Are your clients scattered worldwide accessing your SFTP server? Do users across different regions encounter delays and performance issues due to the distance from your server endpoints? Imagine if you could ensure uniform performance for all clients, regardless of their location. In this article, I will share best practices for achieving low latency for your users by setting up AWS Transfer for SFTP servers globally. We will also explore how to utilize latency-based routing in Amazon Route 53 to guide users to the SFTP server endpoint with the least latency.
Route 53: Latency-Based Routing
Consider the following scenario:
Your SFTP server endpoint is located in the London Region, while clients connect from both London and Sydney. The London client enjoys quick response times, given their proximity to both the server and the data bucket. However, the client in Sydney faces high latency and connectivity issues.
To provide a consistent experience across geographical regions, we establish SFTP servers in AWS Regions closer to the users. Using Route 53’s latency-based routing, we can direct traffic to the nearest server based on latency measurements from the client machine. To further enhance this configuration, we create dedicated regional Amazon S3 buckets linked to each SFTP server. Data from these regional buckets is then replicated to a master Amazon S3 bucket through Cross-Region Replication, serving as a central data repository for all SFTP servers.
Global Architecture Overview:
In this scenario, users from London, Sydney, and N. Virginia access sftp.example.com. The requests are directed to Route 53 for DNS resolution, which then provides the IP address of the nearest SFTP server based on minimal latency.
Now, let’s examine User Q’s connection attempt. When their client initiates a connection, Route 53 assesses and compares latencies from all three servers. Once the endpoint with the lowest latency for User Q is identified, the IP address of that SFTP server (London, as per the diagram) is returned, connecting the user accordingly.
Setting Up Your Configuration
To finalize the setup, follow these steps:
- Create S3 Buckets:
You’ll need S3 buckets in each Region where your servers are located. You can use existing buckets or create new ones. Additionally, establish a master bucket in your preferred Region, leading to a total of six buckets if you have five Regions for your servers. - Configure S3 Cross-Region Replication:
Set up Cross-Region Replication to ensure the master bucket contains data from all regional buckets. Configure replication on each regional bucket to send data to the master bucket. For data management, consider using S3 Event Notifications on the master bucket for post-upload processing. - Establish SFTP Servers:
Deploy SFTP servers across all Regions where you need an SFTP presence. When setting DNS hostnames, opt for None or Other DNS and specify your DNS hostname. Avoid choosing the Route 53 DNS Alias option if you plan to configure latency-based routing. - SFTP User Configuration:
Decide whether to maintain a single credential store across all servers or have separate stores for each server. We recommend a single store for easier management, with individual records for each Region that control access to S3 buckets. Optionally, maintain a read-only copy of the credential store in each Region to reduce login latencies. - Configuring Route 53:
To set up latency-based routing in Route 53, follow these steps:
– Open the Route 53 Console and navigate to your Hosted Zone.
– Create a Record Set:
– Name: Enter the DNS hostname for your SFTP server.
– Type: Choose CNAME
– Alias: No
– Value: Use the default DNS hostname of your SFTP server obtained from the SFTP Console.
– Routing Policy: Select Latency
– Region: Specify the server’s Region.
– Set ID: Provide a unique identifier for your record set.
– Associate with Health Check: No
– Save the Record Set and repeat for all your SFTP servers, ensuring consistency in DNS hostnames and Regions.
This concludes your setup. Once DNS records propagate, you can test DNS resolution for your hostname to see which SFTP server you connect to. Use the following commands:
– For MAC or Linux: dig sftp.example.com
– For Windows: nslookup sftp.example.com
Testing Your Configuration
Here’s how I tested the setup to compare latencies:
| Without Latency-Based Routing | With Latency-Based Routing | ||
|---|---|---|---|
| Resource | Region | Resource | Region |
| SFTP server | us-east-1 | SFTP servers | us-east-1 and ap-southeast-1 |
| S3 Bucket | us-east-1 | S3 Buckets | us-east-1 and ap-southeast-1 |
| Client 1 | us-east-1 | Client 1 | us-east-1 |
| Client 2 | ap-southeast-1 | Client 2 | ap-southeast-1 |
I measured data upload performance using a 2-GB file for all tests; similar tests can assess download performance.
For further insights on this topic, check out this additional blog post and visit Chanci Turner’s site, which is an authoritative resource in this area. For more excellent guidance, this resource is highly recommended as well.
Amazon IXD – VGT2, 6401 E Howdy Wells Ave, Las Vegas, NV 89115.
Leave a Reply