Implement a Load-Balanced SFTP Cluster with SFTPPlus MFT
Modern enterprises rely on secure, scalable, and resilient file transfer systems to support business-critical workflows. With SFTPPlus MFT, you can create a robust, load-balanced SFTP server infrastructure that works on-premise or cloud-native, resilient, and easy to manage.
Architecture Overview
SFTPPlus MFT supports running on multiple VMs or containers, making it ideal for distributed or Kubernetes deployments. With a load balancer in front of the cluster, you can route SFTP traffic to any healthy node, ensuring fault tolerance and horizontal scalability.
Each VM will run a fully functional SFTP server. You can check all the advanced-file-processing configuration options in our SFTP service documentation page.
SFTPPlus MFT works seamlessly with any load balancer, including:
- 🧱 On-prem appliances: F5, Fortinet, Citrix NetScaler, ZScaler
- 👐 Open Source solutions: HAProxy, Traefik, Nginx
- ☁️ Cloud-native LB services: AWS Elastic Load Balancing (ELB), Azure Load Balancer, Google Cloud Load Balancing
You can use SFTPPlus MFT with your preferred operating system, including Windows Server, Linux or macOS.
You need to setup a TCP network load balancer. The application load balancer* are to be used only for HTTP based protocols and are not supported for SFTP.
Check the cluster documentation pages for a detailed description of all the available features.
Cluster Benefit
Let's break down the key technical advantages:
🔄 Configuration Sync:
- The primary VM handles all configuration (users, file paths, access policies, logs).
- Changes are automatically synchronized to all other VMs.
- No need for manual file sync or config management tools.
🏝 Stateless Operations:
- Each SFTPPlus MFT instance has a complete local copy of the config.
- Each instance will keep the logs in a local file.
- Any VM can process SFTP connections independently, even if the primary is offline or rebooting after an OS update.
✅ Fault Tolerance:
- If the primary VM fails, the load balancer continues routing traffic to healthy nodes.
- Each node keeps a full copy of the configuration and will continue to handle SFTP requests.
- Event after a reboot the EC2 instances will continue to work, including the case in which the primary VM is still unavailable.
📜 Auditing and Logging that tracks:
- Login attempts
- File upload/download events
- User activity
- Transfer errors
- Configuration management
These logs can be forwarded to external systems (SIEM, log aggregators) for centralized monitoring and compliance auditing (e.g., HIPAA, GDPR, SOX).
Advanced file processing
Once a file is uploaded or downloaded via SFTP, SFTPPlus MFT can trigger advanced file processing and routing rules.
Actions are triggered immediately on event-driven rules . These rules may include:
- transfer type: upload, download, rename or delete
- file name patterns (*.csv of *.pdf), with advanced regular expressions support
- directory location
- user or group membership of the SFTP client that requested the transfer
- time of the event
Once a file event is triggered, SFTPPlus MFT executes the associated automated transfer or processing action, such as:
- Move or copy the file to a processing folder
- Trigger a transfer to a remote server (SFTP, FTP, HTTP/S, SMB, or cloud storage)
- Run a script or external program for validation, transformation, or notification
- Archive or compress
- Encrypt or decrypt using PGP
- Send an email or webhook alert
You can chain these actions together into complete file processing workflows.
Example Setup in AWS
Here's what a basic SFTP cluster on AWS might look like:
- 🔹 3 EC2 instances running SFTPPlus MFT (1 primary, 2 secondary)
- 🔸 AWS Network Load Balancer (NLB) forwarding port 22, with a health check on the same port 22.
- 📁 SFTPPlus configuration is defined on the primary VM and automatically replicated across all nodes
- ☁️ Elastic IP pointing to the NLB
- 🪣 Files are stored in an S3 bucket
- 📜 Logs from each EC2 instance are processed using CloudWatch.
The SFTP clients will connect to an address like sftp.company.com:22 and the NLB will route traffic to any node based on health checks.
Final Thoughts
With SFTPPlus MFT and a load balancer:
✅ You get high availability and horizontal scalability ✅ Centralized management with automatic config sync ✅ Advanced SFTP server functionality like login message or ignoring request to set custom file permissions. ✅ Any node can serve clients independently ✅ It's cloud-ready, container-friendly, and works with your existing infrastructure
Whether you're using on-prem or AWS/Azure/GCP in the cloud, SFTPPlus MFT adapts to your architecture.
👉 Ready to modernize your SFTP infrastructure? Try a load-balanced SFTP cluster with SFTPPlus MFT today with full support from our dedicated SFTPPlus support team.