What is FTP?
FTP stands for File Transfer Protocol. A protocol is a system of rules that networked computers use to communicate with one another. FTP is a client-server protocol that may be used to transfer files between computers on the internet. The client asks for the files and the server provides them. Its default port is 21.
What is FTPS?
File Transfer Protocol with SSL Security (FTPS) is an extension to the FTP protocol that adds Secure Socket Layer (SSL)/Transport Layer Security (TLS)-based mechanisms/capabilities on a standard FTP connection.
It mainly enables performing or delivering standard FTP communication on top of an SSL-based security connection. FTPS is also known as FTP Secure. Its default port is 990.
FTPS is delivered in two different forms:
- Explicit FTPS -- Selected parts or components for communication are encrypted.
- Implicit FTPS -- All communications are encrypted
Ø In the Installation type screen select the role based or feature based installation (by default this option is selected) and click on next
Ø In the server selection screen select the server from the server pool and click on next
Ø In the server roles select the Web Server Roles from list, it prompts to add required features for web server, click on add features and click on next
Ø On the features page just click on next
Ø On the Web Server Roles (IIS) page just review and click on next
Ø On the Roles services we need to add more features, so select Basic Authentication under Security and FTP Server check box and click on next
Ø In this page review and click on install button to install the Web Server.
Ø It takes few minutes to complete the installation. After installation a yellow warning appear on top of flag, so go to that place, click on it and close it to finish the process.
Ø To create the FTP user, open the Control Panel
Ø Select the User Account under control panel dashboard
Ø Click on Add a User Account here
Ø Type user name, password, confirm password and password hint and click on next and finish.
Installation of Server Certificates and assign that Certificates for FTP services to allow secure access to server. For this we need to follow below steps for successful installation of server certificates.
Ø Login into Server and open the server manager
Ø Select the Add roles and Features under configure this local server
Ø On this screen review the page information and click on next
Ø On installation type page select roles based and features based installation and click on next
Ø On the server selection page select the server from server pool and click on next
Ø On the server role select the Active Directory Certificate Services, it prompts to add required features, add this features and click on next
Ø In select features page nothing to do just click on next
Ø In Active Directory Certificates Services review the page information and click on next
Ø In the roles services by default Certificate Authority is selected, if not select it and click on next
Ø Review the confirmation page and click on install button. A yellow sign will appear on top (sign of flag), under this shows post deployment configure click on Active Directory Certificate Services on destination server.
Ø On credentials page you will see server-name\Administrator, it gives information that you must have privileges on above groups to install and configure it after reviewing click on next
Ø On the Roles Services to configure select the Certification Authority and click on next
Ø On setup type page we need to select setup type of CA (Certificate Authority), by default Standalone selected, if not select it and click on next
Ø In this page select the Root CA and click on next
Ø In private key page select the option to create a new private key and click on next
Ø In Cryptography for CA page, by default RSA# Microsoft Software Key Storage Provider, key length (2048) selected, leave the default selection and click on next
Ø In this page specify the CA name, by default Server Name is selected, review it and click on next
Ø In the Validity page you can define the validity period in years or months or weeks, by default 5 years selected, leave the default selection and click on next
Ø In this page configure the database locations and click on next
Ø On the confirmation page you can see all the previous selection that you have selected, click on configure button to configure the certificate. After configuration close the page.
Configuration of Certificates for FTP
The purpose of configuration of certificates that all the traffic or files transfer between the server and client will be encrypted form and secure.
We need to follow below step to configure the certificates to assign SSL on FTP account.
Ø Open the server manager, go to top right and under Tools select Internet Information System (IIS)
Ø In the IIS Manager, select the Server name, in center pane select the server certificate under IIS and double click on it
Ø Here you can see that server certificate is available in center pane
Ø Click on IIS Server Manager, double click on FTP SSL settings to open SSL configuration page, here select the server certificate, click on advance, set up advanced SSL Policy by selecting require only for credentials under control channel and select allow in Data Channel, click on ok and finally click on apply button on top right in Action pane.
Ø For creation of FTP we need to create FTP folder also in drive. We can create folder in any drive, for best create except C drive (C drive contains operating system). In our case we created in C drive as only drive is available.
Ø Now open IIS Manager, expand the IIS server, and right click on Sites and select Add FTP Site
Ø In this step give the FTP Site name, select the physical path of site and click on next
Ø In this step select the binding IP address, select require SSL and click on next
Ø In this step select basic authentication box, in allow access option select the specified users, type the user name, select the check box in read and write to give permission to above selected user and click on finish button.
Ø After creating the FTP site we need to assign the SSL setting for this. Click on newly created FTP Site (FTP1), in center pane double click on FTP SSL Setting, make sure server certificate is selected, click on advanced select require SSL only for credentials and then select allow in Data Channel, and click ok. After that click on apply button in Alerts as shown in figure
Ø Again go back to IIS Manager, select the Server, and double click on FTP Firewall Support in FTP center pane to open it. Give the port range, assign the public IP in external IP of Firewall section and click on apply button to finish it.
To allow access from outside network we need to open FTPS port in windows internal firewall so that server and client can communicate with each other.
Ø Login into Windows Server and open control panel and then click on Windows Firewall
Ø In this step click on Advanced Settings under the Control Panel home in left side and then select Inbound Rules
Ø In this step click on New Rule under Actions pane, select port option in Rule type and click on next button
Ø In this step select the TCP and specified local ports (990) and click on next
Ø In the Action page by default Allow the connection is selected, no need to change just click on next
Ø In Profile page by default all three Domain, Private and Public options are selected, no need to change just click on next button
Ø In this step we need to type the name of allowed port (like in this case FTP SSL Port) and click on finish button. Now port allowed in firewall settings has been done.
Ø To allow more ports just follow the above steps that we did. After that you must allow these ports on Router/Firewall what-ever you are using in your Data Center. If you are using cloud open thee ports in Security Groups on Cloud (Name may be different but purpose is same).