SFTP/FTP/FTPS Client

The SFTP/FTP/FTPS Client destination writes whole files to a URL using the Secure File Transfer Protocol (SFTP), File Transfer Protocol (FTP), or FTP Secure (FTPS) protocol. For information about supported versions, see Supported Systems and Versions in the Data Collector documentation.

When you configure the SFTP/FTP/FTPS Client destination, you specify the protocol to use and the URL where the destination writes files on the remote server. You can also use a connection to configure the destination. The destination can create paths that do not exist. You also specify an expression for the file name to write and the action to take when the file already exists on the server.

When needed, you can connect to the server through an HTTP or SOCKS proxy.

If the server requires authentication, configure the credentials for the protocol you are using. For the SFTP protocol, the destination can require that the server be listed in a known hosts file. For the FTPS protocol, the destination can authenticate with the server using a client certificate and can authenticate the certificate from the FTPS server.

The destination can generate events for an event stream. For more information about the event framework, see Dataflow Triggers Overview.

Credentials

The SFTP/FTP/FTPS Client destination can use several methods to authenticate with the remote server. From the Credentials tab, configure the authentication required by the remote server.

Authentication options differ for each protocol:

  • For all protocols, select an authentication method to log in to the remote server. Choose the method based on the protocol and remote server requirements:
    • None - The stage does not authenticate with the server.
    • Password - The stage authenticates with the server using a user name and password. You must specify the user name and password.
    • Private key - The stage authenticates using a private key. Use only with the SFTP protocol. You must specify the private key, either in a local file or in plain text.
  • For the SFTP protocol, the stage can require that the server be listed in a known hosts file. You must specify the path to the known hosts file that contains the host keys for the approved SFTP servers.
  • For the FTPS protocol, the stage can use certificates to authenticate with the server. You must specify the keystore file and password. You can also configure the stage to authenticate the server by specifying a truststore provider. For more information about keystores and truststores, see Keystore and Truststore Configuration.

Event Generation

The SFTP/FTP/FTPS Client destination can generate events that you can use in an event stream. When you enable event generation, the destination generates event records each time the destination closes a file or completes streaming a whole file.

You can use events generated by the SFTP/FTP/FTPS Client destination in any logical way. For example:
  • With the SFTP/FTP/FTPS Client executor to move closed files.

    For an example, see Managing Output Files.

For more information about dataflow triggers and the event framework, see Dataflow Triggers Overview.

Event Records

Event records generated by the SFTP/FTP/FTPS Client destination include the following event-related record header attributes. Record header attributes are stored as String values:

Record Header Attribute Description
sdc.event.type Event type. Uses one of the following types:
  • file-closed - Generated when the destination closes a file.
  • wholeFileProcessed - Generated when the destination completes streaming a whole file.
sdc.event.version Integer that indicates the version of the event record type.
sdc.event.creation_timestamp Epoch timestamp when the stage created the event.
The destination can generate the following types of event records:
File closure
The destination generates a file closure event record when it closes an output file.
File closure event records have the sdc.event.type record header attribute set to file-closed and include the following fields:
Field Description
filepath Absolute path to the closed file.
filename File name of the closed file.
length Size of the closed file in bytes.
Whole file processed
The destination generates an event record when it completes streaming a whole file. Whole file event records have the sdc.event.type record header attribute set to wholeFileProcessed and have the following fields:
Field Description
sourceFileInfo A map of attributes about the original whole file that was processed. The attributes include:
  • size - Size of the whole file in bytes.

Additional attributes depend on the information provided by the origin system.

targetFileInfo A map of attributes about the whole file written to the destination. The attributes include:
  • path - An absolute path to the processed whole file.

Data Format

The SFTP/FTP/FTPS Client destination writes data in the following data format:
Whole File
Streams whole files to the destination system. The destination writes the data to the file and location defined in the stage. If a file of the same name already exists, you can configure the destination to overwrite the existing file or send the current file to error.
By default, written files use the default access permissions for the destination system. You can specify an expression that defines access permissions.
For more information about the whole file data format, see Whole File Data Format.

Configuring an SFTP/FTP/FTPS Client Destination

Configure an SFTP/FTP/FTPS Client destination to send data to a URL using SFTP, FTP, or FTPS.

  1. In the Properties panel, on the General tab, configure the following properties:
    General Property Description
    Name Stage name.
    Description Optional description.
    Produce Events Generates event records when events occur. Use for event handling.
    Required Fields Fields that must include data for the record to be passed into the stage.
    Tip: You might include fields that the stage uses.

    Records that do not include all required fields are processed based on the error handling configured for the pipeline.

    Preconditions Conditions that must evaluate to TRUE to allow a record to enter the stage for processing. Click Add to create additional preconditions.

    Records that do not meet all preconditions are processed based on the error handling configured for the stage.

    On Record Error Error record handling for the stage:
    • Discard - Discards the record.
    • Send to Error - Sends the record to the pipeline for error handling.
    • Stop Pipeline - Stops the pipeline.
  2. On the SFTP/FTP/FTPS tab, configure the following properties:
    SFTP/FTP/FTPS Property Description
    Connection Connection that defines the information required to connect to an external system.

    To connect to an external system, you can select a connection that contains the details, or you can directly enter the details in the pipeline. When you select a connection, Control Hub hides other properties so that you cannot directly enter connection details in the pipeline.

    Resource URL URL to access the remote server. Use the appropriate format:
    • SFTP protocol:

      sftp://<host name>:<port number>/<path>

    • FTP protocol:

      ftp://<host name>:<port number>/<path>

    • FTPS protocol:

      ftps://<host name>:<port number>/<path>

    You can omit the port number from the URL if the server uses the standard port number: 22 for SFTP, or 21 for FTP or FTPS.

    You can optionally include the user name to log in to the SFTP, FTP, or FTPS server in the URL. For example, for the FTP protocol, you can use the following format: ftp://<user name>:<password>@<host name>/<path>.

    You can enter an email address as a user name.

    Note: If you enter a user name in the resource URL and configure password or private key authentication on the Credentials tab, the value entered in the URL takes precedence.
    Protocol Protocol to use to connect to the server:
    • SFTP
    • FTP
    • FTPS
    Create Path Creates the specified path on the remote server when the path does not exist.
    Enable Proxy Enables using a proxy to connect to the remote server.
    Proxy Type Type of proxy to use: HTTP or SOCKS.
    Proxy URL URL of the proxy.
    Path Relative to User Home Directory Interprets the path entered in the resource URL as relative to the home directory of the user that logs in to the remote server.

    You specify the user name in the URL or when you configure password or private key authentication on the Credentials tab.

    FTPS Mode Encryption negotiation mode to use for the FTPS protocol:
    • Implicit - Uses encryption immediately.
    • Explicit - Uses plain FTP to connect to the server and then negotiates encryption with the server.
    FTPS Data Channel Protection Level Protection level to use for the FTPS data channel:
    • Clear - Encrypts only communication with the server, not data sent to the server.
    • Private - Encrypts both communication with the server and data sent to the server.
    Socket Timeout Maximum number of seconds to allow between TCP packets. 0 indicates no limit.
    Connection Timeout Maximum number of seconds to allow to initiate a connection to the SFTP, FTP, or FTPS server. 0 indicates no limit.
    Data Timeout Maximum number of seconds allowed to write a file. 0 indicates no limit.
    Maximum Connection Inactivity Time Maximum seconds of inactivity to allow before recreating connections to the SFTP, FTP, or FTPS server. 0 indicates no limit.
    Temporary Prefix Prefix for temporary files. The destination creates a temporary file with the specified prefix to indicate the file is not fully-written. The destination removes the prefix to indicate when the write is complete.

    Use this property to specify a custom prefix for the temporary files. Default is _tmp_.

    User Consent For Prefix Omission Allows omitting a prefix for temporary files.
    Important: If you omit a prefix from the Temporary Prefix property, the temporary files created by the destination are indistinguishable from fully-written files. This can lead to downstream processes working with files before they are complete, and can therefore result in data loss.

    Omit a prefix only in the rare cases where your processes verify that output files are fully-written before accessing them.

    Due to the gravity of omitting a prefix, the destination only omits the prefix for temporary files if you both clear the Temporary Prefix property and enable this property to indicate that you consent to the omission.

  3. On the Credentials tab, configure the following properties:
    Credentials Property Description
    Authentication Authentication method to use to log in to the remote server:
    • None - Does not authenticate with remote server.
    • Password - Authenticates with the remote server using a user name and password.
    • Private key - Authenticates with an SFTP server using a private key.

    Default is None.

    Username User name to log in to the remote server.
    Tip: To secure sensitive information such as user names and passwords, you can use runtime resources or credential stores. For more information about credential stores, see Credential Stores in the Data Collector documentation.

    Available when using password or private key authentication.

    Password Password to log in to the remote server.
    Tip: To secure sensitive information such as user names and passwords, you can use runtime resources or credential stores. For more information about credential stores, see Credential Stores in the Data Collector documentation.

    Available when using password authentication.

    Private Key Provider Source that provides the private key:
    • File - Reads the private key from a local file.
    • Plain-Text - Reads the private key from a plain-text field.

    Available when using private key authentication.

    Private Key File Full path to the local private key file used to log in to the remote server.

    Available when using private key authentication with a file private key provider.

    Private Key Private key used to log in to the remote server.

    Available when using private key authentication and providing a plain text private key.

    Private Key Passphrase Passphrase used to open the private key.

    Available when using private key authentication and providing a plain text private key.

    Use Client Certificate for FTPS Authenticates with the FTPS server using a client certificate.

    Select this option when the FTPS server requires mutual authentication. You must provide a keystore file that contains the client certificate.

    Available when using FTPS.

    Use Remote Keystore Enables loading the contents of the keystore from a remote credential store or from values entered in the stage properties.

    Available when using a client certificate for FTPS.

    Private Key Private key used in the remote keystore. Enter a credential function that returns the key or enter the contents of the key. For more information, see credential functions.

    Available when using a client certificate for FTPS.

    Certificate Chain Each PEM certificate used in the remote keystore. Enter a credential function that returns the certificate or enter the contents of the certificate.

    Using simple or bulk edit mode, click the Add icon to add additional certificates.

    Available when using a client certificate for FTPS.

    FTPS Client Certificate Keystore File Full path to the keystore file that contains the client certificate.

    Available when using a client certificate for FTPS.

    FTPS Client Certificate Keystore Type Type of keystore file that contains the client certificate.

    Available when using a client certificate for FTPS.

    FTPS Client Certificate Keystore Password Password to the keystore file that contains the client certificate. A password is optional, but recommended.
    Tip: To secure sensitive information such as user names and passwords, you can use runtime resources or credential stores. For more information about credential stores, see Credential Stores in the Data Collector documentation.

    Available when using a client certificate for FTPS.

    FTPS Truststore Provider Method that the destination uses to authenticate the certificate from the FTPS server:
    • Allow All - Allows any certificate, skipping authentication.
    • File - Authenticates certificate with a specified truststore file.
    • Remote Truststore - Authenticates certificate with a truststore file built from specified certificates. For more information, see Remote Keystore and Truststore.
    • JVM Default - Authenticates certificate with the JVM default truststore.

    Available when using FTPS.

    Trusted Certificates Each PEM certificate used in the remote truststore. Enter a credential function that returns the certificate or enter the contents of the certificate. For more information, see credential functions.

    Using simple or bulk edit mode, click the Add icon to add additional certificates.

    Available when using a remote truststore as the FTPS truststore provider.

    FTPS Truststore File Full path to the truststore file that contains the server certificate.

    Available when using a file as the FTPS truststore provider.

    FTPS Truststore Type Type of truststore:
    • Java Keystore file (JKS)
    • PKCS-12 (p12 file)

    Available when using a file as the FTPS truststore provider.

    FTPS Truststore Password Password to the truststore file. A password is optional, but recommended.
    Tip: To secure sensitive information such as user names and passwords, you can use runtime resources or credential stores. For more information about credential stores, see Credential Stores in the Data Collector documentation.

    Available when using a file as the FTPS truststore provider.

    Strict Host Checking Requires that the SFTP server is listed in the known hosts file. When enabled, the destination connects to the server only if the server is listed in the known hosts file.

    Requires the known hosts file to include an RSA key.

    Available when using SFTP.

    Known Hosts File Full path to the local known hosts file. Required if strict host checking is selected.

    Available when using strict host checking.

  4. On the Data Format tab, configure the following properties:
    Whole File Property Description
    Data Format Format of data to be written. The destination uses the whole file data format.
    File Name Expression

    Expression to use for the file names.

    For tips on how to name files based on input file names, see Writing Whole Files.

    File Exists Action to take when a file of the same name already exists in the output directory. Use one of the following options:
    • Send to Error - Handles the record based on stage error record handling.
    • Overwrite - Overwrites the existing file.