The architecture would be to have 2 or more ftp server VMs running where the servers would not work with local file storage or a file share, but rather directly towards Azure Blob Storage. It had to be a powershell only deployment method that was as dead simple as possible. Having their DevOps team muck with cspkg, etc, was simply not an option. The reason for this was that the customer may want to deploy an abitrary amount of Cloud Services each containing arbitrary of ftp server VMs around the globe. I also modified it to be a C# Console Program instead of a Azure Worker Role, because I wanted to target Azure IaaS VMs and use Custom Script Extensions to setup the ftp server. I downloaded and upgraded in to the latest Azure SDK. On Codeplex there is a sample called “FTP to Azure Blob Storage Bridge” from March 2011 that wraps a FTP server implementation in C# as a Cloud Service. How would each VM sync changes other VMs had done to this cache? I had to find another solution. Also how would you get the commands like LIST/DEL/GET to work unless you have a local cache on the VM. This means using the standard IIS FTP server and local file storage as a landing place with scripts on the VM syncing local storage to Blob Storage wasn’t an option. 30 ftp clients running 24×7 uploads that were time critical. However, the data ingress volume was going to be huge, and I mean HUGE. This meant deploying an ftp server on Azure IaaS VMs, which is possible and not rocket science. The ftp protocol was a nonnegotioable requirement. Keep in mind that changing data ingres to use the Storage REST APIs was out of question. But since Azure Blob Storage doesn’t support the ftp protocol we had to find a solution. Once added, Cerberus will attempt to authenticate users from the domain listed in the Domain edit box.A customer of mine was faced with the situation of using the ftp protocol for data ingestion and having data in Azure Blob Storage that could be fronted with CDN. To allow Active Directory authentication, you will need add a domain on the AD Users page. Only Password or Public Key and Password SSH authentication methods support AD user impersonation. The Active Directory user can still be authenticated with Public Key only authentication, but the Active Directory user cannot be impersonated. Important Security Consideration: There is an exception to impersonation for Active Directory authentication when using SFTP and Public Key only SSH authentication. All operations on the server by the user are carried out while impersonating the Active Directory user. For the purpose of access to files and folders, the FTP user has the same access as the Active Directory user with the same name. Users are able to FTP into the server using the same username and password they use to log into their workstations on the domain. The rest of the configuration is automatic. However, the machine Cerberus FTP Server is running on must be a member of the domain you wish to authenticate users against or be a member of a domain trusted by the domain you wish to authenticate against.Ĭonfiguring Cerberus to use Active Directory authentication simply requires enabling Active Directory authentication and telling the server the name of the domain to authenticate against. The domain may be an Active Directory domain, or the local system account database (use “.” as the domain for authenticating against local machine accounts). Cerberus FTP Server Professional and Enterprise editions are able to authenticate users on a Windows domain (or the local NT account database), even if the computer Cerberus FTP Server is installed on is not the domain controller.
0 Comments
Leave a Reply. |