cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Does Serv-U supports offload SFTP Encryption

Hi

Does Serv-U MFT supports SFTP Encryption offload at the NetScaler Load Balancer?

2 Serv-U MFT Servers are behind a Citrix Netscaler Load Balancer.

Client connects to netscaler load balancer with the SSH key then netscaler passes the traffic non encrypted traffic directly to the Serv-U server

0 Kudos
4 Replies

Hi marvin.tomelden​,

I cannot confirm if Serv-U supports SFTP encryption offload at a NetScaler Load Balancer, however I can confirm that it can be achieved... Is there any reason why you would want the NetScaler to pass the traffic non-encrypted rather than continuing the encryption all the way through to Serv-U or is that the current situation that you are trying to get away from?

Are you using Serv-U Gateway or any additional software with MFT?

-Midnight

0 Kudos

Hi Midnight

Thanks for the response. I have a customer that would like to implement SFTP over SSH for a new MFT domain.

They are planning to Load Balance their 2 MFT Serv-U Servers behind a Citrix NetScaler Load Balancer

So the client connects to netscaler with the SSH key then netscaler passes the traffic non encrypted traffic directly to the server.

The customer doesn't have Serv-U Gateway. Only the 2 MFT Serv-U servers.

regards

Marvin

Hi Marvin

Yes I think this is my support call

I worked with citrix late last week to attempt SSL Offload, spent over 2 hrs with them

This is their response

As discussed yesterday, we could confirm that the requirement to do the SSL Offloading for SFTP over SSH is not feasible requirement (or a feasible use case) to achieve on NetScaler. It is confirmed that we were able to make the Setup working with TCP protocol on port 22. You can also refer to this article for your reference: https://www.ssh.com/ssh/sftp/

Thank you and as discussed, I will archive this case for now.

Thanks

Hi, I have asked the same question of Citrix and am hoping they can assist (netscaler is their product, another reverse proxy)

The reasoning behind offloading the encryption traffic is to enable accelaration, and have the appliance perform the encryption/decryption rather than server - ie performance

I am testing this concept in a test environment, so far no luck with connecting a client

Citrix article suggest passing through the SSH traffic to the server

Secure FTP Communications and NetScaler Appliance