Local SFTP Transfers
The Local SFTP Server to Local Filesystem Pipeline is a standard SFTP transfer scenario where UDMG acts as a server, accepting inbound connections from external clients and storing received files in a local directory.
To configure this Pipeline, you must specify:
- A Local SFTP Server Endpoint to receive incoming SFTP transfers.
- A Local Filesystem Endpoint as the storage destination.
- Pipeline specific configurations.
After creation, the Pipeline must be assigned to at least one Account Group to grant access to the Accounts associated with that group.
Unlike Pipelines where UDMG acts as the client, transfers in this Pipeline type are automatically triggered by the UDMG Server when an external client uploads, modifies, deletes, or downloads a file via SFTP.
Before You Begin
Account Authentication
Remote clients connecting to a Local SFTP Server Endpoint are authenticated using Accounts, each of which defines a unique set of credentials authorized to access one or more Pipelines. These Accounts can be created internally within UDMG or can be provisioned by an LDAP provider (see Authentication).
For authentication to succeed:
- The client must connect using credentials that match a configured Account.
- The Account must belong to an Account Group.
- The Account Group must be assigned to the Pipeline that will receive the transfer.
This layered approach ensures:
- Only clients with valid, known credentials can access the Local SFTP Server.
- Access is restricted to the Pipelines explicitly linked to the client's Account Group.
- Credentials are managed centrally via Account Groups, decoupled from individual Pipelines.
For detailed instructions on this topic, refer to the Accounts and Account Groups.
Virtual Path
The Virtual Path defines the directory structure that an Account sees when it connects to a Local SFTP Server Endpoint. It acts as a virtualized view of the underlying file system, similarly to the “This PC:” view in Windows environments.
Under the hood, the UDMG uses a virtual file system to map each Virtual Path to a real directory on the UDMG server. This abstraction allows administrators to present logical, user-friendly directory structures without exposing the physical layout of the server's filesystem.
The permissions are assigned to the Virtual Paths, controlling access for Accounts.
Virtual Paths examples:
/input/processing/customer-uploads
The Virtual Path gives the possibility of reusing an Endpoint and its already defined file system with a new Virtual Path. Special permissions can be added to this Virtual Path, such as read-only.
Relative Path
The Relative Path is appended to the Root File Path to form a complete directory path. Without a Relative Path, logged-in Accounts would see the Root Path's contents. UDMG allows dynamic Relative Paths using variables. The Variables are allowed in the Relative Path and are expanded at runtime (when the transfer is starting or when a SFTP command is executed).
This allows you to set a common Relative Path folder name for multiple Accounts, which are redirected to a private local directory.
Relative Path Variables
| Variable | Description | Category |
|---|---|---|
${SESSION_UUID} | The unique UUID of the current session. | Session |
${DOMAIN_ID} | The numeric ID of the Domain associated with the session. | Domain |
${DOMAIN_UUID} | The UUID of the Domain associated with the session. | Domain |
${DOMAIN_NAME} | The name of the Domain associated with the session. | Domain |
${ENDPOINT_NAME} | The name of the Endpoint associated with the session. | Endpoint |
${ACCOUNT_ID} | The numeric ID of the Account for the session. | Account |
${ACCOUNT_NAME} | The login name of the Account for the session. | Account |
${YYYY} | The current year with four digits (e.g., 2024). | Date/Time |
${MM} | The current month with two digits (e.g., 09). | Date/Time |
${DD} | The current day of the month with two digits (e.g., 12). | Date/Time |
Example Relative Paths
/${ACCOUNT_ID}/Input/${YYYY}/Processing/RelativePath
Permissions
The file and folder level permissions Accounts can perform associated with the Relative Path. The permissions are set for the Local Filesystem Endpoint within a Pipeline.
- Download/Read File
- Must also include List File permission
- Upload/Write File
- Must also include List File permission
- Overwrite File
- Only applies to uploads
- Delete File
- List File
- Make Directory
- Remove Directory
- Rename File
Universal Event
UDMG seamlessly integrates with UAC to automate the entire business workflow, ensuring that file transfers become part of a comprehensive, orchestrated process rather than isolated data movements. One way to integrate UDMG into UAC is to enable the UAC Universal Event within a Pipeline. When enabled, a UAC Universal Event is generated each time a file transfer action occurs through the Pipeline on the UDMG Server. This event is used to trigger a Universal Monitor Task for file processing or further actions concerning this transfer within UAC.
The event is published at the end of a receiving file transfer for both successful and failed transfers. For failed transfers, error details can be added to the event attributes.
For the UAC Universal Event to work, the integration with UAC must be also be enabled within the Pipeline and configured within the Configuration File.
Adding a Pipeline
To add a Pipeline, follow these steps:
- From the Sidebar, select Configuration > Pipelines.
- Click Add Pipeline.
- Complete the Name and Description for the new Pipeline.
- Select the Source Endpoint with a Local SFTP Server Endpoint type and fill out the dynamic fields.
- Select the Destination Endpoint with a Local Filesystem Endpoint type and fill out the dynamic fields.
- Click Add.
UDMG does not allow for the creation of identical Pipelines with unique names. The Pipeline must pass the Source Endpoint + Destination Endpoint + Endpoint-specific Configuration + Virtual Path uniqueness check. See Pipelines for more information on Pipeline validation checks.
Field Descriptions
The following table describes the fields that display in the Pipeline Details:
| Name | Description | Specifications | Required |
|---|---|---|---|
| Name | Name of the Pipeline. info Using a descriptive name makes the association of Pipelines to Account Groups easier. |
| Yes |
| Description | Description for the Pipeline. | No | |
| Source Endpoint | The Source Endpoint is where files are retrieved, originated, or come from. Allowable Source Endpoints are based on the available Pipeline combinations. |
| Yes |
| Destination Endpoint | The Destination Endpoint is where files are delivered to or sent. Allowable Destination Endpoints are based on the available Pipeline combinations. |
| Yes |
| Virtual Path | The path that is the directory structure visible to an Account upon login, but it doesn't directly correspond to the physical filesystem structure. info Modifying this path after initial setup will impact associated Accounts. | Format: / | Yes |
| Relative Path | The path appended to the Root File Path (set on the Endpoint page) to form a complete directory path. info Modifying this path after initial setup will impact associated Accounts. | Format: can start with a | Yes |
| Permissions | The file and folder level permissions associated with the Relative Path. Options:
|
| Yes |
| Universal Event | When enabled, a UAC Universal Event is generated based on the Pipeline configuration. | Defaulted to Disabled. | Yes |
Editing a Pipeline
To edit a Pipeline, follow these steps:
- From the Sidebar, select Configuration > Pipelines.
- Click the Name of the Pipeline you want to edit.
- Click the Edit button above the Pipeline details.
- Edit details for the Pipeline.
- The Source Endpoint and Destination Endpoint cannot be changed after creation.
- Click Update.
Upon Pipeline update, UDMG checks for Endpoint Source + Endpoint Destination + Configuration + Virtual Path uniqueness, as well as Endpoint Destination + Virtual Path uniqueness across all Pipelines already associated with Account Groups and Accounts.
Pipeline changes are reflected immediately only for new connections. Ongoing client sessions are not affected until they reconnect.
Managing a Pipeline
All Pipelines support the ability to view the complete Pipeline and linked Endpoint details, including Account Group information.
Viewing Pipeline Details
To view the details of a Pipeline, follow these steps:
- From the Sidebar, select Configuration > Pipelines.
- Click the Name of the Pipeline you want to view.
- Click the Overview Tab or Account Groups Tab to see additional Pipeline, Endpoint, and Account Group details.
Pipeline details include all parameters given in the Field Descriptions table, plus the following read-only metadata:
Pipeline Metadata
| Name | Description |
|---|---|
| UUID | Universally Unique Identifier of this Pipeline. |
| Version | Version number of the configuration. Every change increases the number. |
| Enabled | Pipeline's Enabled status. If enabled, field is set to True. |
| Created | Date and time this Pipeline was created. |
| Updated | Date and time this Pipeline was last updated. |
Enabling and Disabling Pipelines
Pipelines can be Enabled or Disabled to control their active status and ability to participate in file transfers. The status is defaulted to Enabled and can be changed after creation. The Configuration Item's Disabled status does not impact if it can be configured. Also, Disabled Endpoints can be added to a Pipeline and a Disabled Pipeline can be associated with an Account Group.
- Enabled (default): The Pipeline is active and allows file transfers.
- Disabled: The Pipeline is inactive and does not allow file transfers.
To enable or disable a Pipeline, follow these steps:
- From the Sidebar, select Configuration > Pipelines.
- Click the Name of the Pipeline you want to enable or disable.
- Click the Enable or Disable button above the Pipeline details.
- If the Pipeline is Disabled, then the button displays Enabled. If the Pipeline is Enabled, then the button displays Disabled.
- Click Update.
Pipeline changes to the Enabled/Disabled status are reflected immediately only for new connections. Ongoing client sessions are not affected until they reconnect.
Deleting a Pipeline
To delete a Pipeline, follow these steps:
- From the Sidebar, select Configuration > Pipelines.
- Click the Name of the Pipeline you want to delete.
- Click the Delete button above the Pipeline details.
- You will be asked to confirm the deletion. Click Delete.
UDMG prevents the deletion of a Configuration Item if it is currently referenced by another Configuration Item (i.e., Account Group). The Configuration Item must be edited or the reference removed before you can delete the Pipeline. Deletion cannot be undone.
Monitoring a Pipeline
To monitor and determine the status of a Pipeline, the Transfers page and Endpoints page must be monitored to track incoming Transfers and the Source and Destination Endpoints' individual statuses, respectively. If an Endpoint (Local SFTP Server) goes down (Endpoint Status <> Running), then all of the associated Pipelines, Account Groups, and Accounts are impacted.
On the Transfers page, the following fields indicate the type of Local Transfer.
- Is Schedule: If No, then the Transfer was a Local Transfer.
- Is Send:
- If No, then the Account uploaded a file to UDMG
- If Yes, then the Account downloaded a file from UDMG.