Archive for the ‘FileCloud’ Category

Use FileCloud ServerSync to Migrate Local File Server Data (NFS/SMB) to S3 Cloud Storage

Public and private clouds are great tools to enable anywhere, anytime access to files and records. However, many organizations and businesses still need their on-premises network storage, which provides more options for admin security, control, and data sovereignty.

Across the public and private sector, these organizations are turning to hybrid solutions to leverage the benefits of both cloud and on-prem infrastructure. Not only do these hybrid solutions provide more flexibility for remote employees, they also ensure organizations are able to meet privacy and security requirements, while facilitating collaboration between internal and external partners and teams.

However, every organization has different requirements when it comes to divvying up the data over a hybrid environment and may also be using different tools and technologies to host their data.

Common Infrastructure Components for a Hybrid Cloud Environment

The IT infrastructure involved will inform the constraints and possibilities of a hybrid environment. Different cloud services provide integrations with various on-prem tools or technologies, and the specific organization and management of data will also influence which solutions are deployed.

Linux NFS Server

Network File Sharing (NFS) is a protocol that allows you to share directories and files with other Linux clients over a network. Shared directories are typically created on a file server, running the NFS server component. Users add files to them, which are then shared with other users who have access to the folder.

An NFS file share is mounted on a client machine, making it available just like folders the user created locally. NFS is particularly useful when disk space is limited, and users need to exchange public data between client computers.

SAMBA (SMB) Server

Samba is an open-source implementation of the Server Message Block (SMB) protocol. It allows the network data access between Windows, Linux, UNIX, and other operating systems, by enabling access to Windows-based file and printer shares. Samba’s use of SMB allows it to appear as a Windows server to Windows clients. It has the added advantage of being accessible by Linux, Unix and Mac users.

S3 Storage

Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.

Amazon S3 can store any type of object, which allows uses like storage for Internet applications, backups, disaster recovery, data archives, data lakes for analytics, and hybrid cloud storage.

FileCloud’s ServerSync Provides an Enterprise-Grade Bridge Between On-Prem and Cloud Environments

Most organizations already have data they maintain and store, which means selected data must be able to move between local file servers and the cloud when creating or maintaining a hybrid environment.

S3 storage can be set up as a local disk drive via LAN, which enables users to move data between the S3 storage and the local server. However, there is no enterprise-scale solution to handle this sort of migration.

FileCloud’s ServerSync provides the answer, as an enterprise-grade, hybrid solution to help manage content and records across on-prem and cloud infrastructure.

FileCloud ServerSync

FileCloud ServerSync synchronizes files and permissions stored in on-premises Windows/Linux file servers to the cloud. It maintains copies of files and permissions in sync between the cloud and on-prem storage. This synchronization enables a hybrid cloud approach with traditional LAN access, even when users are off-site or remote.

Infographic depicting FileCloud ServerSync functionality
FileCloud ServerSync syncing SMB share data between headquarter and branch offices.

Use Cases for FileCloud ServerSync

FileCloud ServerSync can be used for multiple scenarios, including (but not limited to):

  • Sync data between headquarters and branch offices.
  • Sync data from local NFS/SMB shares to remote NFS/SMB shares.
  • Sync data from local NFS/SMB shares to S3 storage for data archival.
  • Sync data from local NFS/SMB shares to S3 storage for cloud access.
  • Sync data and NTFS permissions from a local SMB share to a remote FileCloud server.
Infographic depicting FileCloud ServerSync with NFS Server
Typical architecture to sync data between local NFS/SAMBA shares with S3 storage using FileCloud ServerSync.

How to Move Data from Local NFS/SAMBA Servers to S3 Storage with FileCloud ServerSync

In this setup, we have a local NFS/SAMBA server configured in Linux used as a local data repository. It is accessible locally inside the company network from different types of clients (Windows, Linux, and Mac) that interact with the data stored there.

The data is moved to S3 cloud storage using FileCloud ServerSync for archival. The data will sync between the local file servers and the S3 storage and is accessible externally through the FileCloud web interface.

Benefits of Using FileCloud ServerSync

  • Archival of NFS/SMB data into S3 low-cost storage Through FileCloud ServerSync.
  • Synchronization between the Local NFS/SAMBA servers and S3 storage using FileCloud ServerSync.
  • Cloud Access to the data using FileCloud interface.
  • Classification of the synchronized Data within FileCloud using Smart classification.
  • Ability to share data securely through the FileCloud interface with external parties.

Conclusion

Interested in trying FileCloud for your own migration to a hybrid environment? You can check out the FileCloud Tour or sign up for a free trial today!

 

Article written by Wail Bouziane, Solutions Architect Team Lead

Edited by Katie Gerhardt, Junior Product Marketing Manager

 

Competitor Series: FileCloud vs CTERA

In our blog last week we went over the difference between FileCloud and Egnyte and what you might want to look for when selecting a top-notch CCP (content collaboration platform). This week, we’re continuing our competitor series and reviewing FileCloud vs. CTERA.

FileCloud vs. CTERA

Like FileCloud Server, CTERA is an on-prem solution, which means files and data are kept on your servers, behind your own firewalls. CTERA was founded in 2008 and is a solid CCP solution.

Of course, one of the valuable aspects of FileCloud is that while we provide a hyper-secure, on-prem solution with FileCloud Server, we also have options for hybrid and cloud-based solutions such as FileCloud Online. This gives your organization flexibility no matter how your needs change over the years.

Another aspect of FileCloud Server that we consider vital for enterprises? Top-of-the-line compliance features.

FileCloud, CTERA, and Compliance

Compliance is like a keeping an emergency kit in your car—you hope you don’t have to use it, but you’re sure glad you have it when it’s needed.

Data privacy laws are only getting stronger since one of the biggest ones—The General Data Protection Regulation, or GDPR—went into effect in 2018. In fact, the large majority of countries have enacted or are enacting privacy laws. If you collect or keep data, you are required to comply with these laws, whether you want to or not.

Of course, these ever-changing laws raise challenging questions on how to sort, protect, and control the data your enterprise uses.

That’s where FileCloud’s compliance features come into play.

FileCloud’s Compliance Center is a hugely popular tool that allows enterprises to connect complicated compliance regulations with FileCloud’s powerful security and DRM options. Current compliance configurations include ITAR, GDPR, and HIPAA.

On top of FileCloud’s Compliance Center, users can configure FileCloud to comply with a host of other regulations and guidelines including:

  • CJIS
  • EAR
  • DoD Cloud Computing SRGs
  • FIPS 140-2
  • IRS-1075
  • CMMC
  • NIST 800-171
  • GxP

CTERA does offer compliance support options, like a FIPS-140-2 Compliant Encryption Model and some compliance dashboards, but it doesn’t have the plethora of compliance support options available with FileCloud.

Secure Content Collaboration and Productivity

Another important aspect of any CCP comes down to collaboration and productivity tools. After all, what would a content collaboration platform be without features to support organized file sharing?

It’s easy to lose or forget about files during a busy day (week/month/year). This is why FileCloud strives to make collaboration easy through features like file sharing requests, commenting, tagging and notifications.

CTERA does not have these options available, which can pose a significant barrier to streamlined collaboration.

File Locking and Lock Management (via MS Office/DocIQ)

Enterprises must be able to control who can make changes to a file. This is necessary for both compliance (in the case of files not being able to be changed) and collaboration. With FileCloud, files can be locked to ensure only one person can make changes to a file. In addition, admins can manage locked files directly to ensure no files are permanently locked.While CTERA does have collaboration tools such as Team Folders and unlimited file versioning, it does not have the more advanced features that FileCloud provides.

Streamlined, Automated Processes

Enterprises often start looking for CCPs because they want to protect their data, but also because simple file sharing and storage can save enormous amounts of time.

Enter Workflow Automation. Workflow automation helps automate tedious yet important administrative tasks like document review, signoffs, and reminders.

Any good CCP now has the option for Workflow Automation, and CTERA is no different, with approval workflows and workflow automation.

The problem? It’s hard enough to get users to adapt to new technology, including CCPs. Ask them to create complicated workflows and they’ll dig in their heels.

That’s why at FileCloud we’ve created a simple, no-code, drag-and-drop workflow builder that anyone can use to create workflows in minutes. In addition, FileCloud also has a convenient dashboard for running workflows, which give managers and users a bird’s eye view on work as it’s being completed. Workflows can also be updated, edited, and shared from this dashboard.

Maintaining your Brand

When it comes to your organization, there’s almost nothing more important than maintaining your brand. Your brand is what creates trust between you, your customers, and your employees. Wouldn’t you rather buy from a company you’ve used before and like, rather than a generic brand who could be selling you “who-knows-what?”

The same is true when it comes to the tech tools you use, like your CCP. If you need to share or accept files from clients, partners, or customers, you want submission forms and web portals to be recognizable as an extension of your brand. This is especially true with rising cyberattacks that include sophisticated phishing efforts. A discerning customer who doesn’t recognize your submission form may choose to send their business elsewhere.

We understand the value of branding at FileCloud, which is why, in addition to the custom domains and communication that CTERA provides, FileCloud also allows you to use your own logo, colors, and background images. This branding helps ensure that your enterprise is visible in all aspects of your business and that customers and partners feel comfortable engaging with you.

The Cost of External Users

One big problem that enterprises face is the cost of external users. With almost all CCPs, you have to buy licenses for your users. That is, the people who’ll be using the product every day.

But there’s always going to be more people needing to use the software. What about when your team lead shares something with a customer? Sure, they can use email or an FTP – but let’s face it, the increased risks of these unsecured methods can end up costing a company thousands or even millions of dollars in regulatory fines or remediation costs from a breach.

Alternatively, CCPs offer sharing through a centralized platform that includes basic features like identification authorization and other security tools to protect data. But these shares must be between users.

Imagine Joe from Sales wants to share some information about a contract with a client; but to do so securely, that client needs to be added to the platform as a user. They don’t need access to the full platform though; they just need simple file access.

The downside? Most CCPs like CTERA require that you pay for those users as part of your license, even though they’re not using the platform every day or leveraging the full suite of platform tools. Those user costs add up fast and can be an enormous drain on your resources.

At FileCloud, we think you’ve spent enough. That’s why we offer unlimited, external user accounts with simplified dashboards for file sharing and review.

That means if Joe in Sales wants to share something with a new customer, he doesn’t have to wonder if it’s worth the cost or take a gamble with unsecured methods. Instead, he can share it, all the while knowing that any files shared are secure and compliant within FileCloud’s top-notch CCP solution.

What Do the Customers Say?

One Software Development Manager who also looked at CTERA as a solution had this to say about FileCloud,

I have been using FileCloud for a long time and I must admit, this is a super secure platform as well that provides an end to end security. FileCloud user interface is simple, seamless, and easy to use, this is one of the best user interfaces I have ever used. […] The file sharing option in this platform is effective and I can send files in just a second to others. I can send the files with security like the view only file, edit the only file and comment only files. The file recovery and the file backup feature are simply great, this provides me full flexibility, and even if I lose the files by mistake, I can recover those files easily […] the technical support function of this platform is really good and effective and I can say they are customer-centric.

Conclusion

There’s no doubt that CTERA is a solid CCP solution. However, when it comes to an all-in-one CCP, we think FileCloud has it beat. We offer in-depth compliance options, content collaboration tools, and easy workflow automation, as well as the ability to maintain your brand and enable sharing with unlimited external users.

Of course, you don’t have to take our word for it. Check out our detailed competitive matrix and decide for yourself how FileCloud stacks up against the competition.

Want to see these features in real-time? Just sign up for a quick product demo and learn how FileCloud can work for you.

Written by Megan Barnard, Digital Content Specialist at FileCloud

 

Air-Gapped Networks and FileCloud Secure Sensitive Data

For companies, organizations, and governments that require absolute security for data, air-gapped networks seem like an obvious choice. This is especially true with the rising rates of cyberattacks, which are becoming ever more costly (think billions of dollars globally) between lost profits over frozen assets and ransoms paid.

This is where an air-gapped network comes into play. Simply put, you can store your data on an internal network that is physically separated from other networks (air is between the servers and other network hardware). There are also no wireless connections to other networks (especially the internet).

An air-gapped network is a compelling solution for organizations handling confidential or sensitive information, like health data, bank records, or defense supply chain schematics.

With this physical separation, your data should stay safe in your isolated network “island.”

Right?

Well, no actually. Let’s dig into what an air-gapped network actually is – then we can understand the challenges that come with using them to secure data in our modern, ultra-connected network landscape.

What is an Air-Gapped Network?

An air-gapped network is a security measure that isolates and limits computer systems from accessing other networks, including unsecured networks such public internet or local area networks. These air-gapped networks are used for systems that require high security to limit breaches and data leakage.

As mentioned above, the traditional air-gapped network is one that physically separates servers from other day-to-day network infrastructure. These servers are usually themselves housed off-site, in a data center or server farm, behind locked doors and gates. This effectively isolates data storage, so that it is safe and secure on this designated “island.”

Often, these air-gapped networks are used for backups, but they can also be used as primary working spaces for groups that handle confidential, classified, or extremely sensitive information.

This data doesn’t exist just for the sake of itself though – people need to leverage data to achieve projects, deliver insights, and provide services. So how do you balance the need to access data with the need to secure it? The more access points you provide, the easier it is to leverage data, which is what you want. At the same time, the more access points, the more vulnerabilities.

The problem is that to use data stored in a traditional, air-gapped network, people must physically connect or even quite literally travel to your “island.” They also can’t leave your island to work on other resources or bring in other data, unless they physically import it. In this case, the import mechanism is likely a dongle or USB drive.

You’re already seeing the problem, aren’t you?

Not only do traditional air-gapped networks create significant access barriers, they also leave the door open for human error or exploitation.

An Air-Gapped Network that Protects and Connects: a Paradox?

The advent of technology has created more modern deployments of an air-gapped network. For example, air-gapping can be achieved within the same network if devices or hardware are physically disconnected. That still invites the issue of people needing to physically access the isolated hardware to view existing data or import new data.

There are also logical air-gapped networks, in which software tools such as role-based access controls and encryption are used to create protected zones within a network. This solution is based on the concept that when bad actors break through (not if), they will not be able to make sense of the data or use it against the original owners.

Maintaining control over data is the name of the game. Physical air-gapped networks are no longer the winning solution though. As with most other avenues in the IT world, we have learned that a combination of hardware and software can help create layers of security. In fact, the industry standard has heavily tilted toward software solutions, thanks to the impact of cloud technology.

The problem now is figuring out the right software solution that can either fit into an air-gapped network strategy or that can support one.

Solution #1 – Create Your Own Software Solution

If a company or organization has a whole team of IT specialists, they can create a unique solution from the ground up that meets their exact needs and specifications. That could work for a while.

The downside? It will be incredibly expensive though and likely difficult to handle as software ages. The IT team either has to proactively improve and expand core functionalities or outsource. However, legacy software tends not to play nice with external tools or feature integrations. Over time, this makes the software less useful. The “ease of access” erodes.

So, all that effort down the drain, and at the rate of technological development, that timeline could be as little as three years.

Solution #2 – Opt for an Integrated Cloud Solution

You could go with a cloud technology solution, which would handle all the maintenance and upgrading for you. A commercial solution would also have the resources to actively create new functionalities and expand integration potential. Ease of access and maintenance: check.

The convenience and storage fees though will eat up an increasing percentage of your budget. A business could go bankrupt trying to scale operations within a cloud solution, especially if they handle a lot of data.

Not to mention, many of these cloud providers can’t provide air-gapped networks, even logical air-gapped networks, because they own the data you store. If it’s in the public cloud, that data is beyond your control. For optimal security and data control, the cloud just isn’t an option.

FileCloud: An Air-Gapped Network Solution that is “Just Right”

FileCloud is the solution you’re looking for. It combines the best of both worlds as an on-premises, self-hosted solution that can be deployed within an air-gapped network while ensuring ease of access for authorized users.

Read our white paper to learn more about air-gapped networks and how to supercharge your hyper-secure access with FileCloud!

We’ve got pro-con lists, we’ve got diagrams, we’ve got technical breakdowns for different scenarios – it’s all here in the white paper.


Download our White Paper to learn how FileCloud works with Air-Gapped Networks.

Air-Gapped Networks with FileCloud - Diagram


If you need more convincing though, here are some of the amazing things you can do in FileCloud. These features can help optimize how you use your data, all while maintaining (and even strengthening) security.

Identity Authentication

The hyper-secure platform provides identity authentication settings such as two-factor authentication, active directory and LDAP integration, Single Sign-on (SSO), and SIEM support.

Encryption

Even if someone tries to steal data, it doesn’t mean they can view or even use what they’ve taken. 256-bit AES encryption secures data at rest and TLS/SLL protocols encrypt data in transit. You can also run FileCloud in FIPS mode, which uses FIPS-level encryption on a FIPS-enabled operating system, for extra security and compliance with regulations.

Granular Permissions

Granular file and folder permissions ensure only authorized users can access certain data. Sharing can also be tightly controlled, through public or private sharing, password-protection, and expiry dates.

Controlled Sharing

Sharing can be carefully monitored by Admins through Data Leak Prevention (DLP) rules that can override any attempted shares with unauthorized users or alert the admin. Maintain control over data even after sharing with FileCloud’s Digital Rights Management feature.

Admin Powers

Admins can also create Admin-users or modify user permissions with role-based access controls (RBAC). This ensures department heads or directors can manage their teams and data access, even as the Admin maintains global controls and protections.

Remote Device Management

This global control extends to connected devices and user accounts. Upon suspicious activity, Admins can block users from access and even remotely wipe devices. No more worrying about that USB you left in the airport or a phone that went missing after being left out on a desk.

Reports & Logs

Admins have maximum visibility over user and file activity through the admin dashboard, where they can run reports, even create custom logs. All activity is captured in comprehensive audit logs that can be exported for internal review or external audit. This feature makes compliance assessments a breeze.

Key Integrations

FileCloud can even be integrated with common tools you already use, like Microsoft Word, Excel, PowerPoint, Teams and Outlook, OnlyOffice, Google Docs, Salesforce, Symantec, and ArcSight.

Check out the full FileCloud tour or sign up for a demo!

 

Article written by Katie Gerhardt, Jr. Product Marketing Manager

 

Competitor Series: FileCloud vs Egnyte 2022

When it comes to Content Collaboration Platforms (or CCP) we think FileCloud is the superior solution with its hyper-security, compliance options, and collaboration tools like Workflow Automation. However, we know that there are other solid solutions around.

We’ve written several competitor blogs on Open Text and Nextcloud, and today it’s time for us to cover Egnyte.

Deployment

Egnyte has a focus on cloud solutions which is a great option for many companies. Unlike Dropbox, it does have a hybrid solution and features like FileCloud’s ServerSync and ServerLink.

However, Egnyte doesn’t offer an on-premises solution. Want to use Egnyte but also want to keep your data behind your own firewalls? Well, you’re fresh out of luck.

We’re not saying Egnyte isn’t a solid CCP solution. However, when you get down to the nitty gritty, Egnyte doesn’t have certain features and benefits that we consider necessary for a CCP, including the option to self-host your data on your own IT infrastructure.

Digital Rights Management (DRM)

DRM is a vital aspect of a content collaboration product. Protecting your data and files is something you should be able to control both before and after files have been sent. Unfortunately, Egnyte doesn’t offer an integrated DRM solution, like the one baked into FileCloud’s system. FileCloud’s solution includes the following:

  • Secure Document Viewer/Container

Protect confidential files from unsolicited viewing with restricted viewing mode/container.

  • Screenshot/Print Protection

Utilize the Screenshot and Print Protection feature to prevent recipients from taking screenshots or printing sensitive data.

  • Restrict & Revoke Access to Files After Distribution

Enforce data governance policies even after distribution; revoke file access or change permissions anytime.

Compliance/Security

FIPS 140-2 Compliance

If you’re interested in working with government agencies or government contractors, any system you use will need an additional layer of compliance called FIPS 140-2. FIPS 140-2 is supported by the CMVP (or Cryptography Module Validation Program), a collaboration between the Canadian and US governments (specifically the National Institute of Standards and Technology or NIST). CMVP establishes a standard for cryptographic modules, validation, and compliance.

Many CCPs don’t have the option of FIPS 140-2 mode like FileCloud does, because it’s an intensive process to attain FIPS certification.

FileCloud was granted FIPS 140-2 certification in early 2019. This rigorous process ensures that systems with NIST 140-2 validation can protect highly sensitive and confidential government data from misuse or abuse as well as mitigate the risk of cyberattacks.


Single Sign-on (SSO)/SAML Support

With how many passwords and logins that employees now have, it can be a huge time-saver to have SSO. This tool streamlines multiple user credentials into one and enables easier access across systems.

FileCloud has this option available, but Egnyte does not.

Device Management

You need to be able to control who is using your system—regardless of what device they’re using.

With FileCloud, you have a complete Device Management System where you can view a list of connected devices and leverage that view to remotely wipe data or block users in case of suspicious activity or device loss.

Egnyte technically has this feature, but it costs extra and has to be enabled. At FileCloud, the feature is automatically enabled in your admin interface and won’t cost a penny more.

 Extra Costs/Not Available

Look, we get it; every system can’t have every option available. However, there are certain things that Egnyte doesn’t have or that cost extra that FileCloud includes automatically such as:

  • Unlimited external user accounts
  • Unlimited storage
  • Unlimited file versioning

And when we say unlimited, we mean it. You won’t find “gotchas” for these in our pricing model or Terms of Service.

DRM, device management, FIPS 140-2 certification… these are things you might not initially consider so important. But once you need them and don’t have them? You’ll wish you picked FileCloud from the start.

FileCloud’s Competitive Matrix

 Of course, this blog just shows one of many CCPs out there. Wouldn’t it be great if there was one place where you could compare and contrast the major solutions?

Well, now there is.

Introducing FileCloud’s Competitive Matrix. We’ve created this in-depth resource so you can decide for yourself which CCP is the best fit, based on the features you need.

We think FileCloud stacks up against even the biggest competitors. Want to learn more about how FileCloud’s hyper-secure system makes work easier? Sign up for a quick product demo and learn more.

~Written by Megan Barnard, Digital Content Specialist

 

Back in Action – FileCloud Sponsoring International Trade Shows

After a long delay stemming from the COVID-19 pandemic, FileCloud is delighted to be sponsoring several trade shows in October.

We love showcasing FileCloud through client demos and webinars, but we’re even more excited to demo FileCloud in person! We’re also looking forward to meeting prospects, customers, and partners.

FileCloud is sponsoring two trade shows: GITEX Global and it-sa Expo&Congress.

GITEX Global: October 10-14, 2022 | Dubai, UAE

GITEX is a major conference for technology and innovation across business, society, economy, and culture. It has been branded as the world’s largest meetup for the developer and coding community to push the boundaries on what’s possible for technology.

Major exhibits and debuts will be taking place, addressing topics like artificial intelligence, cloud computing, cryptocurrency, 6G wireless connectivity, quantum computing, and startup innovations.

The GITEX mainstage is also where to find the metaverse debut, which will include a hands-on, live introduction to X-VERSE. This virtual reality ecosystem offers a spectrum of integrated solutions to suit over 20 business models.

The metaverse isn’t just for business either – GITEX will also be showcasing music and art shows as well as a virtual fashion show. Industry and tech leaders from Artisant, H&M, METAV.RS, Sensorium, Hololux GmbH, and Digital Twin Consortium will also be speaking.

GITEX is reporting that over 4,500 exhibitors, 800 startups, and 1,000 speakers will present, with 100,000 attendees, cumulatively representing over 170 different countries.

This specialized gathering gives industry leaders like FileCloud the opportunity to showcase products and collaborate on ideas, while building and strengthening important relationships.

You can find the FileCloud team at Booth #H6A-11.

 

it-sa Expo&Congress: October 25-27, 2022 | Nuremburg, Germany

it-sa Expo&Congress is Europe’s all-in-one exhibition, conference, and trade fair for IT security. Industry leaders, security providers, and managers come together to unveil new products, collaborate on ideas, and showcase services

This trade fair opens up discussion related to cloud and mobile security, data and network security, and critical infrastructure security. Over 600 companies will be represented, with novel solutions across consulting, services, hardware, and software.

Attendees can visit the open forums, which will host over 350 expert lectures presented by over 90 companies, organizations, and associations, on practical security knowledge. These lectures are a great way to glean information on trends and industry insights.

Meanwhile, the it-sa Congress will be hosting longer programs addressing specialized topics:

  • Trends in IT Security
  • Learnings from Incident Response: What matters in cybersecurity today?
  • Expert roundtable: cyber insurance versus IT security risk
  • External Attack Surface & Risk Management
  • Automated Services – Advantage through Technology & Automation
  • New ISO/IEC 27001 requirements: 93 times to rethink?
  • The truth about the (in)security of ID verification
  • Digital Identities: Smart, user-friendly and secure nonetheless?
  • And many more!

The it-sa conference is also a great place to discover promising startups. The ATHENE Startup Award UP22@it-sa was run as a live community poll through September 22. This award is granted to the best cybersecurity startup in Germany, Austria, and Switzerland – the winner will be announced at the conference!

You can find the FileCloud team at Nürnberg Messe, Booth# 7A-125.

 

Why is FileCloud Sponsoring?

FileCloud’s mission is to build a hyper-secure content collaboration and

processes platform that customers love to use. We are constantly looking for new ways to improve the platform and respond to developing needs across industries.

The increasing sophistication of cyber threats has reinforced the need for data privacy and security, even as networks become ever more connected. To increase data security and privacy, we want to make data harder to access.

However, if data is harder to access, it’s harder to put that data to work. This means delays, inefficiencies, and lost value (across productivity, market resilience, and/or profit).

Yet businesses and organizations around the world have been pressed to find a solution to this problem. This pressure comes not only from consumer advocacy and cyber threat damages but also from the advent of major regulations like GDPR. Regulations like GDPR recognize the rights of citizens to data privacy and sovereignty; organizations that do not comply face steep penalties.

The FileCloud Solution

Companies like FileCloud are finding unique solutions to this equation between security and access. The FileCloud platform emphases ease-of-use and access for authorized users. It provides admins and users the tools they need to share data and collaborate, all within FileCloud’s hyper-secure environment.

FileCloud can even support compliance requirements! The Compliance Center offers configurations for ITAR, GDPR, and HIPAA, which connects these complex requirements to features and settings within FileCloud. It’s an easy map for admins to ensure their FileCloud environment is compliant.

Of course, there are a lot more regulations beyond those three. That’s why FileCloud has a library of compliance support documents and white papers, covering regulations like NIST, FINRA, CMMC, SEC, GxP, CJIS, FDA Title 21, and more.

FileCloud University provides on-demand user and admin training, so you can leverage the full power of your FileCloud environment to secure your data. If you need more customized help, FileCloud also offers best-in-class support with our Professional Services that can help you configure your environment.

These are just some of the solutions FileCloud offers as an enterprise-grade content collaboration platform. Trade shows emphasizing security and innovation (like it-sa and GITEX) bring together a robust array of innovators, developers, and tech leaders. It’s an excellent opportunity for FileCloud to connect with our community, show off what FileCloud can bring to the table (or in this case, the booth!), and find inspiration for new directions.

Will we see you there?

Are you attending either of these events? If so, let us know and stop by our booths! We’d love to chat with our fellow community members on security, compliance, collaboration, and how FileCloud can answer these needs across industries.

GITEX Contact: abdelhakim.ababsa@filecloud.com     |     it-sa Contact: mark.cipcic@filecloud.com

We’re also handing out some commemorative (and useful!) gifts that can make your travel a little easier: take your pick from baseball caps, key rings, luggage tags, and mints!

Lastly, FileCloud is running a raffle at both events! Don’t forget to submit your information for the chance to take home a great prize. The winner will receive a Remarkable 2: the smart writing tablet that helps transcribe and organize your notes. It’s one more way FileCloud aims to make your work more efficient, accessible, and secure.

 

Written by Katie Gerhardt, Jr. Product Marketing Manager

 

FileCloud Best Practices: How to Maintain External User Accounts

Following our blog post about secure file sharing with external accounts, this blog post will cover how to maintain those accounts (remove/delete after a custom number of days).

Enable Automatic Deletion/Disabling of External Accounts

In the previous “Best Practices” post, we outlined how to automatically create external accounts. We also explored the benefits of automatic account creation and how this process improves your security and your internal and external user experience.

Those accounts will stay on your FileCloud server even after the shares have expired. FileCloud offers unlimited external accounts, so you don’t need to worry about exceeding a certain limit. However, these accounts can accumulate over time and become messy to manage.

You can remove them manually, but there is a better way: configure a “Workflow” action to remove them periodically.

Create a Workflow to Disable/Delete External Accounts Automatically

Log in to your admin portal and create a “New” admin workflow:

Manage External Accounts with Workflows

Choose the condition “If a user’s last login is older than….”

Select Workflow Condition

Define the Workflow Parameters

Define workflow parameters

In this example, we are setting the following parameters:

“last_login_days_ago”:”60″ -> If the user hasn’t logged in the last “60” days.

“day_interval”: “1” -> How often do we want this workflow to execute? We are configuring it to run every day: “1”

“user_account_type”:”USER_ACCOUNT_LIMITED_ACCESS” -> Restrict the workflow to only execute on External accounts.

Set the Automated Action: Delete the Account

In this next step, set the action that will be executed when the parameters are met. To delete the account, simply select “Delete user account.” However, as you can see from the screenshot below, there are a variety of options you can take to suit your operational needs.

Select workflow action

Define Notification Rules

Now you can define the notification rules, which can include sending an email to an admin and/or informing the user that the account is being deleted (set to the option to “1” if desired)

Define notification rules in workflow

Name the Workflow

Name workflow

This workflow will run daily and remove external accounts that haven’t logged in within the last “60” days. You can set the number of days you prefer and the action you want; for example, disable the account, change user status, notify the user that their account will expire soon, etc.

Conclusion

With this automation in place, you can maximize the benefits of secure file sharing by automating the creation and maintenance of external user accounts. It’s one solution within FileCloud among many that contribute to a more efficient and secure content collaboration platform. In the next blog post, we’ll cover how to set up external accounts with two-factor authentication (2FA) to maximize security and prevent unauthorized access to your FileCloud environment.

 

Article written by Daniel Alarcon, Technical Support Manager | Edited by Katie Gerhardt, Junior Product Marketing Manager

 

 

Broadband-Testing’s Comprehensive Report on FileCloud

In an increasingly online world, data is one of the most valuable aspects of any company. Many industries such as government, legal, healthcare, finance, and others have realized the importance of being able to control and protect that data.

Enterprises need a secure, easy way to share and store files more than they ever have before. In addition, enterprises need a way to govern their stored and shared data according to compliance regulations.

FileCloud aims to provide a hyper-secure, on-premises solution (though it has options for online and hybrid as well) that still has the ease-of-use, collaboration, and sharing tools available with most cloud-based solutions.

Broadband-Testing—an independent third-party reviewer of technology services—recently completed a comprehensive review of FileCloud to see if it could provide the protection, security, and ease of use that enterprises need in a content collaboration tool.

Below you’ll find some of highlights of Broadband-Testing’s assessment. To access the complete report with all the details, download the report here.

Broadband-Testing’s Findings on FileCloud

FileCloud’s focus is to provide the elements needed for enterprises, including:

  • Extensive security options like Smart DLP and DRM
  • Workflow automation
  • Data classification options

The below graphic goes over FileCloud’s content model and shows how content/data is protected and controlled under the many layers of FileCloud’s system like metadata, access control, compliance, and more.

Ease of Deployment

Broadband-Testing found that FileCloud has a “‘cloud-like’ ease of deployment” where the basics of the system are set up within minutes. Other factors that add to the ease of deployment include:

  • Windows/Linux platforms support
  • Mobile endpoints for Android and iOS
  • Manageable from a single GUI
  • Alerts sent to admin as soon as platform is used
  • Setup checklist in admin dashboard

Migrating Data

FileCloud does not require all content to be migrated at the same time. It also supports Active Directory (AD) integration and standard network share paths.

Endpoint User and FileCloud

Broadband-Testing says the user experience is familiar and simple, making it easy for users to access their content. Activity summaries can be seen on the user’s dashboard, and FileCloud can be downloaded directly to employees’ phones, so content is always at their fingertips.

Security and Data Retention

FileCloud keeps data secure and easy to access. Broadband-Testing explored FileCloud’s lifecycle data approach that ensures data is stored and governed properly. Since data is always being added or content strategies/compliance changed, admins need the ability to track and handle data properly.

FileCloud provides this data lifecycle management with tools like:

  • Data retention policies (with a defined policy that stays in effect)
  • DLP rule-based management to prevent and control data leaks
  • Archiving via retention policies that define when content can be stored/deleted/changed and constant monitoring for content changes.

Broadband-Testing then stated, “No less a body than Gartner made the point that FileCloud’s only real competition is a do-it-yourself approach, manually gathering together and integrating the many and various components that the FileCloud platform consists of.”

Access Control

Broadband-Testing found that both users and admins have very flexible access controls over files that ensures access feels as easy as public cloud sharing, backed by the security of the enterprise’s own firewall.

The Importance of Metadata

Metadata provides extra info about files/folders and admins using FileCloud can use already-created metadata sets (or customized sets admins create themselves) and create permissions based on the metadata attached to files/folders. This can automate file tagging and help apply retention policies (in conjunction with FileCloud’s Smart Classification system).

The Broadband-Testing report gives this example:

“…an invoice – say in PDF format – has been tagged to search on the word “hardware”, which has been added to the metadata. The system could then automatically identify that invoice as a hardware invoice for classification purposes… From a human search perspective, it could literally save hours or even days of manual effort, often in a scenario where time is precious and the inability to track that content down expensive.”

Proactive Compliance and DRM

Broadband-Testing found that compliance was handled in a preventative way within FileCloud, with alerts for the admin that show if a file/folder is not compliant.

In the same way, digital rights management or DRM can be managed before files/folders are shared with an integrated DRM viewer and options like control over document views (including only allowing part of a file to be viewed).

Other Voices – Gartner Peer Insights

Broadband-Testing also reviewed what the Gartner Peer Insights Customer survey thought about their experience with FileCloud. You can read more in the report, but some of these insights were that FileCloud was, “The Best Cloud-Based Substitute Solution For Data Sharing And Collaboration” and an “Efficient Content Collaboration Tool”.

Use Cases for Data Residency and Access to Existing Enterprise Content

Broadband-Testing found that FileCloud’s On-Prem solution addressed the worry over data residency by giving total control over data to enterprises.

“FileCloud’s approach is a multi-layered and fully interconnected…It provides secure file and document sharing and completely controlled – and secure – team collaboration… all in a single system, fully secured and managed OnPrem, but with the flexibility of a cloud-based solution.”

FileCloud also solves the issue of moving huge amounts of data into the platform, with full integration for files, shares, and storage.

Shares can also be extended to:

  • Amazon S3 bucket
  • Azure blog storage

Broadband-Testing’s Conclusion about FileCloud

Broadband-Testing found that FileCloud provides, “a secure, ultra-flexible and ultra-comprehensive Enterprise-level OnPrem solution for file and content storage and management.”

To read Broadband-Testing’s detailed report and view their FileCloud user and admin experiences, click here.

 

 

Configure Solr HA with Pacemaker and Corosync in FileCloud

FileCloud is a hyper-secure file storage, sharing and collaboration platform that provides a powerful set of tools for admins and users to manage their data. This includes High Availability (HA) architecture support and content management functionalities, specifically content search via FileCloud’s Solr integration.

Solr is an open-source content indexing and search application developed and distributed by Apache. This application is included with FileCloud installations.

Pacemaker and Corosync are open-source software solutions maintained by ClusterLabs. These solutions provide cluster management capabilities to client servers. Specifically, Pacemaker is a resource manager tool used on computer clusters for HA architecture, whereas Corosync supports cluster membership and messaging.

By configuring Solr HA in FileCloud with Pacemaker and Corosync, the admin can strengthen redundancy configurations, improve overall resiliency of backend software components, including quorate and resource-driven clusters, and provide fine-tuned management capabilities within and between nodes.

This step-by-step guide will outline how to manually configure Solr HA with Pacemaker and Corosync in FileCloud.

Software Components

solr01 – Solr host – cluster member

solr02 – Solr host – cluster member

solr03 – quorum-device – quorum for cluster

solr-ha – proxy-ha host

NFSShare – NFS resource which can be mounted on solr01 and solr02

The example laid out in this blog post uses CentOS 7 (CentOS Linux release 7.9.2009 (Core)).

The installation instructions for Pacemaker and Corosync clusters remain the same, regardless of the Linux distributor (Ubuntu, Fedora, RedHat, or Debian).

Installation and Configuration Instructions

Step 1: Prepare the Cluster

Install all available patches using the following command:

Command(as root):

yum update

After installing the necessary patches, reboot the system. This step must be completed for all three hosts: solr01, solr02, and solr03.

Then, the package that provides necessary nfs-client subsystems must be installed.

command(as root):

yum install -y nfs-utils

Next, wget must be installed.

command(as root):

yum install -y wget

Step 2: Install Solr and Prepare the Cluster Environment

Installing Solr in your FileCloud instance is (naturally) a critical part of configuring Solr HA. As indicated above Solr can be broken down into specific Solr hosts that are members of a cluster. These hosts must be individually configured.

Prepare Clean OS

Beginning with Solr01, prepare a clean Linux-based OS (such as the example we are using, Centos7). You may also use other operating systems according to your preference.

Download FileCloud

On the clean OS, download the FileCloud installation script: filecloud-liu.sh (official installation script).

If any issues arise related to the REMI repo, the alternative can be used: https://zerg.codelathe.com/url/qj2ny2yrvtzehjsk

Create a Folder

Create the following folder:  /opt/solrfcdata

Run the Command

Command(as root):

mkdir /opt/solrfcdata

Mount the NFS Filesystem

The NFS filesystem should be mounted under the following:

Command(as root):

mount -t nfs ip_nfs_server:/path/to/nfs_resource /opt/solrfcdata

Start Solr Installation

Next, start the solr component installation from using FileCloud installation script:

command(as root):

sh ./filecloud-liu.sh

Follow the instructions until reaching the selection screen.

Select the “solr” option and click “enter.” The installation process may take a few minutes. Wait for confirmation that installation has been completed.

Bind Solrd to External Interface

Host: solr01, solr02

Solrd will, by default, try to bind to the localhost only. Modify the file so that solr binds to the external interface.

Modify the following file: /opt/solr/server/etc/jetty-http.xml

Change the following line in the file.

Original Line:

<Set name="host"><Property name="jetty.host" default="127.0.0.1" /></Set>

New Line:

<Set name="host"><Property name="jetty.host" default="0.0.0.0" /></Set>

Change System Daemon Control to System

Solr was started with the FileCloud installation. Before proceeding, stop the Solr service.

Host: solr01, solr02

command(as root):

/etc/init.d/solr stop

Remove the following file: /etc/init,d/solr

command(as root):

rm /etc/init.d/solr

Create a new file:

command(as root):

touch /etc/systemd/system/solrd.service

Edit this new file and copy the contents specified below to this file:

command(as root):

vi /etc/systemd/system/solrd.service

Copied Content:

### Beginning of File ###
[Unit]
Description=Apache SOLR
[Service]
User=solr
LimitNOFILE=65000
LimitNPROC=65000
Type=forking
Restart=no
ExecStart=/opt/solr/bin/solr start
ExecStop=/opt/solr/bin/solr stop
### End of File ###

Save the file before continuing.

Verify New Service Definition is Working

Host: solr01, solr02

command(as root):

systemctl daemon-reload
systemctl stop solrd

It should not return any errors. Start the service:

command(as root):

systemctl start solrd
systemctl status solrd

Expected Output:

Remove Folder Contents

Folder: /opt/solrfcdata

Host: solr02

Critical Note: THIS COMMAND SHOULD BE ISSUED ONLY ON solr02.

 command(as root):

systemctl stop solrd
rm -rf /opt/solrfcdata/*

Update Firewall Rules

Complete this step whenever needed, as in the below example on CentOS.

Host: solr01, solr02

command(as root):

firewall-cmd --permanent --add-port 8983/tcp
firewall-cmd --reload

With these steps completed, the Solr installation has been carried out to successfully prepare the environment for HA clusters.

Step 3: Set Up Pacemaker

Host: solr01, solr02, solr03

Edit /etc/hosts File

Add the entries for all 3 cluster nodes, so that the file reads as follows:

coresponding_ip    solr01
coresponding_ip    solr02
coresponding_ip    solr03

Example:

File: cat /etc/hosts

127.0.0.1      localhost localhost.localdomain localhost4 localhost4.localdomain4
::1                 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.101.59 solr01
192.168.101.60 solr02
192.168.101.61 solr03

Install Cluster Packages

hosts: solr01 and solr02

command(as root):

yum -y install pacemaker pcs corosync-qdevice sbd

Enable and Start the Main Cluster Daemon

hosts: solr01 and solr02

command(as root):

systemctl start pcsd
systemctl enable pcsd

Update Passwords for the Cluster User

hosts: solr01, solr02

Set the same password for all hosts for the hacluster user.

command(as root):

passwd hacluster

Provide the hacluster user with the login credentials, as these will be necessary in later steps.

Open Network Traffic on Firewall

hosts: solr01 and solr02

command(as root):

firewall-cmd --add-service=high-availability –permanent
firewall-cmd --reload

Authorize Cluster Nodes

hosts: Solr01

command(as root):

pcs cluster auth solr01 solr02

Username: hacluster

Password: “secret_password” set in the previous step.

Expected Output:

solr01          Authorized
solr02          Authorized

Create Initial Cluster Instance

hosts: solr01

command(as root):

pcs cluster setup --name solr_cluster solr01 solr02

Start and Enable Cluster Instance

hosts: solr01

command(as root):

pcs cluster start --all
pcs cluster enable --all

Step 4: Set Up QDevice – Quorum Node

Install Software Required for Quorum-only Cluster Node

Install the required software on solr03 (quorum-only cluster node).

Host: solr03

command(as root):

yum install pcs corosync-qnetd

Start and Enable the PCSD Daemon

Host: solr03

command(as root):

systemctl enable pcsd.service
systemctl start pcsd.service

Configure QDevice (Quorum Mechanism)

Host: solr03

command(as root):

pcs qdevice setup model net --enable –start

Open Firewall Traffic

Open the firewall traffic (if required – below example on CentOS)

Host: solr03

command(as root):

firewall-cmd --permanent --add-service=high-availability
firewall-cmd --add-service=high-availability

Set the Password for HA Cluster User

Set the password for the hacluster user on solr03.

Host: solr03

command(as root):

passwd hacluster

Provide the password to the HA cluster user. This password should be the same password used for solr01 and solr02.

Authenticate QDevice Host in the Cluster

Host: solr01

command(as root):

pcs cluster auth solr03

Username: hacluster

Password:

Add Quorum Device to the Cluster and Verify

Host: solr01

command(as root):

pcs quorum device add model net host=solr03 algorithm=lms

Verification:

Host: solr01

command(as root):

pcs quorum status

Expected Output:

Quorum information
------------------
Date:             Wed Aug  3 10:27:26 2022
Quorum provider:  corosync_votequorum
Nodes:            2
Node ID:          1
Ring ID:          2/9
Quorate:          Yes

Votequorum information
----------------------
Expected votes:   3
Highest expected: 3
Total votes:      3
Quorum:           2 
Flags:            Quorate Qdevice

Membership information
----------------------
    Nodeid      Votes    Qdevice Name
         2          1    A,V,NMW solr02
         1          1    A,V,NMW solr01 (local)
         0          1            Qdevice

Step 5: Install Soft-Watchdog

The module softwatchdog should load automatically after rebooting the system.

Host: solr01, solr02

command(as root):

echo softdog > /etc/modules-load.d/watchdog.conf

Reboot solr01 and solr02 to Activate Watchdog

Host: solr01, solr02

command(as root):

reboot

Carry out the reboots in sequence:

  • reboot solr01 and wait until it comes back
  • reboot solr02

Step 6: Enable SBD Mechanism in the Cluster

Enable sbd

Host: solr01, solr02

command(as root):

pcs stonith sbd enable

Restart Cluster so pkt 1 Takes Effect

Host: solr01

command(as root):

pcs cluster stop --all
pcs cluster start --all

Verify the SBD Mechanism

Host: solr01

command(as root):

pcs stonith sbd status

Expected Output:

SBD STATUS
<node name>: <installed> | <enabled> | <running>
solr01: YES | YES | YES
solr02: YES | YES | YES

Step 7: Create Cluster Resources

Create Cluster Resource with NFSMount

Host: solr01

command(as root):

pcs resource create NFSMount Filesystem device=192.168.101.70:/mnt/rhvmnfs/solrnfs directory=/opt/solrfcdata fstype=nfs --group solr

Legend:

The parameter device should point to the nfs server and nfs share being used in the configuration.

Verification:

Host: solr01

command(as root):

pcs status

Expected Output:

Cluster name: solr_cluster
Stack: corosync
Current DC: solr01 (version 1.1.23-1.el7_9.1-9acf116022) - partition with quorum
Last updated: Wed Aug  3 12:22:36 2022
Last change: Wed Aug  3 12:20:35 2022 by root via cibadmin on solr01

2 nodes configured
1 resource instance configured

Online: [ solr01 solr02 ]

Full list of resources:
 
Resource Group: solr
     NFSMount   (ocf::heartbeat:Filesystem):    Started solr01

Daemon Status:
  corosync: active/enabled
  pacemaker: active/enabled
  pcsd: active/enabled
  sbd: active/enabled

Change the Recovery Strategy for the NFSMount Resource

Host: solr01

command(as root):

pcs resource update NFSMount meta on-fail=fence

Create Cluster Resource – solrd

Host: solr01

command(as root):

pcs resource create solrd systemd:solrd --group solr

Verification:

Host: solr01

command(as root):

pcs status

Expected Output:

Cluster name: solr_cluster
Stack: corosync
Current DC: solr01 (version 1.1.23-1.el7_9.1-9acf116022) - partition with quorum
Last updated: Wed Aug  3 12:25:45 2022
Last change: Wed Aug  3 12:25:22 2022 by root via cibadmin on solr01

2 nodes configured
2 resource instances configured

Online: [ solr01 solr02 ]

Full list of resources:

 Resource Group: solr
     NFSMount   (ocf::heartbeat:Filesystem):    Started solr01
     solrd      (systemd:solrd):        Started solr02

Daemon Status:
  corosync: active/enabled
  pacemaker: active/enabled
  pcsd: active/enabled
  sbd: active/enabled

Set Additional Cluster Parameters

Host: solr01

command(as root):

pcs property set stonith-watchdog-timeout=36
pcs property set no-quorum-policy=suicide

Step 8: Configure haproxy on Dedicated Host

Install haproxy on Clean OS

Our example uses CentOS.

Host: solr-ha

command(as root):

yum install -y haproxy

Configure the haproxy

Configure the haproxy to redirect to the active solr node.

Host: solr-ha

backup file: /etc/haproxy/haproxy.cfg

command(as root):

mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg_bck

Create an Empty File

File: /etc/haproxy/haproxy.cfg

Add Content

Add the content below into the empty file.

#### beginning of /etc/haproxy/haproxy.cfg ###
global
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon
    stats socket /var/lib/haproxy/stats
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

frontend solr_front *:8983
        default_backend solr_back

backend static
    balance     roundrobin
    server      static 127.0.0.1:4331 check

backend solr_back
        server solr01   solr01:8983 check
        server solr02   solr02:8983 check
#### beginning of /etc/haproxy/haproxy.cfg ###

Ensure that parameters solr01/solr02 point to the full DNS name or to the IP of the cluster nodes.

Start haproxy

Host: solr-ha

command(as-root):

systemctl enable haproxy
systemctl start haproxy

Solr service will be available on host solr-ha on port 8983 – independent of where it is really running, either on solr01 or solr02.

Conclusion

Congratulations! If you followed these step-by-step instructions, you will have successfully configured Solr with high availability along with Pacemaker and Corosync. This configuration will serve to improve redundancy and security for your critical data.

For any questions on Solr or High-Availability architecture, schedule a consultation or configuration support session.

 

Article written by Marek Frueauff, Solutions Architect

Edited by Katie Gerhardt, Junior Product Marketing Manager

 

Appendix – Glossary of Terms

Below are the key terms used in this article, listed in alphabetical order.

Term Definition
Cluster The group of servers or other IT systems, which primary purpose is to realize similar or exactly the same function to achieve one or both of the outcome’s: High Availability or Load Balance.
Cluster Quorum Server or other system that is part of the cluster and performs a particular role: verify which production cluster nodes (servers) can be communicated and their health status. In cluster members are missing, the cluster quorum system decides if the remaining servers can operate and continue providing services or if it should be treated as unhealthy. There is a risk of the split brain situation. The main purpose of the cluster quorum system is to avoid the split brain scenario.
Corosync Corosync is a typical part of High Availability architecture set up in Linux or Unix systems and usually exists alongside pacemaker. Corosync is the communication engine responsible for keeping cluster nodes (servers) in sync state.
Firewall Software or hardware which can inspect and manipulate based on the multiple rules the network traffic. The modern firewalls implementations can operate on multiple network layers (usually from 3 to 7) including the network frame content inspection.
Firewall-cmd The modern Linux build in firewall software implementation.
nfs Network File System – is the filesystem which by design is network related. It is common method to share file resources in the unix environment. Due to very long history related to this technology it has been implemented almost on all possible operating systems and became very popular and commonly used.
Pacemaker Open-source software involved in cluster resource management and part of a typical High Availability setup on Linux systems to provide modern functions and cluster management resources.
Proxy Software or hardware solution that provides a gateway between two networks separated by design. A proxy is usually installed between the public Internet and a local network and allows some communications between those network segments based on predefined rules. A proxy can also be used for other purposes, like load balancing: for example redirecting incoming connections from one network to multiple hosts in another network segment.
Proxy-HA The specific implementation of the proxy mechanism to provide High Availability service, which is usually correlated with a single host (server). In our example proxy-ha is used to verify where services are currently running (on which cluster servers) and redirect all incoming requests to the active node.
Resource Group A logical organization unit within the pacemaker cluster implementation that enables control of the dependencies between particular resources managed by the cluster. For example, the nfs server that shares files must be started after the filesystem where the files resists and additionally on the same cluster node (server) – this control can be easily achieved using Resource Groups.
QDevice The software implementation of the quorum functionality in the pacemaker cluster setup. This kind of functionality is being installed on the cluster host, which will perform the quorum role only, and will never provide any other services.
SBD Stonith Block Device by design this the implementation of the additional communication and stonith mechanism on top of shared block device between cluster nodes (servers). In some cases, sbd can be used in the diskless mode (as in our example). To operate in this mode, the watchdog mechanism needs to be enabled/installed.
Solr Advanced and open-source search and indexing system maintained and developed by Apache. This mechanism is a part of the standard FileCloud installation.
Split Brain Very dangerous scenario in all cluster environments in which a node or nodes loses the ability to communicate with the rest of the node population due to an environment malfunction (most often due to lost network connectivity). In this situation, a separated node may “think” that it is the “last man standing” and calls up all cluster resources to begin providing all services. This resource demand is repeated by all cluster nodes, leading to disagreement on which node should remain active and which services the cluster should provide. Each cluster implementation has multiple built-in mechanisms to prevent this situation, which can easily lead to data corruption. One such mechanism is stonith, which is activated as soon as the node is loses its “quorate” status –indicating a high probability that the node is not visible by the rest of the environment.
Stonith Shut The Other Node in The Head is a mechanism that allows an immediate restart (without any shut down procedure) of any node in the cluster. This mechanism is extremely important to prevent potential data corruption by the wrong cluster node behavior.
SystemV The name of the former Linux approach to starting and stopping system services (daemons).
SystemD The name of the modern Linux approach to starting and stopping system services (daemons) and much more. Each modern Linux distribution now uses systemd as the main mechanism to manage system services.
Watchdog The software or hardware mechanism that works like a delayed bomb detonator. The watchdog is periodically pinged by the system (approximately every 5 seconds) to reset the countdown procedure. If the countdown reaches 0, watchdog will reset the operating system immediately. Watchdog is used with Pacemaker in clusters to ensure that nodes remain recognized within the cluster community. In the event of a lost connection (which is the typical reason behind the Split Brain scenario), Watchdog enables an immediate reboot of the node.

 

 

Create an SSL Certificate in 5 Easy Steps

SSL certificates are a routine security recommendation when it comes to hosting data on a server. Specifically, SSL certificates enable end-to-end encryption for web servers when it comes to data transfers with HTTP protocol. This security is typically displayed by changing a URL from http to https. An icon such as a padlock may also be used to visually indicate that the site or server is secure.

FileCloud is a content collaboration solution that can either be self-hosted on private infrastructure or hosted by us. For self-hosted instances, FileCloud recommends installing and maintaining an active SSL certificate. This is a significant measure you can take to provide greater security for your data.

This blog post will cover how to purchase, configure, and verify an SSL from a trusted third-party provider in five easy steps.

Step 1: Generate the CSR for the SSL Certificate

A CSR or certificate signing request is generated on the server where the SSL certificate will be installed.  The CSR is created by the Certificate Authority and contains the following information:

  • Legal name of the business or organization
  • Domain name
  • Identification for the person or unit responsible for managing the certificate
  • Geographic location (city, state, and country)
  • Email address

For these step-by-step instructions, we are using the domain name example.com for demonstrative purposes.

To generate a CSR, run the below command in the windows CMD or Linux Shell:

  openssl req -new -newkey rsa:4096 -nodes -keyout example.key -out example.csr

Enter the required information to generate the CSR for the SSL:

  • Country Name (2 letter code): [AU]
  • State or Province Name (full name): [Some-State]
  • Locality Name (e.g., city, county): []
  • Organization Name (e.g., company): [Internet Widgits Pty Ltd]
  • Organizational Unit Name (e.g., section, division, department): []
  • Common Name (e.g., server FQDN or YOUR name): []

If you are generating a CSR for a wildcard certificate, then the common name should be *.example.com

Step 2: Purchase an SSL Certificate from the Desired Vendor

In this tutorial, we are purchasing a wildcard COMODO SSL from SSLBUY.com. You can apply the same steps to any SSL vendor.

Log in to the platform of your selected vendor, then purchase the SSL.

Step 3: Configure and Verify the SSL

Click on “Configure SSL” and submit the CSR generated earlier.

Click on “Continue.”

After this step, you will see the information from the CSR and verify that the CSR mentioned is correct.

Choose an SSL approval method with one of the two methods:

  1. Add CNAME in the DNS record of the domain that requires an SSL
  2. Email approval

In this case, we are choosing email approval and the web server should be Apache.

Enter the admin email and confirm the admin email by re-entering it again as in the screenshot below:

Step 4: Complete Verification

If you chose email verification instead of DNS verification, you will be redirected to the SSL provider site to enter the confirmation email address.

Once you have completed the verification steps with the SSL vendor, you will receive an email confirmation for the SSL. This email serves as the verification and confirms the domain is under your control. There will be a link for the verification in the email; click the link and enter the verification code in the directed space.

Step 5: Download the SSL Certificate

After verification is complete, download the SSL certificate from the SSL vendor. Alternatively, an email may be sent to the admin email address with SSL certificates attached.

Conclusion

Once the SSL has been downloaded, install the SSL certificates on your FileCloud server by following our documentation, depending on your operating system: Windows | Linux. You can also check out this blog post, which provides a specific step-by-step example of how to configure and install a wildcard “Lets Encrypt” SSL Certificate with Ubuntu 20.04 LTS on a multi-tenant site.

With an SSL certificate in place, you can rest assured knowing your data in transit is encrypted, which creates another layer of protection for your important files and processes.

 

Article written by Nandakumar Chitra Suresh, Technical Support Lead | Edited by Katie Gerhardt, Junior Product Marketing Manager

 

Data Governance is for Everyone!

What does “Data Governance” even mean?

In a vacuum, data governance is simple. It’s the process of managing data to accomplish certain objectives. Often these objectives are related to security, privacy, or compliance with external regulations. The term is also associated with responsible management or stewardship of data.

The concept becomes more complex when it is applied across industries or use cases. The scope and impact of data governance is wide-ranging and far-reaching, which can make applying data governance strategies more complicated.

This is especially true for enterprises that already handle huge amounts of data and are examining data governance options to address compliance needs. Increasing regulations worldwide make it so that few businesses can escape the web of compliance requirements.

Data Governance is so much more than complying with regulations though. Read on to find out if you could benefit from a data governance strategy. (hint: you probably can!)

Do I need Data Governance?

  • Do you handle data that could be used to identify clients or customers?
    • Anything from full names, ages, family members, credit card numbers, social security numbers, license plates or VIN, transaction records, prescriptions, doctor-patient information, policy and account numbers, and so much more!
  • Do you work in a highly regulated industry like Defense, Healthcare, or Finance?
  • Do you store proprietary or business-critical information, plans, schematics, technology, or logistics details?
  • Are you subject to large-scale/international regulations like GDPR?
  • If your data was compromised because of a virus, breach, ransomware, or leak, could you face fines, legal penalties, or significant loss of profit?
  • Are you subject to internal or external audits of your data or processes?
  • Are you trying to leverage data insights to grow your business or build market resilience?

If you answered yes to any of these questions, good news! A data governance strategy can be of help.


Learn more about data governance models, how to build one for your business, and how FileCloud can help with our whitepaper

build data governance strategy FileCloud


Turn Your Data Governance Nays into Yays!

You’re on board with building up your data governance: improving security, addressing compliance needs, and future-proofing your business. Sounds optimal, right? But now you have to convince everyone else.

This could be the most difficult part of implementing a data governance strategy. We’ve assembled a few of the most common barriers to data governance and shown how you can knock those barriers down.

Implement Data Governance

Data Governance/Compliance is too hard!
Recognize that Data Governance is about proactively creating business value and future-proofing data security, rather than reactively complying with external controls. It’s an investment that pays off.

I don’t know where to start.

Identify meaningful tools that will integrate with existing IT or find a new system that can simplify your data governance tasks. Investing now will improve efficiency of business operations and protect future data assets.

Shouldn’t IT handle this?

Take ownership of the Data Governance model. For data governance to succeed, everyone must be involved from the ground up in the data lifecycle (not just the IT department).

I’ve already tried, and it didn’t work.

Don’t try to take on all of your data at once. Start with your most important data and empower your teams with training and communication. Remember that implementing a new system will take time. Once everyone is comfortable with the governance strategy, you can always scale up.

Take Control of Data Governance with FileCloud

FileCloud is a Content Collaboration Platform (CCP) that specializes in hyper-security and data governance. With standard and enterprise options for on-premises or cloud systems, you can rest assured knowing you have the tools to safeguard and govern your data to comply with regulatory requirements and build business value.

Check out our whitepaper for an in-depth review of data governance models and strategies. Read on to discover different tools in FileCloud that can help support your data governance objectives.

Hyper-Security

FileCloud supports a multi-tiered approach to security, including automatic antivirus scanning upon upload, ransomware and malware prevention, integrations with security event and incident management (SIEM) software, and implementation of REST APIs for precise data management functionality.

Admins can set additional login requirements through Single Sign-on (SSO) and two-factor authentication (2FA) or integrate with Active Directories. File locking and unlimited file versioning ensure that data is preserved internally, so that collaboration never leads to data loss or overwrite.

FileCloud also uses advanced encryption modules, including AES 256-bit encryption for data at rest, SSL/TLS secure tunnels for data in transit, and FIPS 140-2 encryption certification. Bring Your Own Key policies mean clients can leverage site-specific, managed encryption keys in a multi-tenant setup.

Granular Sharing and User Policies

Admins and users can utilize granular sharing options to ensure only specified information is distributed, whether that information resides in a folder, sub-folder, or a specific file. Share links can be sent as public or private (password protected) with varying degrees of permission (read, write, download, share).

Shares can also be set to expire after a certain time. Furthermore, access permissions within the system can be set according to user, group, and global policies. Admin access can also be fine-tuned through role-based access controls (RBAC).

Retention Policies

Retention policies are a critical element of data governance. With an enterprise FileCloud license, you can leverage a hierarchical list of retention policies to meet the distinct needs of your organization.

Admins can automate retention processes to secure and manage digital content more consistently and to meet industry or regulatory standards. Available policies include:

  • Admin Hold: Outranks all other policies and prevents any update or delete of digital content for an indefinite period of time.
  • Legal Hold: Freezes digital content to aid discovery or legal challenges. During a legal hold, file modifications are not allowed.
  • Retention: Identifies digital content to be kept around for an unlimited amount of time before being deleted or released.
  • Archival: Moves and stores old organizational content for long term. No Deletion is allowed until a specified time period is reached. After this time, content gets moved to a specific folder.
  • Trash Retention: Can be configured for automatic and permanent deletion of all files in the Trash bins or to expire with no actions.

Content Classification & DLP

Classification is a major component of data governance. With FileCloud, admins and users can leverage either default or custom metadata tags to support the content classification engine (CCE).

FileCloud’s smart CCE automatically sorts uploaded content, enabling improved search optimization (including e-discovery and pattern search for GDPR compliance).

With a classification system in place, admins can also leverage FileCloud’s Data Leak Prevention (DLP), which uses a system of rules and metadata to guard against unauthorized sharing or access. The DLP expression builder ensures even team leaders and managers without an IT background can set up the rules they need to secure their data.

Comprehensive Reports & Audit Logs

FileCloud offers various administrative features to maintain user control over data such as file analytics and reports, as well as detailed, unchangeable audit trail logs.

These logs capture who (username) did what (access, modify and delete) to what data (files/folders), when (timestamp), where (IP address), and how (web, mobile, sync client and drive). Admins can search transactions and export audit logs as CSV files for detailed analysis.

 

Endpoint/Remote Device Management

Endpoint device management provides an inventory of all the devices connected to the FileCloud system such as computers, laptops, and smartphones. Administrators can remotely block users or even wipe data on any connected device. The Access Map in the Admin dashboard provides a unique view of connected IP addresses (Geo-IP) to support identification of suspicious activity.FileCloud Admin Dashboard

Compliance Center

FileCloud’s Compliance Center organizes security and sharing features listed above into one streamlined interface to support your compliance needs. System administrators can follow FileCloud’s specialized configurations for ITAR, GDPR, and HIPAA to apply the necessary security and sharing settings.

Individual rules can be enabled or disabled to reflect the existing governance and compliance protections in place, and linked documentation provides more information on what the requirement is and how FileCloud supports compliance.

Digital Rights Management (DRM)

DRM prevents unauthorized sharing, screenshot capturing, copying, or printing of intellectual property including contracts, sales/marketing reports, eBooks, training materials, and other sensitive documents.

For even greater control, files can be shared through a secure viewer, where only specific elements will be visible. Password requirements ensure only authorized users access shared information, and download limits curtail the distribution of materials. Share links and permissions can also be updated and access revoked at any time.

FileCloud DRM

Conclusion

In reality, data governance can be tricky, intimidating, and even expensive. But it doesn’t have to be. FileCloud can help set your worries and woes aside, thanks to its intuitive user and admin interface, automated tools like metadata, Smart Classification, DLP, and retention policies, compliance support through the Compliance Center, and a hyper-secure platform.

Find out today if FileCloud is right for you by taking the tour or signing up for a free trial!

 

~By Katie Gerhardt, Digital Content Specialist