与SFTP服务Facading Azure存储BLOB [英] Facading Azure storage blob with sFTP service
问题描述
我们有一个要求,创建大(1G-16G)行数据报告COM preSS和加密它们。
我们的客户将消耗超过SFTP这些报告。我们要更换现有的实施,使我们的客户应该得到透明的这种变化。
We have a requirement to create large (1G-16G) row data reports compress and encrypt them. Our customers will consume those reports over sFTP. We are replacing an existing implementation so our customer should get this change transparently.
的Azure Blob服务不公开SFTP服务,所以我们需要某种方式与SFTP服务门面吧。类似rel=\"nofollow\"> FTP 的基础上工人的作用。
辅助角色将暴露SFTP端点到外面的世界。
我们将设置每个客户的容器,并限制从辅助角色访问只有这么容器将直接访问被保护。
Azure Blob service does not expose sFTP service so we will need some way to facade it with sFTP service. Something similar to FTP to Azure Blob Storage Bridge based on worker role. The worker role will expose sFTP endpoint to the outside world. We will setup a container per customer and limit the access from worker roles only so containers will be protected from direct access.
我的问题是:
- 您如何看待这种做法?
- 将使用辅助角色的SFTP可以动态缩放/缩小,同时保持从客户的角度出发同一DNS名称?
- 不Azure的Blob服务支持COM pression或加密?
- 你熟悉天青Blob存储桥(preferable开放源码)?类似于FTP SFTP工作者角色
相关问题:结果
<一href=\"http://stackoverflow.com/questions/7118942/in-windows-azure-what-are-web-role-worker-role-and-vm-role\">In Windows Azure的:什么是Web角色,辅助角色和VM角色结果?
Azure的架构设计
推荐答案
您可能会因干脆直接通过HTTPS露出了Blob存储端点实现这一目标,并期待以使用共享访问签名(<一个href=\"http://www.windowsazure.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/\" rel=\"nofollow\">http://www.windowsazure.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/)限制访问这些斑点。
You could possibly achieve this by simply exposing the blob storage endpoints directly over HTTPS and look to use Shared Access Signatures (http://www.windowsazure.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/) to restrict access to those blobs.
根据您的反馈意见,然后 - 也许看利用Linux来运行SFTP服务器并使用了Java,节点或PHP的Azure SDK来实现计划的基础上拉动从Blob存储内容的同一目标,而不需要辅助角色(的cron应该看到你的权利)。说实话,你会加倍存储使用(不,它是昂贵的),你会拉BLOB出入库及到你的虚拟机的VHD,但这种方法是可行的。
Based on your feedback then - perhaps look to leverage Linux to run an sFTP server and use either the Java, Node or PHP Azure SDKs to achieve the same objective of pulling your content from blob storage on a scheduled basis without the need of a worker role (cron should see you right). To be honest you'll be doubling your storage use (not that it's that expensive) as you'll pull the blob out of storage and onto the VHD of your VM but this approach would work.
我注意到你说你加密写入Blob存储中的文件 - 你可以只使用一个PKI方法,并与客户分享,让他们直接通过HTTPS拔出钥匙。总之,SFTP这似乎是:)
I notice you said you were encrypting the files written to blob storage - you could just use a PKI approach and share the key with customers allowing them to pull directly via HTTPS. Anyway, sFTP it appears to be :).
这篇关于与SFTP服务Facading Azure存储BLOB的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
