Azure Blob Storage now supports the SSH File Transfer Protocol (SFTP), allowing customers to use SFTP for file access, transfer, and management on the object storage service. The new option is generally available and simplifies the migration to the cloud of legacy applications and enterprise workloads.
Enabling an SFTP endpoint provides a new interface to access data on Azure Blob Storage: administrators can set up local user identities for authentication - using passwords or SSH key pairs - and connect with an SFTP client via port 22. The cloud provider explains:
Prior to the release of this feature, if you wanted to use SFTP to transfer data to Azure Blob Storage you would have to either purchase a third party product or orchestrate your own solution. For custom solutions, you would have to create virtual machines (VMs) in Azure to host an SFTP server, and then update, patch, manage, scale, and maintain a complex architecture.
Source: https://learn.microsoft.com/en-us/azure/storage/blobs/secure-file-transfer-protocol-support
A common solution in the past was to deploy an SFTP service by leveraging an Azure Container Instance (ACI) powered by Azure File Shares, as documented by Charbel Nemnom, a senior cloud architect at itnetX.
Yash Lunagaria, product manager at Azure, writes:
The addition of SFTP to Azure Blob Storage, our object storage platform, expands on our vision of multi-protocol access and enables you to run your SFTP workloads with minimal management effort and low infrastructure costs. SFTP support, combined with protocol support for NFS 3.0, Blob REST, and Azure Data Lake Storage, helps customers migrate their applications without any changes.
Henri Hietala, Azure Architect at Mallow, tweets:
It would have been nice to have this 10 years ago but it's never too late since there are still quite a lot of enterprise integrations relying on SFTP.
As Azure Blob Storage scales linearly until it reaches the account egress and ingress limit, the cloud provider suggests using concurrent connections to increase throughput, and choosing premium block blob storage accounts for consistent low-latency and high transaction rates. To reduce the impact of network latency, Azure recommends increasing the default message size and making requests from the same region.
Azure is not the only cloud provider offering an SFTP option to access object storage, with Amazon providing AWS Transfer for SFTP, a managed SFTP Service for Amazon S3.
Enabling the SFTP endpoint on Azure Blob Storage costs $0.30 per hour, on top of the transaction, storage, and networking costs for the underlying object storage. The pricing structure, similar to the one of AWS Transfer Family, raised concerns on Reddit. User Riceman-Chris writes:
That's disappointingly expensive. I was hoping to use this for some basic/legacy SFTP requirements, but not at that cost. Also, the auto generated password is annoying. Looks like I might go the Couchdrop route.
SFTP support requires hierarchical namespaces to be enabled on the object storage account. The cloud provider released a list of limitations and known issues, including a lack of support for Azure AD and POSIX-like access control lists. SFTP support for Azure Blob Storage is not generally available in all regions, with West Europe among the ones not supported.