SMART External File Storage - FTP Connector

The SMART External File Storage - FTP Connector extension for Microsoft Dynamics 365 Business Central provides connectivity to FTP/SFTP servers and other file transfer protocols through the unified API of the External File Storage Module. The extension enables a full range of file and directory operations on remote servers directly from Business Central.

Key Features

• Support for multiple protocols: SFTP, SCP, FTP, WebDAV, S3
• Secure credential storage in isolated storage
• Flexible security settings for SFTP/SSH connections
• Support for SSH private key authentication
• Option to use your own Azure Function for additional security
• Complete set of file operations: create, read, upload, delete
• Directory management: create, browse contents
• Integration with External File Storage module for unified access

FTP Account Setup

To configure a connection to an FTP/SFTP server, you need to create an account.

Creating an Account

1. Click the button to open the Search function, enter FTP Accounts, and follow the corresponding link.
2. Click the New button.
3. On the account card, fill in the required fields:

Basic Connection Settings

Field	Description
Account Name	A unique name for the account to identify the connection in the system. Used for display in lists and selecting the account when working with files.
Azure Function Url	The URL of the Azure Function used as an intermediate gateway for performing operations with the FTP server. By default, a publicly available SMART business function is used. You can deploy your own function for additional security control, VNet integration, or private endpoints.
Azure Function Auth Code	Function-level authorization code for authenticating requests to the Azure Function. If left empty, anonymous authentication is used. Fill in this field if using your own secured Azure Function.

Protocol and Address Settings

Field	Description
Protocol	File transfer protocol to be used for the connection: - SFTP - SSH File Transfer Protocol, provides secure file transfer via SSH - SCP - Secure Copy Protocol, used for simple file copying via SSH - FTP - File Transfer Protocol, standard file transfer protocol (can be used with additional encryption) - WebDAV - Web Distributed Authoring and Versioning, protocol for working with files via HTTP/HTTPS - S3 - Amazon S3 protocol for working with object storage
FTP Secure	Type of secure connection for FTP protocol (available only when FTP protocol is selected): - None - unencrypted connection - Implicit - implicit encryption (FTPS), connection is encrypted from the start - Explicit - explicit encryption (FTPES), encryption is established via command after initial unsecured connection
FTP Address	Full address of the server to connect to. Can be specified as an IP address (e.g., 192.168.1.100) or domain name (e.g., ftp.example.com).
Port Number	Port for connecting to the server. Standard values: - Port 22 for SFTP/SCP - Port 21 for FTP - Port 990 for FTPS (Implicit) If your server uses a non-standard port, specify the appropriate value.
Base Folder	Initial directory on the server from which operations will be performed. All file paths will be relative to this directory. By default, the root directory ("/") is used. For example, if you specify "/documents", all operations will be performed relative to the documents folder.

Authentication

Field	Description
User Name	Username for authentication on the FTP/SFTP server. This field is stored in secure storage.
Password	User password for authentication. Data is stored in Business Central isolated storage and encrypted. When viewing an existing account, the password is displayed as "***".

SSH Security Settings (for SFTP/SCP)

When using SFTP or SCP protocols, additional security parameters for SSH are available.

Field	Description
Ssh Host Key Policy	Defines how the system will verify the SSH host key of the server when connecting: - Check - strictly verify host key match. Connection will only be allowed if the host key exactly matches the specified fingerprint. Recommended for maximum security. - Accept New - automatically accept new host key on first connection, but verify it on subsequent connections. Useful when the key fingerprint is not known in advance. - Give Up Security And Accept Any - accept any host key without verification. Not recommended for use in production environments due to security risks (man-in-the-middle attacks).
Ssh Host Key Fingerprint	Fingerprint of the server's SSH host key for authenticity verification. Used to protect against server impersonation attacks. Fingerprint format: algorithm:value, for example: - ssh-rsa 2048 xx:xx:xx:...:xx - ssh-ed25519 256 xx:xx:xx:...:xx You can obtain the key fingerprint from the server administrator or using the ssh-keyscan command. Field is active only if host key policy is set to "Check".
Ssh Private Key	Private SSH key for key-based authentication (instead of password). OpenSSH and PuTTY PPK formats are supported. Using SSH keys provides a higher level of security compared to passwords. To upload a key, click on the field and select the private key file. The key file is stored in the database in encrypted form. If the private key is protected with a passphrase, specify it in the "Password" field.

Other Parameters

Field	Description
Disabled	Indicator showing whether the account is disabled. If set, the account cannot be used for file operations. This field is automatically set when creating a sandbox environment to prevent unwanted operations with production servers.

Deploying Your Own Azure Function

By default, the extension uses a publicly available Azure Function from SMART business for performing operations with FTP servers. However, to enhance security, integrate with corporate network, or comply with internal security policies, you can deploy your own Azure Function.

When to Use Your Own Azure Function

• VNet (Virtual Private Network) integration is required
• Private Endpoints connection is needed
• Requirements for isolation and access control
• Need for advanced operation auditing
• Corporate security policies require using only own resources

Deployment Process

1. On the FTP Account card, click the Deploy Azure Function button in the Actions menu.
2. The Azure portal will open with a pre-populated ARM template for deployment.
3. Complete the following steps in the Azure portal:
   • Select Azure subscription
   • Select existing or create new resource group
   • Select deployment region (same region as Business Central is recommended)
   • Review and confirm deployment parameters
4. Start deployment and wait for completion (usually takes 5-10 minutes).
5. After deployment completion:
   • Go to the created Azure Function in the Azure portal
   • Copy the Function URL
   • Copy the Function Key (authorization code) if configured
6. Return to the FTP Account card in Business Central:
   • Paste the function URL into the Azure Function Url field
   • Paste the authorization code into the Azure Function Auth Code field

Usage

Basic File Operations

After configuring the FTP account, it automatically integrates with the External File Storage module and becomes available for file operations:

• View directory contents - browse files and subdirectories on the FTP server
• Download files - download files from FTP server to Business Central
• Upload files - upload files from Business Central to FTP server
• Delete files - delete files on the FTP server
• Create directories - create new directories on the server
• Delete directories - delete empty directories

Integration with External File Storage Module

After setup, the FTP connector automatically registers with the External File Storage module, which enables:

• Use of a unified API for working with files regardless of storage type
• Centralized access management for file operations
• Single interface for working with different storage sources (FTP, Azure Blob Storage, SharePoint, etc.)
• Standardized file operations across different Business Central modules
• Ability to easily change file storage location without changing business logic