Routing Connections Through the On-Premise Agent

The Files.com Agent provides a simple, secure way to connect your Files.com site to internal servers without needing VPNs, VPC peering, firewall openings, or network redesign. Customers use this feature when they need Files.com to access private infrastructure that cannot be exposed to the public internet. It solves the common challenges enterprises face when linking cloud systems to internal networks—complex connectivity requirements, long implementation timelines, and heavy maintenance overhead. Files.com designed this capability to deliver secure private connectivity at the application layer, removing the need for customers to manage complex networking or modify their existing infrastructure.

Traditionally, connecting a cloud service to an internal server requires VPNs, VPC peering, private endpoints, or inbound firewall rules. VPNs and VPC connections provide the secure, compliant, and controlled environment that enterprises require when linking cloud platforms with their internal systems. These private connections help organizations reduce security and compliance risks, align with strict internal IT and governance policies, maintain predictable performance and reliability, avoid exposing internal systems to the public internet, and protect sensitive data as it moves between environments. They allow companies to integrate cloud services without restructuring legacy systems, enabling smoother adoption of cloud technologies while meeting business, regulatory, and operational expectations. However, these approaches introduce operational complexity, long-term maintenance overhead, and additional security risk.

Agent-routed connections eliminate these requirements. The Agent establishes outbound connections only, which aligns with enterprise security models and reduces attack surface. No inbound firewall ports are required, and no private networking constructs need to be managed.

This design mirrors the architectural goals behind major cloud provider announcements, such as Amazon’s VPC and private connectivity initiatives, which focus on enabling cloud services to reach private infrastructure without exposing it publicly. Files.com delivers this capability directly at the application layer, without requiring customers to redesign their networks or deploy complex connectivity infrastructure.

How It Works

With Agent-routed connections, Files.com connects to the Agent, and the Agent establishes and maintains the connection to the internal server. All traffic flows outbound from the private network, which removes the need to open firewall ports or publish external endpoints.

SFTP Connections

The Files.com Agent can act as a secure SFTP proxy that routes SFTP Remote Server connections from your Files.com site to an internal, on-premise SFTP server. This capability allows Files.com to reach SFTP servers that live entirely inside private networks, without requiring those servers to be exposed to the public internet.

Prerequisites

To use Agent-routed SFTP connections, you must run a Files.com Agent on a system that can reach the internal SFTP server over the network.

The Agent host must have outbound access to the SFTP server on its configured port, typically TCP 22.

The Agent configuration must explicitly allow SFTP routing, and the internal SFTP server must accept connections from the Agent host.

You must also configure an SFTP Remote Server in Files.com that uses Agent routing.

Enable SFTP Routing on the Agent

Files.com enables SFTP routing through the Agent configuration file. Edit the configuration file and set the integrations value to include "sftp".

Save the change and restart the Agent so it can advertise SFTP routing support to your Files.com site.

Configuration example:

integrations = ["sftp"]

Once the Agent restarts, it becomes available for SFTP routing.

Configure an SFTP Remote Server to Use the Agent

After the Agent supports SFTP routing, configure the SFTP Remote Server in Files.com.

When creating or editing the Remote Server, enter the internal hostname or IP address of the SFTP server. Enable Agent routing and select the Agent that runs inside the same private network as the SFTP server.

From that point forward, Files.com routes all SFTP traffic for this Remote Server through the selected Agent.

Transfer Performance Boost

Agent-routed connections significantly improve transfer speed compared to direct legacy protocol based access. SFTP is a chatty, latency-sensitive protocol that performs poorly over long-distance or high-latency networks. By contrast, the Files.com Agent communicates with Files.com using an optimized transfer mechanism designed for high throughput and resilience.

Files.com transfers data quickly to the Agent, often at speeds far exceeding what SFTP can sustain over the public internet. The Agent then performs the SFTP transfer locally within your private network, where latency is low and bandwidth is abundant. This separation removes SFTP’s performance bottlenecks from the long-haul portion of the transfer.

Connection Behavior

When Agent routing is enabled, the Files.com platform never connects directly to the server. Files.com establishes a secure, high-performance connection to the Agent, and the Agent initiates a connection session to the internal server. The internal server does not require a public IP address and does not accept inbound connections from the internet.

Users and Automations interact with the Remote Server exactly as they would with any other integration. File transfers, directory listings, and metadata operations behave the same way, but transfers complete faster and more reliably.

Security Improvement

Agent-routed connections address common security concerns by keeping the internal server fully private. The server does not listen on the public internet and remains protected from scanning, brute-force attempts, and protocol-level attacks. All outbound connections originate from the Agent host, which you control inside your environment.

You maintain full control over which internal systems the Agent can access. Authentication, encryption, and access controls remain unchanged, and Files.com never requires inbound access to your private network.