Local SFTP Server to Remote Cloud Storage

The Local SFTP Server to Remote Cloud Storage Pipeline type represents a server-based transfer scenario where UDMG acts as an SFTP server, accepts inbound connections from partners, and exposes a cloud storage location through a configured Pipeline.

Partners connect using their preferred client and transfer files based on a defined Pipeline configuration, which determines how files are handled once received. Configured permissions control which file and folder operations each partner can perform.

This Pipeline consists of:

• A Local SFTP Server Endpoint that receives incoming SFTP connections (used as the Source Endpoint).
• A Remote Cloud Storage Endpoint that represents the cloud storage location exposed through the Pipeline (used as the Destination Endpoint).
• Account-based authentication and authorization through Accounts and Account Groups.
• Pipeline-specific configuration options.

info

Unlike Pipelines in which UDMG acts as a client, transfers in this Pipeline type are automatically triggered by the UDMG Server when a partner performs an action. To enable this, the Pipeline must be assigned to at least one Account Group to grant access to the Account associated with that partner.

Before You Begin

Understanding Paths in This Pipeline

When configuring a Local SFTP Server to Remote Cloud Storage Pipeline, several path fields determine how files and directories accessed by external partners are mapped to locations in the cloud storage provider.

Each path has a specific role and is combined during runtime to build the final object key (or path) used in the selected cloud provider and object storage service. Regardless of the UDMG Server host operating system, the path must use forward slashes / (Linux path formatting).

Bind IP (Listener IP Address) and Port

The Listener IP Address and Port define the local bind address and port where the UDMG Server listens for incoming SFTP connections for this Pipeline.

These values are configured in the Local SFTP Server Endpoint used as the Source Endpoint.

Depending on your network (load balancer, DNS, firewall/NAT rules, or use of USP), the partner-facing SFTP hostname (or public IP) and port may differ from the bind address configured on the Endpoint. In such cases, ensure that the partner is provided with the correct public-facing hostname (or public IP) and port to reach your UDMG SFTP Server.

Virtual Path

The Virtual Path defines the directory path that an Account can see and browse when connecting to the UDMG SFTP Server.

Virtual Paths represent the partner-facing directory structure. They do not need to match the underlying filesystem layout used by the Pipeline.

An Account may see more than one Virtual Path, depending on how many Pipelines (with the same Local SFTP Server Endpoint as Source Endpoint) the Account can access. Each Virtual Path is associated with a specific Pipeline.

Valid formats:

• /
• /dir
• dir

Regardless of the UDMG Server host operating system, the path must use forward slashes / (Linux path formatting).

Configuration JSON

The Configuration JSON defined in the Remote Cloud Storage Endpoint provides the Rclone remote configuration for the selected cloud provider and object storage service.

The structure and required fields of the Configuration JSON depend on the selected cloud provider. For provider-specific examples and requirements, see Configuration JSON.

Cloud Storage Base Path

An optional path defined in the Remote Cloud Storage Endpoint that can be used to define the root location within the Endpoint. For object storage, this path is appended as a suffix to the bucket or container from the Configuration JSON.

Valid formats:

• Leave blank
• dir
• dir/

For more details, see Cloud Storage Base Path.

Relative Path

A path where files are read from or written to within your remote cloud storage provider. This path is appended to the Cloud Storage Base Path to form the full path.

Valid formats:

• / (empty path)
• /dir
• /dir/subdir/
• dir

The path definition can use Runtime Variables.

Regardless of the UDMG Server host operating system, the path must use forward slashes / (Linux path formatting).

Runtime Variables

UDMG allows dynamic Relative Paths using variables. The variables are allowed in the Relative Path and are expanded at runtime (when the transfer is starting or when a SFTP command is executed).

This allows you to set a common Relative Path folder name for multiple Accounts, which are redirected to a private local directory.

Variable	Description	Category
${SESSION_UUID}	The unique UUID of the current session.	Session
${DOMAIN_ID}	The numeric ID of the Domain associated with the session.	Domain
${DOMAIN_UUID}	The UUID of the Domain associated with the session.	Domain
${DOMAIN_NAME}	The name of the Domain associated with the session.	Domain
${ENDPOINT_NAME}	The name of the Endpoint associated with the session.	Endpoint
${ACCOUNT_ID}	The numeric ID of the Account for the session.	Account
${ACCOUNT_NAME}	The login name of the Account for the session.	Account
${YYYY}	The current year with four digits (e.g., 2024).	Date/Time
${MM}	The current month with two digits (e.g., 09).	Date/Time
${DD}	The current day of the month with two digits (e.g., 12).	Date/Time

Relative Paths examples:

• /${ACCOUNT_ID}/Input
• /${YYYY}/Processing
• /RelativePath

Account Authentication

Remote clients connecting to a Local SFTP Server Endpoint are authenticated using Accounts, each of which defines a unique set of credentials authorized to access one or more Pipelines. These Accounts can be created internally within UDMG or can be provisioned by an LDAP directory or SSO provider (see Authentication).

For authentication to succeed:

• The client must connect using credentials that match a configured Account.
• The Account must belong to an Account Group.
• The Account Group must be assigned to the Pipeline that will handle the transfer.

This layered approach ensures:

• Only clients with valid, known credentials can access the Local SFTP Server.
• Access is restricted to the Pipelines explicitly linked to the client's Account Group.
• Credentials are managed centrally via Account Groups, decoupled from individual Pipelines.

info

For detailed instructions on this topic, refer to the Accounts and Account Groups.

Permissions

The file and folder level permissions Accounts can perform associated with the Relative Path.

The available permissions for this Pipeline are:

Permission	Availability
Download/Read File
Upload/Write File
Overwrite File
Delete File
List File
Make Directory
Remove Directory
Rename File
Share File

warning

Partners using SFTP GUI clients should have List File permission to browse the directory properly. If List File is not included, partners may see empty folders, missing files, or inconsistent UI behavior.

Pipeline Workflow

The Pipeline Workflow toggle enables automated Task execution during the transfer lifecycle.

When enabled, UDMG Server executes the Tasks associated with the Pipeline Workflow when specific transfer triggers occur.

Tasks are configured separately and can perform actions such as executing system commands or publishing Universal Events to Universal Controller. Multiple Tasks can be executed as part of a workflow, and they run sequentially in the order defined for the Pipeline.

info

For more information, see Tasks.

Adding a Pipeline

To add a Local SFTP Server to Remote Cloud Storage Pipeline, follow these steps:

1. From the Sidebar, select Configuration > Pipelines.
2. Click Add Pipeline.
3. Complete the Name for the new Pipeline.
4. Select the Source Endpoint with a Local SFTP Server Endpoint type.
5. Select the Destination Endpoint with a Remote Cloud Storage Endpoint type.
6. Fill out the dynamic fields following the Field Descriptions table.
7. Click Add.

info

UDMG does not allow identical Pipelines to be created, even if they have different names. For more information, see Pipeline Validation.

Field Descriptions

The following table describes the fields that are configured for the Pipeline:

Name	Description	Specifications	Required
Name	Name of the Pipeline. info Using a descriptive name makes the association of Pipelines to Account Groups easier.	Must be unique. Must follow the Standard Naming Pattern. Cannot be modified after creation.	Yes
Description	Description for the Pipeline.		No
Business Service	Assigning a Business Service to this Pipeline restricts updating, deleting, and other actions so only Users with the same Business Service can perform them (role permissions still apply). For details, see Business Services.	Only Users with the System Administrator, Domain Administrator, or Pipeline Management role can assign Business Services to Pipelines. Select an already-created Business Service. To select it, your User must have that Business Service already assigned.	No
Source Endpoint	The Source Endpoint is where files are retrieved, originated, or come from.	Must reference an already-created Local SFTP Server Endpoint. Cannot be modified after creation.	Yes
Destination Endpoint	The Destination Endpoint is where files are delivered to or sent. Allowable Destination Endpoints are based on the available Pipeline combinations.	Must reference an already-created Remote Cloud Storage Endpoint. Cannot be modified after creation.	Yes
Virtual Path	The path that is the directory structure visible to an Account upon login. It does not directly correspond to the cloud storage structure. For more information, refer to Understanding Paths.	Format: / /dir dir Modifying this path after initial setup will impact associated Accounts.	Yes
Relative Path	A path where files are read from or written to within your remote cloud storage provider. This path is appended to the Cloud Storage Base Path to form the full directory path. For more information, refer to Understanding Paths.	Format: / (empty path) /dir /dir/subdir/ dir Accepts Runtime Variables. Modifying this path after initial setup will impact associated Accounts.	Yes
Credentials Name	The client authentication Credentials used to authenticate to the cloud storage provider. For more information, see Remote Cloud Storage Authentication	Must reference an already-created Key Pair.	Yes
Permissions	The file and folder level permissions associated with the Relative Path. For all available options, see Permissions.	Default value: All available permissions.	Yes
Workflow Enabled	If enabled, the Pipeline Workflow is enabled and Tasks assigned on the Workflow tab will be executed. For more information, refer to Pipeline Workflow.		No

Editing a Pipeline

To edit a Local SFTP Server to Remote Cloud Storage Pipeline, follow these steps:

1. From the Sidebar, select Configuration > Pipelines.
2. Click the Name of the Pipeline you want to edit.
3. Click the Edit button above the Pipeline details.
4. Edit details for the Pipeline.
   • The Source Endpoint and Destination Endpoint cannot be changed after creation.
5. Click Update.

info

Pipeline updates are subject to the same validation rules enforced during creation. For more information, see Pipeline Validation.

info

Pipeline changes are reflected immediately only for new connections. Ongoing client sessions are not affected until they reconnect.

Managing a Pipeline

All Pipelines support the ability to view the complete Pipeline and linked Endpoint details, including Account Group information.

Viewing Pipeline Details

To view the details of a Local SFTP Server to Remote Cloud Storage Pipeline, follow these steps:

1. From the Sidebar, select Configuration > Pipelines.
2. Click the Name of the Pipeline you want to view.
3. Click the Overview tab or Details tab to see additional Pipeline and Endpoint details.

Pipeline Metadata

Pipeline details include all parameters given in the Field Descriptions table, plus the following read-only metadata:

Name	Description
UUID	Universally Unique Identifier of this Pipeline.
Version	Version number of the configuration. Every change increases the number.
Enabled	Pipeline's Enabled status. If enabled, field is set to True.
Created	Date and time this Pipeline was created.
Updated	Date and time this Pipeline was last updated.

Enabling and Disabling Pipelines

Pipelines can be Enabled or Disabled to control their active status and ability to participate in file transfers. The status is defaulted to Enabled and can be changed after creation. The Configuration Item's Disabled status does not impact whether it can be configured. Also, Disabled Endpoints can be added to a Pipeline.

• Enabled (default): The Pipeline is active and allows file transfers.
• Disabled: The Pipeline is inactive and does not allow file transfers.

To enable or disable a Pipeline, follow these steps:

1. From the Sidebar, select Configuration > Pipelines.
2. Click the Name of the Pipeline you want to enable or disable.
3. Click the Enable or Disable button above the Pipeline details.
4. If the Pipeline is Disabled, then the button displays Enabled. If the Pipeline is Enabled, then the button displays Disabled.
5. Click Update.

info

Changes to a Pipeline's Enabled/Disabled status take effect immediately for new connections. Existing client sessions continue unaffected until they reconnect.

Assigning a Task to a Pipeline

To assign a Task to a Pipeline, follow these steps:

1. From the sidebar, select Configuration > Pipelines.
2. Click the Name of the Pipeline to which you want to assign a Task.
3. Click the Workflow tab.
4. The Workflow editor displays five columns:
   • Available Tasks
   • On Staged Tasks
   • On Sent Tasks
   • On Received Tasks
   • On Error Tasks
5. Drag and drop Task cards as needed:
   • To assign the Task to the Pipeline Workflow, move a card from Available Tasks to one of the trigger columns.
   • To unassign the Task from the Pipeline, click the x icon in the top right corner on the Task card.
   • Click Cancel to discard all changes.
6. Click Update.

info

Not all Task trigger columns are available for every Pipeline type. For this Pipeline type, the following column is not available: On Staged. For more information, see Task Triggers.

Deleting a Pipeline

To delete a Local SFTP Server to Remote Cloud Storage Pipeline, follow these steps:

1. From the Sidebar, select Configuration > Pipelines.
2. Click the Name of the Pipeline you want to delete.
3. Click the Delete button above the Pipeline details.
4. You will be asked to confirm the deletion. Click Continue.

warning

UDMG prevents the deletion of a Configuration Item if it is currently referenced by another Configuration Item (i.e., Account Group). The Configuration Item must be edited or the reference removed before you can delete the Pipeline. Deletion cannot be undone.

Monitoring a Pipeline

To monitor and determine the status of a Pipeline, the Transfers page and Endpoints page must be monitored to track incoming Transfers and the Source and Destination Endpoints' individual statuses, respectively. If an Endpoint (Local SFTP Server) goes down (Endpoint Status <> Running), then all of the associated Pipelines, Account Groups, and Accounts are impacted.

On the Transfers page, the following fields indicate the type of Local Transfer.

• Is Schedule: If No, then the Transfer was a Local Transfer.
• Is Send:
  • If No, then the Account uploaded a file to UDMG
  • If Yes, then the Account downloaded a file from UDMG.
• Protocol: If, SFTP-Cloud, then the Transfer was using this type of Pipeline.