounts per subscription: 200

This includes both Standard and Premium storage accounts. If you require more than 200 storage accounts, make a request through Azure Support. The Azure Storage team will review your business case and may approve up to 250 storage accounts.

18
votes

If you are okay with a little programming with Node.js, you can host a FTP server directly backed by Azure Blob.

You can use nodeftpd combined with azure-storage-fs. nodeftpd is the FTP server written in Node.js and support third-party file system manager. azure-storage-fs is a file system manager that is designed to use for nodeftpd and talks to Azure Blob directly.

The file system manager integration code is clearly written under README.md of azure-storage-fs. But you will need to write your own authentication code.