Administration and Management

Configuration

Configuration is done using a plain text file and / or a web browser graphical configuration tool using JSON-RPC API.

A single server instance can be configured to provide an arbitrary number of file transfer services, each listening on a different port and providing access for the same user base, but via different file transfer protocols.

The graphical configuration and administration tool provides a clear view of all changes made in a session and allows for review of all configuration changes before they are saved.

Since the graphical configuration tool is web based, it can be used for remote configuration of headless systems. For security reasons, the default configuration is set for only local network interfaces, but this can be changed to allow remote connections to the administration tool.

SSH keys and X.509 SSL certificates

When configuring the SFTP servers, you can use a public or private SSH key in any of the popular formats, including OpenSSH, Putty (generated by puttyen), SSH.com (Tectia) or GNU LSH.

Together with X.509 SSL certificates they can be managed as files on the local file system.

Generation or conversion between different formats can be done from the command line or from the web-based management interface.

Authentication and Account Management

Accounts can be authenticated based on the operating system accounts (including support for Active Directory, Centrify, NIS, and more) or from an application specific accounts database.

Support is provided for credentials based on:

  • Username and password from local operating system
  • Username and password from Domain Controller (on Windows)
  • Username and password from application specific database
  • Username and SSH public / private keys
  • Username and SSL certificate

Accounts can be associated with groups to simplify and consolidate management of a large set of users with similar configurations.

For SSL certificate authentication, the X.509 certificate standard is used which can be purchased from any Certificate Authority (VeriSign, Thawte, Geotrust, Comodo, GlobalSign, GoDaddy) or can be generated in-house.

Accounts can be locked inside home folders (chroot) or have full access to the whole operating system's filesystem.

Audit Trail

Audit and logging functionalities are central to the SFTPPlus Server structure.

All actions are recorded using structured logging inside a detailed audit trail.

Logs can are persisted as:

  • Local plain text log file (with automatic rotation or external rotation)
  • SysLog
  • Windows EventLog
  • MySQL Database over TCP/IP
  • Local SQLite3 database file
  • HTTP POST request

The audit trail can be viewed / filtered / searched using the graphical administration tool.

Deployment Automation and Configuration Management

SFTPPlus was designed from the start to integrate with CloudOps, ITOps, or DevOps tools to facilitate its deployment and configuration management.

The main process can be integrated with process control systems provided by the operating system or 3rd party vendors.

On Windows, Linux, or Unix systems the product can be installed in non-interactive mode. Together with the .INI plain text configuration file, it is easy to integrate SFTPPlus with any IT automation tool.