Pega Cloud SFTP service
The Pega Cloud SFTP service provides Pega Cloud Services clients with simple, secure file transfers to and from their Pega Cloud applications.
The service securely exchanges files between your enterprise and your Pega applications that Pega Cloud Services runs, and uses the Pega Cloud File Storage repository for reliable and resilient storage.
The Pega Cloud SFTP service provides the following features:
- A secure service for file uploads and downloads to or from you Pega Cloud File Storage
- Static IP addresses that do not change for the life of the service, eliminating the need for you to add a broad range of IP addresses to a list of allowed connections for the service
- A separate SFTP server with a unique URL for each environment
- Admin and, if requested, up to 10 additional standard-user credentials with unique file directories within Pega Cloud File Storage
- Direct mapping of the Pega Cloud SFTP service to the Pega Cloud File Storage repository providing reliable, scalable file storage capacity. For more information, see Pega Cloud File Storage
- Bulk data processing through file listeners in your Pega Cloud environment applications or by integrating with Pega Business Intelligence Exchange™ data extracts. The repository securely stores data until removal.
Client responsibilities include the following actions:
- Installing an SFTP or SSH client of your choice to connect to the Pega SFTP Service.
- Generating the public/private key pair for each user you want to create for the Pega SFTP Service using an SSH client of your choice.
- Making a request by selecting New request in My Support
Portal that includes the following information for each user you
want to create and grant access to the SFTP service:
- at least one public key to assign to the default admin user
- a list of IP addresses or IP address ranges to add to an allow list for the Pega SFTP service
- Optional: unique user names to assign to each additional user
- Optional: unique name of the directories for each additional user
- Optional: a public key for each additional user you want to access the service
- If using a static IP address, adding the static IP for the Pega SFTP server to an allow list through your enterprise firewall that Pega Cloud Services provides.
- Client must give a minimum advance notice of 5 business days for the request.
Pegasystems Inc. responsibilities
Pegasystems Inc. responsibilities include the following actions:
- Integrating the SFTP service with your environment
- Authenticating the SFTP service using client-provided public keys
- Providing the client with the following information to connect to the SFTP
If you request only one user, that user will have admin privileges with access to the top-level directory of the SFTP folder in the Pega Cloud File Storage repository. The admin user does not need to specify an additional directory name.
- Pega SFTP hostname
- the top-level SFTP directory within the Pega Cloud File Storage pegacloudrepository folder.
- the admin username (always sftp-user)
- the admin key
- Optional: additional usernames as requested by the client
- Optional: a unique SFTP sub-directory for each username as requested by the client
- Optional: a unique key associated with each additional user as requested by the client
- Encrypting data in transit using SSH and data at rest using an environment-specific key
- Deploying the SFTP service with client-provided public key & public IP(s) provided
- If requested, providing the static IP address of the SFTP server for the client to add to a list of allowed connections
Connecting to the Pega Cloud SFTP service
After compiling a list of public IP addresses and generating a public/private key pair, complete the following actions:
- Log in to your My Support Portal account.
- Click New Request, and then select For
Something I need to create a new request that includes the
public key and IP addresses that are already added to an allow list in the body
of the service request form.Clients must give a minimum advance notice of 5 business days for the request.
- The Pega Cloud Services team receives your service request then deploys the SFTP service.
- Pega Cloud Services sends a file containing the SFTP hostname, SFTP username,
and folder URL used to access the SFTP service. Pega requires that the hostname
and URL use the following format:
<SFTP hostname>:<client name/designation>.<project>.<type of environment[dev-test, staging, production]>.sftp.pegacloud.net
- Configure your SFTP client or SSH shell using the hostname, SFTP username, and
folder URL to interact with the Pega Cloud SFTP service. Any additional,
non-admin-level users can only access their unique sub-directory in the admin
account; the admin user can access to all the sub-directories of the standard users.
The Pega Cloud SFTP service security model supports multiple single-user access authentication using a private/public key pair. During client onboarding, Pega uses a client-provided public key to configure authentication to the service. All SFTP services in the subscription require an environment-specific key for Pega Cloud connectivity.
Data management considerations
Keep in mind the following file storage and data management guidelines:
- File storage utilization: The Pega Cloud SFTP service uses available Pega Cloud File Storage within the SFTP-dedicated pegacloudrepository directory according to the allocation that is specified in your Pega Cloud Services subscription.
- Data cleanup: You are responsible for managing your data files according to your enterprise best business practices by using the SFTP client of your choice.
To manage your files in the Pega Cloud File Storage repository, use the Repository API to interact with your files or configure a file listener to process your files. For details, see Pega Cloud File Storage.
- Pega Cloud SFTP service FAQ
To return to the overview article, see Pega Cloud SFTP Service.