Contents » Using WinSCP » Guides » Cloud Computing » Azure »

Installing Secure FTP Server on Microsoft Azure using IIS

You may want to install a secure FTP server on Microsoft Azure Windows instance either as standalone file storage or to have means of editing your website hosted on IIS (Internet Information Services) web server. In both cases, you can use an optional FTP Server component of the IIS. It can be installed standalone or along with a Web Server.

RDP to the Azure Instance

To RDP to the Azure instance:

Installing FTP Server

Follow a generic guide to installing secure FTP server on Windows.

When installing, bear in mind that Microsoft Azure Windows servers are behind an Azure firewall/NAT, so you need to configure FTP server accordingly.

Ports Opening

You need to open/forward ports in Azure firewall/NAT for use with FTP server.

New Azure Portal portal.azure.com

  • On the Network interfaces page of your virtual machine, select its network interface.
  • On the Network security group page of the network interface, select its security group.
  • Create security rule for the FTP control connection:
    • On the Inbound security rules page of the security group, click Add in the top bar.
    • Type “FTP” in the Name box.
    • Select the FTP in the Service field.
    • Click the OK button and wait for the rule to be created.
  • Create security rule for FTP data connections according to the range you specified when setting up the FTP server:
    • On the Inbound security rules page of the security group, click Add in the top bar.
    • Type “FTP-data” in the Name box.
    • Keep the Custom in the Service field.
    • Type port range in a format min-max (e.g. 5000-5100) in the Port range box.
    • Click the OK button and wait for the rule to be created.

If you have multiple virtual machines running an FTP server, you can reuse the configured network security group.

Old Azure Management Portal manage.windowsazure.com

  • Provision endpoint for FTP control connection:1
    • On Endpoints tab of your instance page on Azure Management Portal, click Add on bottom bar.
    • On Add an endpoint to a virtual machine step, select Add a stand-alone endpoint.
    • Proceed to Specify the details of the endpoint step and select FTP in Name box.
    • Complete the wizard and wait for the endpoint to be configured.
  • Provision endpoints for FTP data connections according to the range you specified when setting up the FTP server:
    • For a narrow range, provision the ports one-by-one on Endpoints tab of your instance page. For each port of the range, add a “stand-alone” port with the same private and public port and a unique name (e.g. “FTP-Data-5000”).
    • For a wide range, you should better automate the task using PowerShell Add-AzureEndpoint cmdlet:
      • Download and install Azure Windows PowerShell cmdlets.
      • Run Microsoft Azure PowerShell from a Start menu.
      • Enter Get-AzurePublishSettingsFile command to download the .publishsettings file for your Windows Azure subscription.
      • Paste the following code to PowerShell console.2
        Do not forget to use correct path to .publishsettings file, name of the cloud service and virtual machine instance, and to modify the range in for loop according to the port range you set up in FTP Server (note that Azure allows only up to 150 endpoints).

        Import-AzurePublishSettingsFile C:\Users\martin\Documents\Martin-credentials.publishsettings
        $VM = Get-AzureVM -ServiceName "winscp-windows" -Name "winscp-windows"
        for ($Port = 5000; $Port -le 5100; $Port++)
        {
            $VM = $VM | Add-AzureEndpoint -Name "FTP-Data-$Port" -Protocol 'TCP' -LocalPort $Port -PublicPort $Port
        }
        $VM | Update-AzureVM

Connecting to Your FTPS Server

Your secure FTPS server is now running and can be connected to.

Further reading