diff --git a/docs/services/mft/quickstart.md b/docs/services/mft/quickstart.md
index 6904e50ba..1d0fc5294 100644
--- a/docs/services/mft/quickstart.md
+++ b/docs/services/mft/quickstart.md
@@ -6,7 +6,7 @@ The EIDF MFT can be accessed at [https://eidf-mft.epcc.ed.ac.uk](https://eidf-mf
## How it works
-The MFT provides a 'drop' zone for the project. All users in a given project will have access to the same shared transfer area. They will have the ability to upload, download, and delete files from the project's transfer area. This area is linked to a directory within the projects space on the shared backend storage.
+The MFT provides a 'drop zone' for the project. All users in a given project will have access to the same shared transfer area. They will have the ability to upload, download, and delete files from the project's transfer area. This area is linked to a directory within the projects space on the shared backend storage.
Files which are uploaded are owned by the Linux user 'nobody' and the group ID of whatever project the file is being uploaded to. They have the permissions:
Owner = rw
@@ -19,3 +19,6 @@ Once the file is opened on the VM, the user that opened it will become the owner
By default a project won't have access to the MFT, this has to be enabled. Currently this can be done by the PI sending a request to the EIDF Helpdesk.
Once the project is enabled within the MFT, every user with the project will be able to log into the MFT using their usual EIDF credentials.
+
+Once MFT access has been enabled for a project, PIs can give a project user access to the MFT.
+A new 'eidf-mft' machine option will be available for each user within the portal, which the PI can select to grant the user access to the MFT.
diff --git a/docs/services/mft/sftp.md b/docs/services/mft/sftp.md
deleted file mode 100644
index bd7b2cc9e..000000000
--- a/docs/services/mft/sftp.md
+++ /dev/null
@@ -1,3 +0,0 @@
-# SFTP
-
-Coming Soon
diff --git a/docs/services/mft/using-the-mft.md b/docs/services/mft/using-the-mft.md
index 4fb7a25e8..8b7429960 100644
--- a/docs/services/mft/using-the-mft.md
+++ b/docs/services/mft/using-the-mft.md
@@ -1,6 +1,6 @@
# Using the MFT Web Portal
-## Logging in
+## Logging in to the web browser
When you reach the MFT [home page](https://eidf-mft.epcc.ed.ac.uk) you can log in using your usual VM project credentials.
@@ -21,3 +21,27 @@ File egress can be done in the reverse way. By placing the file into the project
Directories can be created within the project transfer directory, for example with 'Import' and 'Export' to allow for better file management.
Files deleted from either the MFT portal or from the VM itself will remove it from the other, as both locations point at the same file. It's only stored in one place, so modifications made from either place will remove the file.
+
+## SFTP
+
+Once a project and user have access to the MFT, they can connect to it using SFTP as well as through the web browser.
+
+This can be done by logging into the MFT URL with the user's project account:
+
+ ```bash
+
+ sftp [EIDF username]@eidf-mft.epcc.ed.ac.uk
+
+```
+
+## SCP
+
+Files can be scripted to be upload to the MFT using SCP.
+
+To copy a file to the project MFT area using SCP:
+
+```bash
+
+ scp /path/to/file [EIDF username]@eidf-mft.epcc.ed.ac.uk:/
+
+```
diff --git a/docs/services/virtualmachines/policies.md b/docs/services/virtualmachines/policies.md
index c526f030e..621e36ed7 100644
--- a/docs/services/virtualmachines/policies.md
+++ b/docs/services/virtualmachines/policies.md
@@ -39,3 +39,14 @@ We strongly advise that you keep copies of any critical data on an alternative s
## Patching of User VMs
The EIDF team updates and patches the hypervisors and the cloud management software as part of the EIDF Maintenance sessions. It is the responsibility of project PIs to keep the VMs in their projects up to date. VMs running the Ubuntu and Rocky operating systems automatically install security patches and alert users at log-on (via SSH) to reboot as necessary for the changes to take effect. They also encourage users to update packages.
+
+## Customer-run outward facing web services
+
+PIs can apply to run an outward-facing service; that is a webservice on port 443, running on a project-owned VM. The policy requires the customer to accept the following conditions:
+
+Agreement that the customer will automatically apply security patches, run regular maintenance, and have named contacts who can act should we require it.
+Agreement that should EPCC detect any problematic behaviour (of users or code), we reserve the right to remove web access.
+Agreement that the customer understands all access is filtered and gated by EPCC’s Firewalls and NGINX (or other equivalent software) server such that there is no direct exposure to the internet of their application.
+Agreement that the customer owns the data, has permission to expose it, and that it will not bring UoE into disrepute.
+
+Pis can apply for such a service on application and also at any time by contacing the EIDF Service Desk.
diff --git a/mkdocs.yml b/mkdocs.yml
index 166fe6d33..d5b1f2964 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -45,10 +45,6 @@ nav:
- "Virtual Desktop Interface": access/virtualmachines-vdi.md
- "SSH Access to VMs": access/ssh.md
- "VM Flavours": services/virtualmachines/flavours.md
- #- "Managed File Transfer":
- # - "Quickstart": services/mft/quickstart.md
- # - "Using the MFT": services/mft/using-the-mft.md
- # - "SFTP": services/mft/sftp.md
- "Policies": services/virtualmachines/policies.md
- "Cerebras CS-2":
- "Get Access": services/cs2/access.md
@@ -85,6 +81,9 @@ nav:
- "Tutorial": services/s3/tutorial.md
- "Data Catalogue":
- "Metadata information": services/datacatalogue/metadata.md
+ #- "Managed File Transfer":
+ # - "Quickstart": services/mft/quickstart.md
+ # - "Using the MFT": services/mft/using-the-mft.md
- "Safe Haven Services":
- "Overview": safe-haven-services/overview.md
- "Network Access Controls": safe-haven-services/network-access-controls.md