Local SFTP Server
A Local SFTP Server is a type of Endpoint that represents an SFTP server that the system hosts locally to enable secure file transfers. The Endpoint provides the essential infrastructure for accepting incoming SFTP connections and initiating file transfers through secure, configurable Pipelines. It functions as a virtual server that requires proper management for file transfer operations. Local SFTP Server Endpoints function exclusively as a Source in Pipelines.
Before You Begin
IP Address/Port
The IP Address/Port is the combination for the specific Local SFTP Server Endpoint, based on your setup (UDMG and network). The combination is provided to your partners so their Accounts can connect via a client to send files.
When creating an Endpoint, do not pick an IP Address/Port combination already associated with another Endpoint (across all Domains) or service. The system allows multiple Endpoints to be configured with identical IP Address/Port combinations; however, only one of those Endpoints (and thus Pipelines) can be active at one time. The following considerations apply:
- No Cross-Domain Validation: The system does not prevent duplicate IP Address/Port combinations within or across Domains.
- Manual Validation Required: After configuring an Endpoint, always use the Validate button to see if the IP Address/Port combination is already in use by another service (across all Domains). This action does not check if the IP/port can be specifically used by the Endpoint. See Validating the Configuration for more information.
Host Key
Each Local SFTP Server Endpoint requires a Private Key, the SSH Host Key of the server, to be associated with it. Only one key is allowed. The key establishes the server's identity. The Credential (Credential Type: Private Key) must first be created on the Credentials page before it is selected in the configuration. See the SFTP page for information regarding supported and default key types, ciphers, and algorithms.
Authentication Methods
The Authentication Method specifies how the Local SFTP Server authenticates incoming connections. The available options are:
- Password: Only password-based authentication is accepted.
- Public Key: Only SSH key-based authentication is accepted.
- Password or Public Key: Either password-based or SSH key-based authentication is accepted. This method gives your partners the most flexibility.
- Password and Public Key: Password-based and SSH key-based authentication is required. Use this method only when maximum security is needed and your partners support dual-authentication.
Adding an Endpoint
To add an Endpoint, follow these steps:
- From the Sidebar, select Configuration > Endpoints.
- Click the Add Endpoint button.
- Select the Local SFTP Server as the Endpoint Type.
- Complete the Name and Description details for the new Endpoint.
- Enter the IP Address and Port.
- Select the Authentication Method your partners will use to authenticate to the Local SFTP Server.
- Select the Public Key you created earlier from the Credentials Name (Host Key) dropdown.
- Optionally select ciphers and other algorithms, or use the default, using the table below as a guide.
- Choose whether the Endpoint should be enabled to auto-start or require manual restarting.
- Click Add.
- Validate the Endpoint to confirm the IP/Port combination is not being used by another service (across all Domains). See Validating the Configuration.
- Click Start to start the server. See Starting/Stopping/Restarting Endpoints.
UDMG allows creating identical Endpoints with unique names, but this practice is strongly discouraged due to potential downstream complications.
Field Descriptions
The following table describes the fields that are configured for the Endpoint:
| Name | Description | Specifications | Required |
|---|---|---|---|
| Endpoint Type | The type of Endpoint indicates the type of file transfer. Select: Local SFTP Server. | The type cannot be changed after creation. | Yes |
| Name | The name of the Endpoint. |
| Yes |
| Description | The description of the Endpoint. | No | |
| IP Address | The IP Address of the Local SFTP Server. | Must be in IPv4 format. | Yes |
| Port | The port number of the Local SFTP Server.
|
| Yes |
| Authentication Method | The Authentication Method that Accounts use to authenticate and log in to the Local SFTP Server. Options:
| Default is Password. | Yes |
| Credentials Name (Host Key) | The name of the Private Key that is used as the server's SSH host private key. | Must reference an already created Private Key. | Yes |
| Key Exchange Algorithms | The allowed key exchange algorithms. Options (multi-select):
| Defaulted to:
| No |
| Ciphers | The allowed ciphers. Options (multi-select):
| Defaulted to:
| No |
| MACs | The allowed Message Authentication Codes (MACs). Options (multi-select):
| Defaulted to:
| No |
| Max Number of Concurrent Connections | The maximum number of concurrent connections the server allows. If a maximum value is set, the server rejects new transfers once the limit is reached. | Default = 0, which means unlimited. | No |
| Auto-Start Endpoint | Endpoint's auto-start status. | Default value: Enabled. | Yes |
Editing an Endpoint
To edit an Endpoint, follow these steps:
- From the Sidebar, select Configuration > Endpoint.
- Click the Endpoint Name you want to edit.
- Click the Stop button above the Endpoint details. As noted above, configuration changes only take effect following an Endpoint restart or stop/start cycle.
- Click the Edit button above the Endpoint details.
- Edit details for the Endpoint, using the Field Descriptions table as a guide.
- Click Update.
- Click Restart or Stop/Start.
Configuration changes remain inactive until the Local SFTP Server Endpoint is restarted and the Account disconnects/reconnects to its client.
After changes are made, restart the Endpoint to apply the changes. All active connections are terminated.
Managing an Endpoint
The Local SFTP Server Endpoint has multiple management capabilities that allow you to manage and validate the Endpoint.
Viewing Endpoint Details
To view the details of an Endpoint, follow these steps:
- From the Sidebar, select Configuration > Endpoint.
- Click the Endpoint Name you want to view.
Endpoint details include all parameters given in the Field Descriptions table, plus the following read-only metadata:
Endpoint Metadata
| Name | Description |
|---|---|
| UUID | Universally Unique Identifier of this Endpoint. |
| Version | Version number of the configuration. Every change increases the number.. |
| Created | Date and time this Endpoint was created. |
| Updated | Date and time this Endpoint was last updated. |
| Test Status | Status of the Validate Endpoint configuration test. Options:
|
| Runtime Status | The status of the server Endpoint. Options:
|
| Active Sessions | The number of active sessions or connections opened with the Endpoint (i.e., Accounts connected to the Endpoint). |
Validating the Configuration
The configuration can be validated to confirm if the Local SFTP Server Endpoint's IP Address/Port combination is used by another service (across all Domains). It is important to note that, even if a port is not being used elsewhere in UDMG, it is not necessarily available.
Port 22 is the standard and most common port for SFTP file transfers. Avoid using:
- Ports already taken by other Endpoints.
- Ports
1344,111, and81. - UDMG Server ports (most likely
7070/7071,8080/8081,4222/6222) . - Ports blocked by your IT controls.
To validate the configuration, stop the Endpoint first (click the Stop button) and then click the Validate button. One of the following messages appears:
- Error/Fail: 'Endpoint test has failed. The port #### on address #.#.#.# is already in use.'
-
If validation fails, then the IP Address/Port is not available and should not be used. You must review and modify the IP Address/Port combination.
infoIf the Endpoint's Runtime Status is Running, then the validation test will fail because the IP Address/Port is being used by that Endpoint.
-
- Pass: 'Endpoint has passed the test.'
-
If validation passes, the IP Address/Port is not currently being used by another service.
infoThe test does not confirm if the IP Address/Port can be used by the Endpoint. The IP Address/Port must be available based on your network IT controls, such as firewalls.
-
Starting/Stopping/Restarting Endpoints
Local SFTP Server Endpoints function as virtual servers that require proper management for file transfer operations. After initial creation, these Endpoints must be activated before they can process transfers. Endpoints can be initiated through one method:
- Manual Start: Click the Start button on the Details page.
Additionally, configuration changes only take effect following an Endpoint restart or stop/start cycle. Once the Endpoint is running, three control actions are available from the Details page:
- Start: Launches the Endpoint connection when currently stopped.
- Stop: Initiates the shutdown of the Endpoint. New connections are not allowed, while the pending sessions remain until they are disconnected. The number of connected client can be followed with the Active Sessions info field.
- Restart: Executes a complete stop/start sequence to apply configuration changes.
After the initial server creation and initiation, the Endpoint has a Runtime Status indicator that shows the real-time operational state of the server. The current status determines which management actions can be performed. The current state (Runtime Status) of each Local SFTP Server Endpoint is displayed in the Endpoint Record Table and Details page with the following statuses:
- Running: Server is operational and processing connections.
- Stopped: Server is not running. Especially after a Stop request, it is possible that sessions remain until they disconnect. This can be followed with the Active Session field in the Endpoints page.
- Error: listen tcp 0.0.0.0:2041: bind: address already in use: Server's IP/Port is in use on another Endpoint (across all Domains).
Auto-Starting Endpoints
Local SFTP Server Endpoints can be configured for auto-start functionality, allowing them to launch automatically if the UDMG server is stopped after initial creation or upon startup of the UDMG server. This setting is established during Endpoint creation and can be modified later.
- Enabled: The Endpoint automatically starts without manual intervention after the UDMG server is stopped (Auto-start active).
- Disabled: The Endpoint remains inactive until manually started after the UDMG server is stopped (Auto-start inactive).
To set an to auto-start, follow these steps:
- From the Sidebar, select Configuration > Endpoints.
- Click the Endpoint Name of the Endpoint you want to update.
- Click Edit.
- If the Endpoint is currently auto-started, you can remove the auto-start feature by moving the toggle to the left.
- Click Update.
The Auto-Start Endpoint status is reflected as the Enabled field on the Details page.
Deleting an Endpoint
To delete an Endpoint, follow these steps:
- From the Sidebar, select Configuration > Endpoints.
- Click the Endpoint Name of the Endpoint you want to delete.
- Click the Delete button above the Endpoint details.
- You will be asked to confirm the deletion. Click Delete.
UDMG prevents the deletion of a Configuration Item if it is currently referenced by another Configuration Item (i.e., Pipeline). The Configuration Item must be edited or the reference removed before you can delete the Endpoint. Deletion cannot be undone.