Accessing Windows Azure storage using FTP

by Shijaz Abdulla on 25.02.2013 at 23:03

You can access the Windows Azure blob storage by setting up an FTP server connected to it. For this you will need to create a Windows Azure VM running Windows (or Linux for that matter) that will host the FTP service. Each VM gets its own public IP and DNS name on the internet which you can use to access your FTP service.

In this example, I will show you how you can create a Windows Server VM on Windows Azure and configure it as an FTP server.

Besides the method described above, there are also other options such as using open source software like FTP2Azure

1. First create a Windows Server VM on Windows Azure. I used Windows Server 2012.


2. Connect via RDP to the newly provisioned VM and install the Web Server (IIS) role. Make sure you enable the FTP Server role services for the IIS role. I am assuming you already know how to add roles to your Windows Server and use the Remote Desktop client on your computer.

3. Create FTP site on IIS: Open the IIS Manager console, right click on Sites, and choose Add FTP Site. Specify the FTP Site Name and Local Path for the FTP site. Click Next. Specify binding and SSL information. Hit Next. Specify authentication options, click Finish.

This is just a test environment, so I’m just going to use the local administrator account for FTP login. Of course, in production you wouldn’t want to do that for security purposes.



4. Open a Command Prompt, use the ftp command to see if you can connect locally on port 21. (You could also use telnet)


You should get something like this:

Connected to
220 Microsoft FTP Service

5. Set External IP address on your IIS FTP server. This should be the public IP of your Azure VM service. You will find this IP listed on the right side of the VM service page on the Windows Azure Management Portal.


6. Enabling ports for FTP access on Windows Azure:

For Active FTP, you only need ports 21 and 20 to be opened. However for Passive FTP you will need to define a range of ports on the IIS FTP server and open them in Windows Azure, by defining them as “endpoints”.

a) First, define the port range on IIS using an elevated Command line using APPCMD utility, located at the System32\inetsrv in the Windows folder.

cd %windir%\system32\inetsrv

appcmd set config /section:system.ftpServer/firewallSupport /lowDataChannelPort:7000 /highDataChannelPort:7014

Then restart the IIS service.


In this example, we are defining the port range as 7000-7014.

b) Now you need to define these port numbers as endpoints on Windows Azure. You could do it manually in the Windows Azure management portal, one by one. You do this by going to Virtual Machines > [Your VM] > Endpoints. However, defining 15 points manually is rather tedious, so you can leverage PowerShell commands.

To use PowerShell, you need to make sure you download and install Windows Azure PowerShell on your computer. Before you can use PowerShell cmdlets on Azure, you need to publish the settings file for your Azure account. You can use the Get-AzurePublishSettingsFile cmdlet, which will help you download the actual settings file that corresponds to your Windows Live ID associated with your Azure account.

After you download this settings file, you can import it to PowerShell by using the Import-AzurePublishSettingsFile cmdlet and you’re good to go.

To create the endpoints, use the command:

Get-AzureVM -ServiceName ‘ServiceName’ -Name ‘FTPPortalName’ | Add-AzureEndpoint -Name ‘FTP00’ -Protocol ‘TCP’ -LocalPort 7000 -PublicPort 7000 | Update-AzureVM

Get-AzureVM -ServiceName ‘ServiceName’ -Name ‘FTPPortalName’ | Add-AzureEndpoint -Name ‘FTP01’ -Protocol ‘TCP’ -LocalPort 7001 -PublicPort 7001 | Update-AzureVM

…and so on till you’re done with the 15 endpoints…

Get-AzureVM -ServiceName ‘ServiceName’ -Name ‘FTPPortalName’ | Add-AzureEndpoint -Name ‘FTP14’ -Protocol ‘TCP’ -LocalPort 7014 -PublicPort 7014 | Update-AzureVM


Once the commands are done executing, here is what you will have in the portal now that all endpoints have been defined:


7. Configure Windows Firewall to allow FTP traffic

Open an elevated command prompt on your server and issue the following command:

netsh AdvFirewall set global StatefulFTP enable

Then, restart the FTP service.

net stop FTPsvc
net start FTPsvc

8. Test externally

From your PC, open a command prompt and attempt to connect via FTP on the your VM’s public DNS name or public IP address (details will be on the Azure portal VM service details on the right side)

For example:


If you are successfully able to connect, you are all set! Fire up your favorite FTP client and you can now use FTP to upload and download files from new VM hosted on Windows Azure.

Trackback Permanent Link

2 Responses to Accessing Windows Azure storage using FTP

Leave a Reply