UDMG as Server (Local SFTP with Accounts)

This tutorial provides a step-by-step walkthrough for configuring UDMG after installation. It focuses on a common transfer scenario, where UDMG acts as the Server. The steps below walk you through the high-level process of configuring the standard UDMG Pipeline, enabling you to initiate file transfers with your partners.

Prerequisites

Before beginning this tutorial, ensure the following:

• You have completed the installation of all UDMG components:
  • UDMG Server Installation
  • UDMG Admin UI Installation
• You can access the UDMG Admin UI using the credentials created during the UDMG Server installation:
  • Username: udmg.sys-admin
  • Password: udmg.sys-admin_password
  • Domain: primary
  danger

  Be sure to change the password for the default System Admin so that unauthorized Users cannot log in as an Admin. Do not lose your new password. The default System Admin User cannot be restored if the password is lost.

• You are familiar with the UDMG Configuration Items.

Key Steps

This is a basic outline of the steps you need to take to begin file transfers:

• Add your Credentials.
• Establish your Endpoints.
• Configure and customize your Pipeline.
• Set up your Account Groups and associate Pipelines.
• Create your Accounts and associate your Account Groups.

Detailed instructions for each step are given below.

Scenario: UDMG acting as a Server - Local SFTP File Transfers

This scenario covers setting up and completing a standard configuration for Local SFTP file transfers with Accounts (standard authentication). Accounts will be able to connect to a Local SFTP Server, then upload files to an input folder and download files from an output folder.

Authentication

Step 1: Add Two Keys

This configuration tutorial requires two keys:

• Private Key: The Private Key is used as the Local SFTP Server's SSH Host Key to establish the server's identity.
• Public Key: The Public Key is used by Accounts (your partners) to authenticate with the Local SFTP Server if key authentication is required. The connecting partner maintains their own SSH key pair and shares their Public Key with you.

To add the Private Key, follow these steps:

1. From the Sidebar, click Configuration > Credentials.
2. Click Add Credential.
3. Select Private Key as the Credential Type.
4. Complete the required fields.
5. Click Add.

To add the Public Key, follow these steps:

1. From the Sidebar, click Configuration > Credentials.
2. Click Add Credential.
3. Select Public Key as the Credential Type.
4. Complete the required fields.
5. Click Add.

See Credentials for more information.

Configuration Items

Once the required keys have been added, you can begin defining the Configuration Items.

These Configuration Items provide abstraction layers that enable you to create powerful Pipelines for highly flexible file transfer setups. While more complex configurations are possible, the following steps will walk you through a simple yet secure and commonly used configuration.

Step 2: Add Endpoints

An Endpoint is a specific transfer protocol or storage location used to send or receive files within the data transfer process. Two Endpoints are required for this scenario: a Local SFTP Server and a Local Filesystem Endpoint.

To add the Local SFTP Server Endpoint, follow these steps:

1. From the Sidebar, click Configuration > Endpoints.
2. Click Add Endpoint.
3. Select the Local SFTP Server as the Endpoint Type.
4. Add a unique Name, such as LocalSFTP_Server1, for the new Endpoint.
5. Specify an unused IP Address and Port combination, such as 0.0.0.0 and port 22, or a specific IP if multi-homed or alternate port if port 22 is already in use.
6. Set the Authentication Method to Password or Public Key.
7. Select the Private Key you created earlier from the Credentials Name dropdown.
8. Maintain default security algorithms.
9. Click Add.
10. Click the Validate button above the Details to confirm the IP/port combination is not being used by another service (across all Domains). If the validation fails, select a new IP/Port combination using the Edit button.
11. Click the Start button above the Details. The *Runtime Status should display Running.

To add the Local Filesystem Endpoint, follow these steps:

1. From the Sidebar, click Configuration > Endpoints.
2. Click Add Endpoint.
3. Select the Local Filesystem as the Endpoint Type.
4. Add a unique Name, such as Local_FS1, for the new Endpoint.
5. Specify a Root File Path, such as /data. The Root File Path is the root directory relative to UDMG's home directory (workDirectoryPath). It is used in configuring the full path.
6. Specify a Temporary Path, such as /tmp1.
7. Click Add.

Step 3: Add Pipelines

A Pipeline defines and orchestrates a path for files to move between two Endpoints. It allows for flexible, repeatable, and customizable configurations/setups. A Pipeline includes a source and a destination.

To add the Upload Pipeline, follow these steps:

1. From the Sidebar, click Configuration > Pipelines.
2. Click Add Pipeline.
3. Add a unique Name, such as MainAccounts_Input, for the new Pipeline.
4. Select the Source Endpoint as LocalSFTP_Server from earlier.
5. Select the Destination Endpoint as Local_FS1 from earlier.
   • Specify the Virtual Path, such as /input.
   • Specify the Relative Path, such as /${ACCOUNT_NAME}/input.
   • Set the Permissions to Upload/Write File and List File.
   • If your connection with UAC is set up, enable Universal Event.
6. Click Add.

To add the Download Pipeline, follow these steps:

1. From the Sidebar, click Configuration > Pipelines.
2. Click Add Pipeline.
3. Add a unique Name, such as MainAccounts_Output, for the new Pipeline.
4. Select the Source Endpoint as LocalSFTP_Server from earlier.
5. Select the Destination Endpoint as Local_FS1 from earlier.
   • Specify the Virtual Path, such as /output.
   • Specify the Relative Path, such as /${ACCOUNT_NAME}/output.
   • Set the Permissions to Download/Read File and List File.
   • If your connection with UAC is set up, enable Universal Event.
6. Click Add.

Step 4: Add Account Groups

An Account Group is a grouping of Pipelines that are then associated with an Account to enable file transfers. The groups can be organized by similar permissions or transfers, or based on the needs of a specific type of Account.

To add an Account Group, follow these steps:

1. From the Sidebar, click Configuration > Account Groups.
2. Click Add Account Group.
3. Add a unique Name, such as MainAG_InputOutput, for the new Account Group.
4. Click Add.
5. Click Pipeline Assignments.
6. Drag the MainAccounts_Input and MainAccounts_Output Pipeline "cards" from the Available Pipelines column on the left to the Assigned Pipelines on the right. If there were a validation error, the conflicting Pipeline "card" would be disabled.
7. Click Update.

Step 5: Add Account

An Account represents the entity and configuration (i.e., login and authentication credentials) that enable your partners (such as customers, vendors, organizations, departments, internal/external users, or automated systems) to exchange files with you and your business ecosystem.

To add an Account, follow these steps:

1. From the Sidebar, click Configuration > Accounts.
2. Click Add Account.
3. Add a unique Name, such as Account_Supplier1, for the new Account.
4. Add a unique Username, such as Account_Supplier1. The Username is used to authenticate the Account to the Local SFTP Server.
5. Add the Password following the Global Password Policy.
6. Select the Account Group MainAG_InputOutput from earlier.
7. If you require Public Key authentication, select the Public Key you created earlier from the Credentials dropdown. A Public Key is technically not required if the Local SFTP Server Endpoint's Authentication Method is Password or Public Key.
8. Click Add.

Deployment Complete

At this point, your UDMG Server is fully configured and ready to operate:

1. The Local SFTP Server listens for inbound connections on the configured Endpoint's port.
2. Upon receiving a connection, the Local SFTP Server authenticates the client using the Account's Username and Credentials (Password and/or Public Key).
3. If authenticated, the client can begin transferring files.

info

For more information on configuration options and advanced settings, refer to the corresponding documentation sections.