Data ingress with SFTP#

Warning

SFTP is not suitable for Tier 2+ data.

The 🧑‍🔬 Project team’s chosen DPR may wish to carry out the data transfer to the TRE from a remote server and want to use SFTP for this. An additional intermediary storage account can be set up in Azure to enable this.

  1. Open the Azure Portal and set up an SFTP enabled storage account called <SHM ID><SRE ID>datasftp or something similar in the same subscription as the storage account used by the TRE, which should be called <SHM ID><SRE ID>data<hash> (see screenshots below for help)

    • The current production subscription is called [Prod] Safe Haven Management V4 Last edited 2023/05/26

    • Choose UK South as the region and create a temporary resource group

  2. In the new storage account, open the Networking tab, add the DPR’s IP address under Firewall and hit Save

  3. Create a container in the storage account with write and list permissions called ingress

  4. Click SFTP, then Add a local user and create a user called sftpuser or similar with a password

  5. Send the password and SFTP connection string to the DPR via secure email

    • Connection string: <SHM ID><SRE ID>datasftp.ingress.sftpuser@<SHM ID><SRE ID>datasftp.blob.core.windows.net

  6. Send them this guide on how to upload if needed

    • e.g. they can do sftp <conn string>

  7. Once the DPR has uploaded the data, use Azure Storage Explorer to transfer the data to the TRE storage account’s ingress container called <SHM ID><SRE ID>data<hash>

    • This can be done with a simple copy and paste in ASE if you are authenticated

  8. Once all the data is transferred to the TRE storage account, delete the temporary SFTP storage account

SFTP storage account setup screenshots

Storage account#

Storage account

Enable SFTP#

Enable SFTP

Container permissions#

Container permissions

SFTP user#

SFTP user