Configure Access to Directories on a Remote Server
Note: To be able to use this feature you must be running Reflection for Secure IT Web Edition. For additional information, see the Reflection for Secure IT Web Edition Administrator's Guide, which is available from the Reflection for Secure IT Web Edition documentation page.
If you have installed Reflection for Secure IT Web Edition, you can configure access to files on a remote SFTP server, so that users logging into the Reflection for Secure IT Web Edition server can upload or download files to and from the remote server.
For example, you might install the Reflection for Secure IT Web Edition in the DMZ and configure access to a second server running behind the firewall. This reduces your security risks by limiting access to your internal network. The remote server can be running on Windows or UNIX, and can be running Reflection for Secure IT or other SFTP server software.
Data streams continuously through the gateway, eliminating the need to save the file on this server. This is more secure and more efficient than file transfer solutions that require the file to be stored and then forwarded.
You can map multiple accessible directories on one or more remote servers in addition to (or instead of) providing access to directories on the Reflection for Secure IT Web Edition server. For example, you might use the default configuration to provide access to the user's home directory (/Home) on the Reflection for Secure IT Web Edition server, and configure access to a second directory (/guest/uploads in the example below) and call the virtual directory Uploads.
In this example, the Home directory is on the Reflection for Secure IT Web Edition server. Access is provided by the user's credentials on the server. Access to the Upload directory is provided by an account called adminuser on a remote server called Host2.
With the configuration above, if you set the user's login directory equal to /, the user will see two directories, Home and Uploads. Here's a sample command line session from a client user (Joe) connecting to a Reflection for Secure IT Web Edition server (rsithost) with this configuration:
>sftp Joe@rsithost
Password Authentication
Joe's password:
/>ls
Home
Uploads
/>
There is no indication to the user that these directories are located on different servers, and the user has no knowledge of the name of the remote server or the user account whose credentials are used to gain access to this server.
To configure access to a directory on a remote SFTP server
- From the SFTP Directories pane click Add.
- For Virtual directory, specify the directory name that you want your users to see; for example Uploads.
- Select Remote SFTP server. This opens the Remote SFTP Server Connection dialog box.
- For Host, specify the name or IP address of the remote server. The port for the connection to this server is set to 22 by default. Edit this if your server uses a different port.
- Under Host key, click Retrieve. If Reflection for Secure IT can connect to this server, it retrieves its public key and displays a confirmation box. Click OK to accept this key. Reflection for Secure IT uses this key to confirm the remote server host identity when it connects to this host.
- Under Authentication, for Remote SFTP username, specify a user account on the remote server. You can configure either password or public key authentication for this user.
For
Do This
Password authentication
Specify the remote user's password in the Password box.
Note: This password is saved securely in the Reflection for Secure IT database and used to authenticate to the remote server.
Public key authentication
Select Public key authentication. Click Import private key and browse to the user's private key.
Note: To use public key authentication, you must first have a public/private key pair for the user you specified for Remote SFTP username, and configure the remote server to authenticate this user using the public key. The private key is saved securely in the Reflection for Secure IT database and used to authenticate to the remote server.
- Under Remote base directory, click Browse. This opens a browse dialog box showing directories available to the user you specified in the Username field. Browse to select the directory you want to make available to Reflection for Secure IT users. The directory you select is entered in the Path field.
Note: You can also specify paths using %u and %U. For details, see Pattern Strings in Directory Paths. The user directories must exist; they are not created automatically.
- Click Test Connection to test these settings. You can use the Details button on the Test Connection dialog box if you need to troubleshoot problems.
- Click OK to close the open dialog boxes.
- Save your settings (File > Save Settings).
 |