How to set up a Passive FTP Server in Windows Azure VM
FTP can run in either active or passive mode. Passive mode is extensively used to solve the issue of the client firewall blocking the FTP server data connection.
Providing a detailed explanation on how to set up a Passive FTP server in Windows Azure VM:
How to deploy a Windows Azure VM
How to install FTP service on Windows Azure VM
How to add the FTP site to IIS Manager on Windows Azure VM
How to specify the data channel port for passive FTP connection on Windows Azure VM
How to add ports specified in the previous step as endpoint to the VM
How to add Firewall rules to allow traffic on the added endpoint
How to verify that FTP server is using the port previously specified under data channel port
Points to consider from Azure SLB perspective
How to deploy a Windows Azure VM
Log in to the Windows Azure management portal and create a Windows Azure VM with Windows Server 2012 or Windows Server 2008 image.
Fill in the appropriate details under the Create a Virtual Machine dialog tabs.
Once the VM is provisioned, RDP into the VM.
How to install FTP service on a Windows Azure VM
Open Server Manger and click Add roles and features.
From Installation Type tab select Role based or feature-based installation and click Next.
From Server Selection tab select the server on which you want to enable FTP and click Next.
From Server Roles tab select Web Server (IIS), you will be presented with the Add Roles and Features Wizard.Click Web Server (IIS) and then click Add Features.
Click Next on the Features and Web Server Role (IIS) tabs.
From Role Services tab select FTP Server and FTP Service and click Next.
From Confirmation tab click Install and wait for the installation to complete.
How to add the FTP site to IIS Manager
From the Control Panel> Administrative Tools open the IIS Manager.
From IIS Manager, in the Connections pane, expand the Sites node in the tree, then right click the Default Web Site.
Now click Add FTP Publishing.
Fill the Add FTP Site dialog box as shown in the below figures and click Finish.
How to specify the data channel port for passive FTP connection on Windows Azure VM
From the Control Panel open the IIS Manager.
In IIS Manager, in the Connections pane, click local host.
In the Home pane, double-click the FTP Firewall Support feature.
In the Data Channel Port Range box specify a Port Range. In this case we have used 1035-1040. The External IP Address of Firewall is the VIP of your VM.
Click Apply. You will be prompted to configure the firewall to allow FTP access.
To make sure that FTP server has taken all the setting we added, let’s stop and start the FTP service.
How to add ports specified in the previous step as endpoint to the VM
Ports 1035 to 1040 should also be added as endpoint to the Azure VM. You can add multiple ports as endpoint to the VM using Windows Azure PowerShell. Detailed procedure here.
You can also add endpoints using the management portal. Detailed procedure here.
To confirm that the said ports are added to the VM, please check the endpoint list on portal for the said VM.
How to add Firewall rules to allow traffic on the added endpoint
For ports added as endpoints in the above procedure, no configuration is done automatically to the firewall in the guest operating system. When you create an endpoint, you’ll need to configure the appropriate ports in the firewall to allow the traffic you intend to route through the endpoint.
In this case I have disabled the Windows firewall for simplicity. You can refer here to modify the firewall rules to allow traffic on the ports added as end points.
Setting up the passive FTP Server on a Windows Azure VM is now completed.
How to verify that FTP server is using the port previously specified under data channel port
Client connects on the command port, which is usually TCP port 21.
When the connection on command port is successful, the server sends a port to the client to connect to.
If you are using FileZilla, you will see something like this:
Command: PASV
Response: 227 Entering Passive Mode (168,63,240,169,4,14).
Where 168,63,240,169 is the IP address of the VM and 4,14 is the port on which the data traffic is routed (256*4+14=1038).
This is how you determine that a port added in previous steps are actually being used to establish a passive FTP connection.
Points to consider from Azure SLB perspective
When FTP is transferring large files, the elapsed time for transfer may exceed 4 minutes, especially if the VM size is A0. Any time the file transfer exceeds 4 minutes, the Azure SLB will time out the idle TCP/21 connection, which causes issues with cleanly finishing up the FTP transfer once all the data has been transferred.
Basically, FTP uses TCP/21 to set everything up and begin the transfer of data. The transfer of data happens on another port. The TCP/21 connection goes idle for the duration of the transfer on the other port. When the transfer is complete, FTP tries to send data on the TCP/21 connection to finish up the transfer, but the SLB sends a TCP reset instead.
The way around this is to make the client to keep the TCP/21 connection from going idle. If using a 3rd party FTP client, there may be configuration knobs the user can turn in order to cause the FTP client to send a keepAlive. As an example of how you can set this in FTP client software, in FileZilla, you go to Edit, Settings, Connection, FTP, and check Send FTP keep-alive commands.
Load balanced endpoints are not supported in Azure Passive FTP server
You will be unable to load balance your endpoints when using a Passive FTP server in Azure since there is no session stickiness between the server’s Command Port (21) and the random data ports that get selected when there is data being transferred btw the client and the ftp server.
The client will contact the FTP server (Azure VM) through Port 21 (Server’s Command port), and establish an FTP session. Then as soon as the client tries to download or upload data, the FTP server (Azure) will send a hashed port number to the client (from the list of data ports you select when setting up your FTP service).
Note that currently Windows Azure only support 150 endpoint. Keep this in mind when adding endpoints.
Disclaimer: Many of the articles are taken from MSDN, Azure tutorials and other sources on internet to provide a single place for various information about azure development.No copyright on this information is claimed and the copyright of all information is acrrued to all original authors including MSDN and Microsoft azure training materials.Some of this information shall be outdated or incorrect and the authenticty of the information contained should be verified with changes in azure or your own environment. We do not recommend using any of this information without proper consultation.
