Secure FTP - Internal or External hosting?

Whoop

Whoop

Whoop

Associate
Joined
27 Nov 2003
Posts
2,482
Location
Loughborough
I've been tasked with setting up a secure FTP that our customers can log in to and pull .csv files from each day but I don't know which route to take.

Am I better off paying a small fee to have it hosted somewhere else and I upload my files there or do I buy a standalone PC/integrate it into Windows Server.

I don't like the idea of opening ports here and I'd like a GUI that people can view if possible but it's not a deal breaker.

Can anyone give me some pointers? :)
(reputable hosts also open to recommendation)
 
Depends on your needs - you don’t tell us how many simultaneous connections you expect, how big the files are, or if you have the uplink capavlcity to serve them in a timely manner without impacting other services. Big difference between 10 people a day grabbing 500k once a day and 500 people grabbing 1GB.

A dedicated machine makes little sense for an FTP server, either virtualise on your existing local hosts or spend €3/m on a Hetzner Cloud instance with 10Gb and run your preferred flavour of Linux/docker for whatever you feel happiest with. This means one upload and fast downloads for everyone.
 
Fair questions! it's still a rather grey area this end, the usage will be a stock feed if anything so potentially small files <2Mb but accessed frequently by numerous customers to keep their Marketplace stocking upto date.

As a result of this the traffic volume is going to initially be small and often with potential increases if it takes off. I guess this would make speed one of the key factors. :)
 
I've had this a customer request and have used both methods. I always say hosted unless there's a good reason not to.

From a overall network security POV having it hosted is better - if it gets compromised at the OS level it doesn't compromise your DMZ or network as you just connect and upload as required. However, you potentially have less control - but it the data isn't sensitive this doesn't matter so much.

I recently put CrushFTP is on a Linux server for a customer and they have been very pleased with it - it does FTP/FTPS/SFTP and web functionality. They wanted the files to remain in their network and had a very limited number of clients connecting that we can control the source IP's on the firewall.
 
For software I can recommend Solarwinds Serv-U. You get a proxy device that sits in the DMZ and talks to an internal server so your security worries are alleviated somewhat. It has a nice HTTPS front end for the FTP server as well as offering file sharing. We use it for the same purpose you are describing (for "datafeeds" for those clients who don't have any sort of direct API into our systems) and also for our staff to file share large files that wouldn't make it through Exchange.
 
Whoop said:
Fair questions! it's still a rather grey area this end, the usage will be a stock feed if anything so potentially small files <2Mb but accessed frequently by numerous customers to keep their Marketplace stocking upto date.

As a result of this the traffic volume is going to initially be small and often with potential increases if it takes off. I guess this would make speed one of the key factors. :)
Click to expand...

I'd suggest that you consider a smallish VPS hosted somewhere on a quick network. The cheapest DigitalOcean Droplet is $5 per month, but has 1TB bandwidth allowance. If you're happy with setting up FreeBSD / Linux, that would be the way I'd go. No need to hammer your office network connection, or risk the security of your office network for that.
Make sure to use a DNS hostname to point at it (eg stockfeed.whoopemployer.com rather than the IP you get given) so that if you need to re-host it somewhere else then you can do so easily.
 
mrbell1984 said:
I would say a link to a web server url online with a login somewhere, don’t use ftp. Very easy to do so and still as secure as ftp.

Is it the same file been pulled every day?
Click to expand...

Heya,

Yes pretty much, I'll probably keep the file name consistent.

Where would you suggest? :)
 
Whoop said:
Heya,

Yes pretty much, I'll probably keep the file name consistent.

Where would you suggest? :)
Click to expand...

I would say - paying a small fee to have it hosted somewhere else and I upload my files there. You will still have control over them. Do you already have a web host at all because you could secure something in PHP with a username/password option if you want too.

OR Sign up for a free Outlook account maybe? You get 5GB free. Upload the file and share it, then use tiny url or something to give to the people who are downloading it. That way you have control over the hosted files. Very easy to do. (Paid version of O365 will give you a password field prompt to lock the file down as well)

There are plenty options out there. If you take a look at Pydio you can even make your own Dropbox that's another option.
 
Last edited:
I'm going to go against the grain and say it's just an SFTP server - no need to overthink it. If you're security conscious, just bang it in a DMZ and lock it down.

If it is only a limited number of clients who will need access, and assuming they're not accessing it from home, just ensure your firewall ACL only allows their public IP's.
 
Sorry to hijack, any recommendations of SFTP hosts to use? A client has requested for auto collection of a spreadsheet or csv or two each month.
 
If you want there’s a web gui way if you wanna be all technical. Go ahead and host an SFTP somewhere, create some users then port forward on the firewall for 22, then go install a web server somewhere with an online FTP GUI that only connects too your SFTP. I think Net2FTP is a php based online version that you can configure yourself to allow only certain users and certain IPS to access.

This is all about how technical do you want to be and at what cost. There’s loads of ways to do it and it’s up to you in the end.

There isn’t really SFTP hosts as such, you host your own on a system somewhere. This depends how technical you are to configure it all working.
 
I was tasked with this recently and set up a VM using CrushFTP which was pretty easy to set up and their support always came back to me within the hour with help.
 
You must log in or register to reply here.
Back
Top Bottom