SFTP Server Connector
SFTP Server Connector
Each SFTP Server Connector defines a unique client profile that can be used to authenticate to the ArcESB SFTP Server.
The Arc SFTP Server is primarily configured in the application’s Profile page. Once the SFTP Server is configured, an SFTP Server Connector should be created for each user that should have access to the server. The SFTP Server Connector defines a user’s credentials (Username, Password and/or Public Key) and provides a unique home directory on the server.
Each user’s home directory contains a ‘Send’ folder, where clients can download files, and a ‘Receive’ folder, where clients can upload files. These folders can be renamed in the Advanced section of the SFTP Server Connector configuration panel. SFTP clients are not given permissions to the root of the SFTP Server, meaning that SFTP clients should always cd into the ‘Send’ (to download) or ‘Receive’ (to upload) directories after connecting.
The SFTP Server also supports Windows/AD authentication; more details can be found in the Windows Authentication section.
The SFTP Server Profile must be configured before connections can be established with individual SFTP Server connectors.
SFTP Server Tab
Server implementation settings.
- Port The port on which the SFTP Server will listen for incoming connections.
- Server Certificate The certificate that identifies the server.
- Certificate Password The password required to access the Server Certificate.
- Login Banner The banner to be presented to SFTP clients when connecting to the server.
- Root Directory The root directory for the server. Subfolders will be created within the root for individual client profiles (i.e. for each configured SFTP Server connector). Each client profile includes a Send Folder, where clients can download files from the server, and a Receive Folder, where clients can upload files to the server.
- Allowed Files Filter A glob pattern that determines which files will be accepted by the SFTP server. Multiple patterns can be specified in a comma-delimited list (e.g. *.x12,*.edi), and negative patterns can be specified to exclude certain file patterns (e.g. -*.txt).
- Use Windows Authentication If enabled, Windows/AD authentication is used in place of individual SFTP Server connectors. Please see the Windows Authentication section for more information.
Settings related to server logging.
- Enable Server Log Whether to maintain server-side logs for incoming SFTP connections.
- Log Level The verbosity of logs generated by the connector. When requesting support, it is recommended to set this value to Debug.
- Rotate Log Files The number of days that the server should maintain a logfile before a new file is started.
- Delete Log Files The number of days that the server should maintain logs before the logfile is deleted.
After the SFTP Server Profile has been configured, SFTP Server connectors can be created in the Flows page and configured for a specific trading partner.
Credentials for authenticating to the local SFTP server.
- Connector Id The static name of the connector. All connector-specific files are held in a folder by the same name within the Data Directory.
- Connector Description An optional field to provide free-form description of the connector and its role in the flow.
- User The username credential for logging in to the local SFTP server.
- Authentication Mode The type of authentication to use with the SFTP server.
- Password The password credential for logging in to the SFTP server.
- Public Key The public key certificate corresponding to the private certificate the client will use during public key authentication.
Settings related to the read/write permissions the configured client has for the Send and Receive folders.
- Send Directory Permissions Whether the client should have read/write permissions for the Send directory, where files should be downloaded.
- Receive Directory Permissions Whether the client should have read/write permissions for the Receive directory, where files should be uploaded.
Settings related to the folders where clients will upload and download files.
- Send Folder Files placed in the Send folder are available to be downloaded by clients.
- Receive Folder Files uploaded by the client should be placed in the Receive folder. Files will remain in the Receive folder or be passed along to the next connected connector in the flow.
Settings not included in the previous categories.
- Move File After Send Whether files in the Send folder should be moved to the Sent folder after they are downloaded by the client.
- Log Level The verbosity of logs generated by the connector. When requesting support, it is recommended to set this to Debug.
- Parent Connector The connector from which settings should be inherited, unless explicitly overwritten within the existing connector configuration. Must be set to a connector of the same type as the current connector.
- Temp Receive Extensions Files with a matching extension are not recorded in the Receive table and do not fire the After Receive event until after they are renamed. Specified as a comma-delimited list of extensions.
- Allowed Files Filter A glob pattern that determines what files can be uploaded to directories for this user. Overrides the setting of the same name in the SFTP Profile page when specifying filters per-user is required. Multiple patterns can be specified in a comma-delimited list (e.g. *.x12,*.edi), and negative patterns can be specified to exclude certain file patterns (e.g. -*.txt).
- Timeout The duration the server will wait for a connection response before throwing a timeout error.
Log Subfolder Scheme By default, logs for transactions processed by the connector will be stored in the Logs subfolder for the connector. For connectors that process many transactions, it may be desirable to further divide the logs based on the datetime they were generated. When this setting is set to Daily, logs generated on the same day will be grouped in a subfolder;; when this setting is set to Weekly, logs generated in the same week will be grouped in a subfolder; and so on.
- Log Messages Whether the log entry for a processed file will include a copy of the file itself.
- Save to Sent Folder Whether files processed by the connector should be copied to the Sent folder for the connector.
Establishing a Connection
Each configured SFTP Server connector represents a single trading partner’s connection parameters. The trading partner should connect to the SFTP server using the server settings from the Profile page (port, server certificate, etc) and the authentication settings in the dedicated SFTP Server connector (User, Password).
Each trading partner has a separate pair of Send and Receive directories that are subfolders of the root. The partner should download files from the Send folder and upload files to the Receive folder. The client is not permitted to upload or download files from the root.
When Windows Authentication is enabled in the SFTP Server Profile tab, individual SFTP Server connectors are not required to grant login access to the SFTP Server. Instead, the Windows Security Group that should be granted access to the server is specified within the SFTP Server profile.
When using Windows Authentication, the Root Directory profile setting supports the %User% and %Domain% macros to establish separate root directories for separate users within the security group. When using Windows Authentication, users are permitted to upload/download files in the root directory (note that this is not true when using SFTP Server connectors for authentication).
Once files are uploaded to the user-specific folder, they can be entered into the Arc flow using file operations within a Script connector, or by setting the Send/Input Folder for a connector to the user-specific folder where files will be uploaded.