SunLife - Azure SFTP Design and Setup

Objective

This document provides a detailed overview of the Adeptia-managed Sun Life SFTP setup, including its design, configuration, and key operational information.

Azure SFTP Design and Setup

• Blob storage now supports the SSH File Transfer Protocol (SFTP). This allows for secure connections to Blob Storage using an SFTP client, enabling file access, transfer, and management via SFTP.

• Azure facilitates secure data transfer to Blob Storage accounts using the Azure Blob service REST API, Azure SDKs, and tools such as AzCopy.

• SFTP support requires enabling a hierarchical namespace. This namespace organizes files into a hierarchy of directories and subdirectories, similar to a traditional file system, scaling linearly without compromising data capacity or performance.

Open

SFTP Permission Model

SFTP clients are authorized through local users rather than Microsoft Entra identities. Local users authenticate using either a password or an SSH private key credential, with a maximum of 2000 local users per storage account.

To set access permissions:

1. Create a local user and choose authentication methods.

2. Specify the level of access for each container.

Sun Life SFTP Authentication

Sun Life uses SSH private key credentials for authentication. These keys are stored securely in MyGlue under the Sun Life folder.

Container Permissions

• Set container-level permissions by specifying which containers to grant access to and the level of access (Read, Write, List, Delete, Create, Modify Ownership, and Modify Permissions).

• Permissions apply to all directories and subdirectories within the container.

• Each local user can access up to 100 containers. Container permissions can be updated after creating a local user.

Home Directory

• While configuring permissions, set a home directory for the local user. If no other container is specified in an SFTP connection request, the user connects to the home directory by default.

Open

Containers

Containers are created for each environment:

• sunlife-dev-ftp

• sunlife-qa-ftp

• sunlife-prod-ftp

Access / Permissions

Three local users are created corresponding to each environment:

• devftpuser

• qaftpuser

• prodftpuser

Authentication method: SSH Key pair. Each user's landing directory corresponds to the containers created above.

Notes

• Confidentiality of SSH Keys:
  The private SSH key must never be shared with clients under any circumstances.

• Key Pair Generation:
  A public key can be generated using the private key.

• Server Configuration:
  The FTP server contains a file that requires updating to include the SSH public key. Users can connect to the FTP server utilizing the private key.

Design Diagram

Connectivity to AC Cloud

Both Sun Life and Adeptia SFTP servers are mapped as source and target in the Adeptia application using SSH keys.

Checking Mappings

1. Login to any environment (Dev, QA, or Production).

2. Navigate to Configure → Source or Target → FTP Source/Target.

3. Open any entry to view details.

SSH Key Management

SSH keys are stored in the Key Manager. Access them by:

1. Logging into any environment (Dev, QA, or Production).

2. Navigating to Configure → Security → Key Manager.

Public and Private Keys:
These keys are securely stored in MyGlue under a document named “FTP_SSH_Keys”.

Adeptia and Customer Points of Contact