The Pega Cloud SFTP service allows you to securely exchange files between your enterprise and your Pega Platform applications running in Pega Cloud. The service automatically accesses your application data in your Pega Cloud File storage repository.
The Pega Cloud SFTP service provides the following features and functionality:
- Direct and secure mapping of your SFTP connection to or from your Pega Cloud File storage repository. To review the benefits and file management details, see Using Pega Cloud File storage.
- Static IP addresses that do not change for the life of the service, which eliminates the need for you to add a broad range of IP addresses to a list of allowed connections for the service.
- New Pega Cloud deployments as of 17 November 2021 provide an SFTP service with one SFTP server for each client subscription that supports all your environments deployments, such as DevTest, Staging, and Production. Pega Cloud services continues to support existing client subscriptions that provide your SFTP service with a unique URL for each environment until you reach a service version that requires a migration of your service to the newer SFTP service. Pega Cloud services support will communicate with you well in advance of any migration plan for your service.
- Clients connect securely to your SFTP clients service in Pega Cloud from your enterprise data center over the Internet using your preferred SFTP connection method. Pega Cloud services does not support using private connectivity options.
- Admin user and, if requested, up to 10 additional standard-user credentials with unique file directories within your Pega Cloud File storage repository. To add users, clients need to request Pega Cloud services to add access for any additional users with a minimum notice of five business days in advance for the request.
- Bulk data processing through file listeners in your Pega Cloud environment applications or integration with Pega Business Intelligence Exchange™ data extracts to your Pega Cloud File storage repository until you remove it.
Client responsibilities include the following actions:
- You install your preferred SFTP or SSH client to connect to the Pega Cloud SFTP service.
- You generate the public/private key pair for each user that you create for the Pega Cloud SFTP service to use with your preferred SSH client.
- You enable one or more users in your Pega Cloud
subscription to authenticate and then connect to your SFTP service. To allow
these additional users, the admin user of the service needs to submit a
request in My Support Portal by selecting
New request and include the following information
for each additional user of the SFTP service:
- At least one public key to assign to the default admin user.
- A list of IP addresses or IP address ranges to add to an allow list for the Pega SFTP service.
- Optional: Unique user names to assign to each additional user.
- Optional: Unique name of the directories for each additional user.
- Optional: Public key for each additional user that you
want to access the service.
Note: Give a minimum notice of five business days in advance for Pega Cloud to complete your request.
- You ensure that your developers are informed of and adhere to your organization’s internal security practices pertaining to protecting or masking sensitive data used within your Pega application. To secure your data, review and implement the best security practices as outlined in Security Checklist when deploying on Pega Cloud.
- You add the static IP for the Pega SFTP server to an allow list through your enterprise firewall that Pega Cloud services provides, for requests to implement a static IP address.
Pegasystems responsibilities include the following actions:
- Integrate the SFTP service with all of your Pega Cloud environments.
- Authenticate the SFTP service using the public keys that you provided.
- Provide you with the following information to connect to the SFTP
- Pega SFTP hostname
- Top-level SFTP directory within the Pega Cloud File storage pegacloudrepository folder
- Admin username
- Admin key
- Optional: Additional user access, based on username, as requested by the client
- Optional: Unique SFTP sub-directory for each username as requested by the client
- Optional: Unique key associated with each additional user as requested by the client
Note: If you request only one user, that user as admin privileges with access to the top-level directory of the SFTP folder in the Pega Cloud File storage repository. It is unnecessary for the admin user to specify an additional directory name.
- Encrypt data-in-transit by using SSH and data-at-rest based using an environment-specific key.
- Deploy the SFTP service with the public key and public IP addresses that you provided.
- Provide you the static IP address of the SFTP server for you to add to a list of allowed connections for requests to implement a static IP address.
Connecting to the Pega Cloud SFTP service
After compiling a list of public IP addresses and generating a public/private key pair, complete the following actions:
- Log in to your My Support Portal account.
- Click New Request, and then select For
Something I need to create a new request that includes the
public key and IP addresses that are already added to an allow list in the body
of the service request form.
Note: Clients must give a minimum advance notice of 5 business days for the request.
- Pega Cloud services receives your request then deploys your Pega Cloud SFTP service.
- Pega Cloud services sends you a file that contains the SFTP hostname, SFTP username, and folder URL used to access the SFTP service.
- Configure your SFTP client or SSH shell with the hostname, SFTP username, and folder URL to interact with the Pega Cloud SFTP service. Any added, non-admin-level users can access only their unique sub-directory in the admin account. The admin user can access all the sub-directories of the standard users.
The Pega Cloud SFTP service security model supports multiple single-user access authentication using a private/public key pair. During client onboarding, Pega Cloud uses a client-provided public key to configure authentication to the service. All SFTP services in the subscription require an environment-specific key for connectivity to your Pega Cloud environment.
Data management considerations
As a best practice, use the following file storage and data management guidelines:
- File storage utilization: The Pega Cloud SFTP service uses Pega Cloud File storage that is available within the SFTP-dedicated pegacloudrepository directory according to the allocation that is specified in your Pega Cloud subscription. For more information, see Using Pega Cloud File storage.
- Data cleanup: You are responsible for managing your data files according to your enterprise best business practices by using your preferred SFTP client.
- To manage your files in the Pega Cloud File storage repository, use the Repository API to interact with your files or configure a file listener to process your files. For more information, see Using Pega Cloud File storage.
Pega Cloud SFTP service FAQ
Consider these Frequently Asked Questions (FAQ) to become familiar with common inquiries about the Pega Cloud SFTP service.
Pega Cloud supports the use of the Pega Cloud SFTP service in DevTest, Staging, and Production environment deployments. Neither Deployment Manager and Agile Studio environments supported the use of the service.Can I access data files associated with the Pega Cloud SFTP service in one environment (for example, prod1) from another environment (for example, prod1)?
No. Pega Cloud provisions environments to completely isolate data file storage by environment; therefore, files managed by the SFTP service in one environment are not accessible by other environments, including environments of the same type (for example, dev1, dev2).Can I use files from my production environment's SFTP service in my DevTest or Staging environments?
No. You cannot access files directly from a different Pega Cloud environment in your subscription. However, you can use an SFTP client to manually download files from one environment and then use it to upload the same files to a different environment's SFTP server.Does the Pega Cloud SFTP service support multiple users?
Yes. Pega Cloud provides one admin-level user and, if requested,
up to 10 additional non-admin level users for each environment. The SFTP service
allows each user with their own client-provided individual public keys to connect to
a unique file directory for that environment. Each user can access, add, or delete
files in the
/sftp sub-folder in their unique file directory.
For information about howPega Platform maps to repository records
in Pega Cloud File storage, see Using Pega Cloud File
Yes. You can use your preferred SFTP client to upload or download files in your user's unique file directory.Can I create additional sub-folders in the Pega Cloud SFTP service folder path?
Yes. Pega Cloud supports three methods to create sub-folders in your SFTP service folder path:
You can create additional sub-folders by using your preferred SFTP client. When you use your preferred SFTP client to create additional sub-folders in your user folder, the functionality depends upon the capabilities of your SFTP client and are limited to the unique file directory of each user.
- You can request that Pega Cloud to create the sub-folders. To do so, you must make a request for Pega Cloud support by selecting New request in My Support Portal specifying the new sub-folder name you want added to your Pega Cloud SFTP folder path. For information about requesting Pega Cloud to create multiple users with their own sub-folders, see the previous question Does the Pega Cloud SFTP service support multiple users?
You can create additional sub-folders with Pega Platform by using with the following methods:
- Create the new sub-folder by using the Pega-provided datapage
- In the navigation pane of Dev Studio, go to .
- In the Data Page instance list, filter the Page Name column for D_pxNewFolder and then select it.
- In the Actions list, select Run.
- In the Run Data Page: New Folder dialog
window, specify your new sub-folder by entering the following
- In the repositoryName field, enter pegacloudrepository.
- In the folderPath field, enter your non-admin user folder path appended with your new sub-folder name. For example, to create the new sub-folder new_folder, enter sftp/user1/new_folder.
- In the Run Data Page: New Folder dialog box,
For more information about Pega repository APIs, see Using repository APIs in your application.
- To accommodate a BIX extraction you can create a file folder within the
/bixdirectory and then specify it as the target for your extract files. For more information, see Creating and running an Extract rule.
- Create the new sub-folder by using the Pega-provided datapage D_pxNewFolder.
Yes. All Pega Cloud SFTP data transfers (data-in-transit) are encrypted by using SSH
and data-at-rest is encrypted based on an environment-specific key.
The Pega Cloud SFTP service is a highly-available robust service that is resilient to failures and monitored for stability by the 24/7 operations team. All files and folders are preserved across failures.I accidentally deleted a file from the Pega Cloud SFTP service. Can it be restored?
You can recover files you delete from any folder in the pegacloudrepository record within 30 days of deletion.
For more information about recovering deleted files from your SFTP folder in Pega Cloud File storage, see the section,
Recovering deleted Pega Cloud File storage
files in the article Using Pega Cloud File storage.
Can I customize the folder names provided by the Pega Cloud SFTP service?
Currently, there is no support to rename existing folders.Can I have a custom domain configured for the Pega Cloud SFTP service?