WebAdmin Documentation
System Description¶
The diagram of the main WEB components of the SFTPPlus system and the interconnection between them is illustrated in Figure 1. below.
Figure 1
Operators of the SFTPPlus system can be users or maintainers.
Users¶
Connecting to the system as a user can be done with local or global user accounts.
In order for a user to log on to the SFTPPlus system with a local user account, it will connect to a Client PC, which will further communicate with the Server Machine through the Client Software installed on the Client PC. The local user account has to be associated to the servers to which logging on is desired. This association is done by maintainers through the SFTPPlus WebAdmin application.
The Client Software provides communication through a given protocol, for example connecting to a server with local FTP(S) or SFTP client, softwares like Total Commander, WinSCP, or others can be used. HTTP(S) servers can be accessed through a web browser using the SFTPPlus Web Client application integrated on the Web Admin component of the system. The default server to which it is possible to log on to with the Web Client application is the server ‘System’.
The information about the local user accounts, together with the files and folders of the users are stored on the Server Machine, this way local authentication and file/folder management will take place in the system formed of these components only: User, Client PC and Server Machine.
To log on to the SFTPPlus system with a global user account, a user connects to the system through the Web Admin component. Global users have aliases defined in their user account information, these aliases correspond to the user names defined locally on the server machines. Local user accounts with the same user name will be overriden by global user accounts. When someone logs on with a global user account, first it is verified if its connection data are valid according to the ones kept in the global storage space, and next, it is verified if the alias of the user corresponds to a valid local user account on the server to which it is desired to log on.
Maintainer account connection data and global system settings are also kept in the global storage space.
A user can only log on to a server, if this server is added to its user account and the corresponding permissions(SFTP, HTTP(S), FTP(S)) are enabled for both the user and the server and also to the user-server.
Maintainers¶
In case an administrator (maintainer) logs on to its Admin PC, from here it will be possible to access both the Server Machine and the Web administration Server Machine also, the latter providing the storage space for the global user accounts and global system data.
The Admin Software installed on the Admin PC is the SFTPPlus Web Admin component of the SFTPPlus application, having a user-friendly GUI available.
The maintainer has access to add/edit/delete user accounts and modify some system settings. All these functionalities will be presented in detail in the following chapters.
A more detailed diagram of the system is illustrated in Figure 2.:
Let’s consider Figure 2.
Figure 2
The users of the system in the diagram (John, Mary, Sam and Bruce) have access to any of the workstations in the office: Client PC A, Client PC B, Client PC C. In order to log on to any of these workstations, users must authenticate themselves by entering the username and password of their account.
The following group of components illustrates some examples of server machines in this system: Server Machine 1, Server Machine 2, Server Machine 3.
Any number of users can log on to any server machine, as the bidirectional arrows illustrate, if the necessary conditions hold (these conditions will be presented later).
The main components found on a server machine are the followings:
- One or more servers installed on it, with different local protocols (eg. FTP(S), SFTP).
- User data holding information about user accounts. When installing the SFTPPlus application, a default user account (with username: sftpplus) will be installed on each client PC, and this account will be associated to every server machine in order to allow connection in case a user does not have a user account.
- Storage space containing files / folders of users.
HTTP(S) servers are contained in the Web Admin component, users can connect to them directly from their PC.
The Web Admin component contains the authentication system for global user access. It also contains the Global Storage space holding files/folders of global users. This component also provides the connection with the Global Database holding log in information and data about global user accounts and maintainer accounts. This database can be on the same machine as the Web Admin and Server Machine, or it can be on a different one.
For a better understanding of the system, its components and its functionalities, a specific example will be described in the followings based on Figure 2.
User John wants to access PC1 with a local user account through any protocol. He enters his log on data (eg. username:John, password: john001) and since his user account is registered on PC1, the authentication will succeed.
If John wanted to access a server with FTP(S) protocol enabled, he could try to log on to PC2 or PC3 with a local user account, because these machines are the one that have FTP(S) protocol servers installed on them. Since he doesn’t have local user accounts registered on these computers, logging on to them will not be possible.
Another solution would be to log on with a global user account to one of these two computers. In this case, he would need a global user account registered on the global storage space.
We will assume now, that John is an IT Manager. He can go to the system administrator and ask for login data of a global user account, so using the it_manager global user account, for example, registered in the global storage space, he can now access these servers. If this global user account doesn’t have an alias that matches a local user account on the server he desires to log on to, then he can ask permission from the system administrator to use the ‘sftpplus’ user account for logging on, this default account being created on every server PC at installation.