Archive for the ‘FileCloud’ Category

FileCloud and VPAT Compliance

Web Accessibility Series – Part 2. To read Part 1, click here

FileCloud is committed to ensuring that the platform, whether Online or Server, is accessible to all users by embracing industry standards and guidelines such as VPATTM (Voluntary Product Accessibility Template) and WCAG (Web Content Accessibility Guidelines).

VPAT Compliance and WCAG Guidelines

Since the 20.3 release (December 2020), FileCloud supports VPATTM 1.1, 2.1.1, 2.1.2, 2.1.3, 2.2.5, 2.4, 3.1, 3.2, 3.3, 4.1.1, and 4.1.2.

“A Voluntary Product Accessibility Template (VPAT) is a document that explains how information and communication technology (ICT) products such as software, hardware, electronic content, and support documentation meet (conform to) the Revised 508 Standards for IT accessibility. VPAT helps Federal agency contracting officials and government buyers to assess ICT for accessibility when doing market research and evaluating proposals.”Section 508 official website.

FileCloud also follows WCAG 2.1, which enables users with limited accessibility to work with FileCloud.

“Web Content Accessibility Guidelines (WCAG) 2.1 covers a wide range of recommendations for making Web content more accessible. Following these guidelines will make content more accessible to a wider range of people with disabilities, including accommodations for blindness and low vision, deafness and hearing loss, limited movement, speech disabilities, photosensitivity, and combinations of these, and some accommodation for learning disabilities and cognitive limitations; but will not address every user need for people with these disabilities. These guidelines address accessibility of web content on desktops, laptops, tablets, and mobile devices. Following these guidelines will also often make Web content more usable to users in general.” W3C definition.

By following these design guidelines, FileCloud is more user-friendly to all users. In this blog post, we’ll go over a few elements that demonstrate FileCloud’s VPATTM compliance.

FileCloud Enhancements for Accessibility

FileCloud has been designed with the Voluntary Product Accessibility Template (VPATTM) in mind and offers a variety of options to improve usability:

  • High contrast mode
  • Color options
  • Visual cues
  • Keyboard shortcuts
  • Dark mode
  • Non-blocking operations for long-running tasks
  • Support for color customization and themes
  • Complete translation in multiple languages

High Contrast Mode

One of the recommendations from W3C is to provide a style switcher for a High Contrast mode.

This mode is available from the user UI and can be activated per user through the user settings:

High Contrast Mode

When you check the enable box, the UI will immediately change to the high contrast mode:

Keyboard Shortcuts

FileCloud supports VPAT Compliance by enabling navigation of the user interface using only the keyboard. These include tab navigation through the interface, no keyboard traps, and the ability to move between frames in the user UI.

W3C Keyboard accessibility guidelines say: “If all functionality can be achieved using the keyboard, it can be accomplished by keyboard users, by speech input (which creates keyboard input), by mouse (using on-screen keyboards), and by a wide variety of assistive technologies that create simulated keystrokes as their output.” – Keyboard accessibility guidelines 2.1.

To view the list of available shortcuts, the user can click on the “Show Shortcuts” section in the user menu. Then click on “Shortcut Keys” to bring up the full list:

For more information on how these shortcuts work, you can visit the first blog post in this accessibility series: VPAT and Keyboard Shortcuts in FileCloud.

Themes and Dark Mode

The W3C distinguishable guidelines recommend making it easier for users to see content by separating the foreground from the background. FileCloud has a theme option that enables users to switch between color schemes, including a Dark Mode. This can be accomplished through User Settings.

The two bars on the right side of the theme selector allow the user to choose the hyperlink text color and the background of the button color. Once a theme is selected, the UI switches immediately:

Language Options

This feature has been available for a long time in FileCloud for select languages. Recently though, Arabic, Simplified Chinese, Traditional Chinese, and Chinese have been included as options for both users and admins, helping a broader user base leverage FileCloud in their day-to-day operations.

The user can update their display language from the user settings. Current language options include:

  • Arabic
  • Chinese Simplified
  • Chinese Traditional
  • Chinese
  • Dutch
  • English
  • French
  • German
  • Italian
  • Portuguese
  • Russian
  • Spanish

 

Here are some examples of the UI after the language is changed:

Conclusion

FileCloud continues to implement changes according to W3C guidelines and VPATTM to create a user-friendly interface for everyone. The last VPATTM assessment gave FileCloud a 75+ score, and all “A” scores were accomplished. FileCloud is working on achieving “AA” and “AAA” scores for maximum compatibility in the future.

 

Article written by Daniel Alarcon

Enable FIPS Encryption in FileCloud

enable FIPS in FileCloud

FileCloud officially supports FIPS mode with CentOS 7.x version. This post explains how to enable FIPS encryption in your FileCloud installation.

Important Note – 

Please make sure you have the FIPS component enabled in your FileCloud license. If you do not have the component, please contact our sales team at sales@filecloud.com for further help in adding the component to your license.

Step 1: Enable Dracut Modules

To enable FIPS encryption, you must first enable Dracut modules in CentOS; this can be installed by running the below commands:

yum install dracut-fips
yum install dracut-fips-aesni
dracut -v -f

It should yield the following results:

FIPS certification - enable dracut modules in CentOS

Step 2: Add the FIPS flag to the Grub Configuration

Once the Dracut module is configured, the next step is to add the FIPS flag to the grub configuration. To make the necessary changes, modify this file /etc/default/grub by adding fips=1 to GRUB_CMDLINE_LINUX.

GRUB_CMDLINE_LINUX=”crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet fips=1″

GRUB_CMDLINE_LINUX=”crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet fips=1 boot=UUID=34c96d6b-a43c-fec3-a2a6-e6593c977550″ #if /boot is on a different partition use blkid of the boot partition 

Step 3: Regenerate the Grub Configuration

After modifying the grub configuration, we will need to regenerate the grub configuration using the below command:

grub2-mkconfig -o /etc/grub2.cfg

If prelinking is installed in the server, you must first disable prelinking by modifying this file – /etc/sysconfig/prelink – and setting PRELINKING=no

Step 4: Reboot the Server

After the above changes are made, reboot the server and check this file – cat /proc/sys/crypto/fips_enabled – to ensure FIPS is enabled.

[root@cnfc ~]# cat /proc/sys/cryto/fips_enabled
1

Step 5: Install FileCloud

The next step is to install FileCloud.

yum install wget
wget http://patch.codelathe.com/tonidocloud/live/installer/filecloud-liu.sh && bash filecloud-liu.sh

Install FileCloud with the above script and configure the components required depending on your use case. Once completed, your FileCloud server will run under the FIPS mode.

Alternative Options

You can also download and install a FIPS-enabled OpenSSL.
NOTE: This is only needed if safelogic modules are required. Once FIPS mode is enabled, CentOS installs FIPS-enabled packages by default.

yum install unzip
wget http://patch.codelathe.com/tonidocloud/live/3rdparty/fipsopenssl/fipsopenssl.zip
unzip -q fipsopenssl.zip -d /root/fipsopenssl
rpm -Uvh –nodeps /root/fipsopenssl/*.rpm

We also recommend enabling strong ciphers and TLS 1.2/TLS 1.3 in your Apache SSL configuration:

#SSLProtocol all -SSLv2 -SSLv3
SSLProtocol -all +TLSv1.2 +TLSv1.3
#SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
#SSLCipherSuite HIGH:!aNULL:!MD5
SSLCipherSuite HIGH:!MEDIUM:!LOW:!EXP:!aNULL:!MD5:!EXPORT:!eNULL:!kECDH:!aDH:!RC4:!3DES:!CAMELLIA:!PSK:!SRP:!KRB5:@STRENGTH

Conclusion

For greater security and governance over your data, FileCloud supports FIPS encryption. With this step-by-step process, you can now enable FIPS on your own FileCloud installation (provided it is available with your license.) For additional support or clarification, please get in touch with our support team at support@filecloud.com.

 

Article written by Nandakumar Chitra Suresh

 

 

The Security Risks of File Sharing & Cloud Storage (with a solution!)

What is File Sharing and Cloud Storage?

File sharing and cloud storage is a way of storing and sharing files online that many companies and organizations are using. Some organizations have migrated entirely to the cloud. However, there still seems to be some confusion as to what the cloud actually is.

Essentially, the cloud is a digital space online where companies can store data, instead of on a company hard drive.

Why Are So Many Companies Using the Cloud?

Many companies and organizations are turning to the cloud because it is easier to use. In effect, all files and data are stored online and can be accessed by any device with an internet connect. In addition, in a world where huge numbers of people are working remotely and in different offices, cloud storage and sharing allows users to share files easily between themselves and clients.

What Are the Data Security Risks of File Sharing and Cloud Storage?

The cloud sounds great, right? And it can be, but there are risks involved in storing and sharing files via the cloud, which can lead to data leaks, loss of time, and even financial penalties. There are many reasons that companies use cloud technology, but some of those exact reasons can pose security risks if you’re not using a hyper-secure cloud storage and sharing system.

Those risks include:

Employees Using Their Own Devices/Non-Secured Devices

One of the benefits of storing files in the cloud means that users can access those files anywhere they have an internet connection—on any device. However, this can also be a security risk. Employees using company computers is one thing, but policies like BYOD (bring your own device) often result in employees using personal laptop or cell phone. Security is often not up-to-date on these devices, and if they’re hacked, lost, or stolen, that could lead to a data breach for your company. It’s best to look for a system that has a robust device management dashboard, along with the option for admins to remove devices from the system at any point.

One Size Fits All Sharing

Sharing permissions are a vital part of using cloud tech. After all, you don’t want just anyone having access to your data, right? If you pick a system that doesn’t offer advanced sharing permissions and simply sends all shares publicly, you could be in trouble. You’ll want to look for a cloud storage and sharing system that has advanced and customizable sharing permissions.

Unrestricted Sharing

Data leak prevention (or DLP) is a necessary part of any cloud system that stores and shares data. Essentially, DLP stops leaks before they happen (whether from malicious or accidental user error). A system without DLP in place can cost you time and money, especially where compliance regulations are in place. Look for Smart DLP that is flexible and rule driven, with admins having complete control.

No Centralized Fail-Safe for Document Retention

Retention policies are a way of managing data, like having restrictions on data being deleted in the case of HIPAA, or restrictions on files being deleted in case of a lawsuit. These regulations are increasingly needed in a world where compliance regulations are being added and updated yearly. Regulations like GDPR, ITAR, and HIPAA have strict requirements for data security, safety, and storage. A cloud system without a top-notch retention policy system likely won’t comply with expanding regulations and could lead to a huge loss of money, and even the ability to operate. Finding a cloud storage system that also has robust retention polices is vital.

Lack of Audit Logs

Audit logs are the best way to know who is using your system when, and how. This can help keep data secure and compliant, but many cloud systems, especially consumer-grade solutions, won’t have these audit logs available. Ideally, you want the ability to have a complete audit of the whole system with easily-downloadable logs for audit and regulatory overview.

How FileCloud’s Hyper-Secure System Helps Companies Avoid Risks

FileCloud is a hyper-secure cloud storage and file sharing system that was created to help companies avoid risk, keep data secure and compliant, while making files easy to share.

It has all the necessary features we talked about above, in addition to other amazing tools like workflow automation, a compliance center, and advanced security.

To learn more about FileCloud, take our quick tour here.

Import Users to AD via PowerShell

Integrating FileCloud with your existing Active Directory (AD) can make setup much easier, faster, and secure. Users don’t need to worry about creating new accounts or credentials, and IT admins can efficiently manage assets across networks and monitor security.

Maybe you’re ready to go with FileCloud, but you don’t have an Active Directory set up yet. If your user base is large enough, if you have certain security thresholds, or if your organization uses a wide variety of applications, it makes sense to establish your AD first. Then you will have a single database to manage user access across your network.

Here we describe how to import users into an AD using PowerShell:

Single User Import

SamAccountName :  jdoe2

Name:  John2 Doe

DisplayName:  John2 Doe

Surname:  john2

GivenName:  John2

Email:  fc@company.ur1

UserPrincipalName:  john2@ns.fctestin.com

Password:  test@1234562

To import a user with the above details to the AD, the below command can be used.

New-ADUser -PassThru -Path OU=Users,OU=US,DC=ns,DC=fctestin,DC=com -AccountPassword (ConvertTo-SecureString test@1234562 -AsPlainText -Force) -CannotChangePassword $False -DisplayName "John2 Doe" -GivenName John2 -Name "John2 Doe" -SamAccountName jdoe2 -Surname john2 -email fc@company.ur1 -UserPrincipalName john2@ns.fctestin.com

Bulk User Import

To bulk import users, you must first add those users and some detail to a CSV file.  Then use a PowerShell script to read those values from the CSV file and import them to AD.

Add user details to a CSV file as shown in the screenshot below:


Power Shell Script

In the script below, values from the CSV file are assigned to variables. We then use these variables in the New-ADUser command to import each user.

Import-Module ActiveDirectory

$Domain="@ns.fctestin.com"

$NewUsersList=Import-CSV "aduser.csv"

ForEach ($User in $NewUsersList) {

$fullname=$User.FullName

$givenname=$User.givenName

$samaccountname=$User.sAMAccountName

$sn=$User.sn

$userprincipalname=$User.sAMAccountName+$Domain

$useremail=$User.email

New-ADUser -PassThru -Path "OU=Users,OU=US,DC=ns,DC=fctestin,DC=com" -AccountPassword (ConvertTo-SecureString test@1234562 -AsPlainText -Force) -CannotChangePassword $False -DisplayName $fullname -GivenName $givenname -Name $fullname -SamAccountName $samaccountname -Surname $sn -email $useremail -UserPrincipalName $userprincipalname

}

NOTE: In that CSV file, you can add more columns like Company, Department, telephone number, etc. You can then assign values to those variables that can be used with the New-ADUser command.

Executing the Script

  • Save the script into a notepad and save it as “AD import.ps1”
  • Open the PowerShell and change the directory to the location of the script and execute the below command:
& '.\AD import.ps1' -delimiter ","

Here, the delimiter is given as a comma. If you open the CSV file in notepad++, you can see that fields will be separated by commas.

Other Useful Commands

  1. To get the total number of users in a group:
(Get-ADGroup "Test import" -Properties *).Member.Count

Here, Test import is the group name. If the group name has a space in between, it should be enclosed in quotes.

  1. To add all users from an OU to a group
Get-ADUser -SearchBase ` OU=Users,OU=US,DC=ns,DC=fctestin,DC=com ' -Filter * | ForEach-Object {Add-ADGroupMember -Identity `Test import' -Members $_ }

Here, Test import is the group name. If the group name has a space in between, it should be enclosed in quotes.

Conclusion

Now that you have an AD set up, you can explore all the exciting integrations and security benefits For more information on how you can integrate FileCloud within your existing IT infrastructure, check out FileCloud’s Extensibility. You can also reach out to the Support Team through your Admin dashboard or explore other tools and features in FileCloud University.

 

Article written by Sanu Varkey

 

Migrating Storage Between Regions

Migrating Storage: AWS S3 vs Wasabi

FileCloud supports S3 compatible storage such as Wasabi storage; however, migrating from one Wasabi bucket to another in a different region is not possible, unlike AWS S3 storage. This blog will help you migrate the managed storage in your FileCloud system from one location to another.

Usually, the best method to perform an S3-to-S3 migration is with the help of the AWS CLI tool. However, Wasabi restricts the use of the AWS CLI tool migration if both the buckets are in different regions due to architecture issues within Wasabi.

In this post, we will review how to migrate a FileCloud server running in Ubuntu 18.04 LTS, where the server and Wasabi storage is in Amsterdam, to London.

Transfer storage from different buckets across regions

Step 1: Setting up the Environment

Set up the new server and install the latest version of FileCloud on it. In our case, we are installing a new FileCloud instance on Ubuntu 20.04 LTS.

Step 2: Running the Required Services

Stop all the services in Region 1 except MongoDB.

Step 3: Exporting Data

Mount additional disk space to export the data in Region 1.

In our test case here, the servers are hosted in linode server. We have created a temp disk space of 1 TB and then mounted on Region 1. Using our export method mentioned in the below documentation, we can export all the data into the temp disk which we created for Region 1.

https://www.filecloudFileCloud.com/supportdocs/fcdoc/2v/server/filecloudFileCloud-server-administrator-guide/manage-filecloudFileCloud-data/export-files

:/WWWROOT/resources/tools/fileutils$ sudo php ./exportfs.php -d /cloudexport/ -u all -p / -r realRun

The temporary storage is mounted to /cloudexport

Step 4: Transferring the Exported Data

In Region 2, we must ensure that we have a temporary disk attached similar to the specs in Region 1 and that it is mounted to /cloudexport

To transfer data between two regions, we prefer to use rsync client over ssh. Run the below command on the Region 1 server:

rsync -avz /cloudexport root@192.168.1.2:/cloudexport

Replace the IP 192.168.1.2 with the public IP of Region 2. Then wait until the rsync is completed.

Step 5: Transferring the Database from Region 1 to Region 2

To transfer the MongoDB data, we can take a mongodump from Region 1, transfer it using rsync (as in Step 4), and then perform mongorestore in Region 2.

The below commands should be executed in the same order to complete the DB migration:

mongodump –out /root/db-dumps

rsync -avz /root/db-dumps roo@192.168.1.2:/root

mongorestore –noIndexRestore /root/db-dumps

Step 6: Seeding the Exported Data into a New Server

To seed the exported data, we can use the documentation here:

https://www.FileCloud.com/supportdocs/fcdoc/2v/server/FileCloud-server-administrator-guide/installing-FileCloud-server/installation/amazon-web-services-aws-installation/seeding-FileCloud-for-amazon-s3

sudo php ./seed.php -h default -p /cloudexport -i -r

After the data is completed, please restart all services and make sure the data is copied across properly before making the DNS switch to the new server.

Conclusion

The above documentation is tested on a standard FileCloud installation with the default site. For multitenant setups, the commands need to change accordingly. We recommend getting in touch with our support team at support@filecloud.com for any clarifications.

 

Article written by Nandakumar Chitra Suresh

 

 

Competitor Series: FileCloud vs OpenText 2022

Content Collaboration Platforms (CCPs) may seem simple on the surface. After all, the function is captured by the name: content is stored and organized on a platform that facilitates collaboration between team members, external clients, vendors, and leadership. Each CCP currently available on the market has tried to distinguish itself from the others, by specializing in a certain direction or by developing new features and tools ahead of its competition. In this blog post, we will examine the differences between FileCloud and OpenText. Specifically, we’ll be comparing FileCloud’s Standard Server plan with the OpenText Content Suite Platform.

Deployment in FileCloud vs OpenText

Many clients are migrating to cloud-only solutions; for them, the base OpenText Content Suite Platform may be a good fit.

However, the advent of cloud migration has exposed some of the vulnerabilities and threats that can arise from keeping all your data in the cloud. That’s why FileCloud offers flexible options, including on-prem, cloud, or hybrid deployment. You can also integrate with your existing storage services, like AWS, Azure, and Alibaba Cloud, run FileCloud as a virtual machine, or take advantage of multitenancy.

OpenText does have on-prem and hybrid options but only if you upgrade to the Enterprise-version of the Content Suite Platform. If you want to run OpenText as VMware, that requires a different add-on, OpenText Exceed Turbo X. Multitenancy is not an option, and if high-availability architecture is required, it must be configured through the OpenText API-Availability Software Development Kit.

Admin

OpenText does offer many of the same Admin functionalities as FileCloud. In fact, this is the most fleshed-out element of the OpenText Content Suite Platform. In both platforms, admins can:

  • Manage users and groups in a single admin console
  • Delegate administrative functions to “admin-users” and establish role-based administration
  • Extend policies to mobile devices
  • Generate and export reports on system usage and audit logs on user and file activities.

However, there are a few key features that FileCloud includes, such as the ability to send notifications directly to user devices. FileCloud also offers a Geo-IP map in the admin console, which displays where users are logging into the system through their IP address. If any unusual or suspicious login activity occurs, admins can block and/or remotely wipe devices.

 

OpenText does allow the ability to block devices, but remote wipe and other advanced remote device management features are not part of the Content Suite Platform.

Security

OpenText’s Content Suite Platform provides some basic safeguards when it comes to securing data. For example, OpenText admins can manage users and groups, create and enforce policies, adjust granular permissions, and implement Role-Based Access Controls (RBAC) and rule-based alerts and actions.

In FileCloud, these features are only the beginning of the hyper-secure platform. Built-in features include 256-bit AES encryption for data at rest and in transit, alerts on suspicious or unusual activity, ransomware protection, and ICAP-supported antivirus scanning.

While setting up the FileCloud environment, admins can opt to integrate with Active Directories or LDAP to preserve existing login credentials. Additionally, FileCloud admins can enable such protections as two-factor authentication with policy control, SSO login, customer-managed encryption, password strength requirements, and security policies based on document metadata.

 

Compliance/Governance

Compliance and governance tools are another area where OpenText runs on the shorter side. As part of the Content Suite Platform, admins and users can take advantage of reporting and document life cycle management policies. However, there is no official support for regulations. To cover basic GDPR requirements, an OpenText client would also have to include OpenText Documentum and possibly OpenText Cloud Fax. Furthermore, there is no consolidated guidance on how to configure the OpenText platform to make it compliant manually, unless you opt for a different solution, the Enterprise Information Management platform.

FileCloud offers support documentation for regulations like GDPR, HIPAA, ITAR, FINRA, and CMMC. Compliance reports can be generated and exported for ease of governance, along with comprehensive audit reports on user and file activities throughout the FileCloud environment. Features like Smart DLP, encryption options, and on-premises hosting help Compliance Officers and IT managers meet compliance requirements.

With FileCloud’s Enterprise plan, clients gain access to a powerful and intuitive Compliance Center, with configurations for HIPAA, GDPR, and ITAR (and more on the way!). Users can view the specific requirements (with links to regulatory documentation), a brief explanation of how FileCloud supports compliance with that requirement, the option to enable (or disable) a rule, and a status column that shows if compliance has been achieved or not. If any “issues” are flagged during a scan, FileCloud offers explicit instructions to help redress the issues and achieve compliance.

Content Management

OpenText and FileCloud both offer content management features, including real-time web editing, file locking, retention policies, content analytics, and metadata management (default and custom sets).

Once again though, FileCloud goes beyond to meet management requirements and ease the administrative burden. For example, FileCloud’s unlimited data storage means the platform can also support unlimited file versioning. Users can easily review changes across different versions and even restore files, without sacrificing space or speed. This also contributes to built-in archival support, so that no information is ever lost or overwritten.

In comparison, while OpenText does offer file versioning, it is limited to the storage quota of the user or the client’s total storage capacity.

Collaboration & Sharing

Collaboration is a strength across both platforms, which stands to reason, considering their classification as “Content Collaboration Platforms.” Users can utilize helpful tools like file and folder commenting, activity streams and @ mentions, team folders, document preview for common file types, and drag-and-drop upload. OpenText even includes basic file actions and workflows to facilitate the movement of files.

However, FileCloud has gone beyond simple workflows to address the expanding workloads of modern organizations with Workflow Automation. These complex “if this, then that” workflows support streamlined, efficient handling of files and documents. Examples include candidate review and onboarding, contract approvals, project and meeting note distribution, and invoicing, among other administrative tasks.

Remote (Mobile) Access

As mentioned above, OpenText and FileCloud both provide an inventory of all connected mobile devices and the ability to block connected devices. This is useful to protect data from malicious activity or even something as innocent as an employee moving on to another job opportunity.

However, simply blocking a device does not retrieve data that has already been downloaded or saved on a user’s device. FileCloud’s commitment to a hyper-secure platform means that admins are empowered with the ability to remotely wipe any connected device, ensuring that data is safeguarded within the platform, regardless of access, activity, or device.

 

FileCloud vs OpenText Conclusion

OpenText presents an interesting solution model to the CCP market. As one of the largest software companies in Canada, OpenText has made a name for itself through the sheer number of solutions it offers (by acquiring stand-alone or overlapping tools) and the modular packaging. Theoretically, this ensures that clients can pay only for the services and solutions they need, without investing in an extensive platform with bells and whistles they’ll never even notice.

However, if you handle sensitive or confidential data, if your organization is rapidly scaling, or if you want to future-proof your file storage and collaboration, FileCloud is the better choice. Not only does FileCloud offer industry-leading solutions for content management and collaboration, it also incorporates best-in-class file security, governance, and deployment options.

Additionally, FileCloud’s transparent pricing model ensures you know exactly what you’re getting and for how much, which means your organization can better plan for the fiscal years ahead and invest in an IT infrastructure that will provide high ROI.

 

To learn how FileCloud can support your company, check out the tour page or sign up for a free trial!

 

Article written by Katie Gerhardt

 

Competitor Series: FileCloud vs Nextcloud 2022

FileCloud vs Nextcloud 2022

We are continuing our comparative series, where we examine the strengths and weaknesses of various Content Collaboration Platforms (CCPs). We previously covered FileCloud vs ownCloud. This post pits FileCloud vs Nextcloud, to see how FileCloud’s Standard plan measures up against the Nextcloud Enterprise (Basic) plan.

Deployment in FileCloud vs Nextcloud

Nextcloud is an interesting solution in the land of CCPs, which tend to focus on cloud technology and accessibility. Instead, Nextcloud is an on-prem exclusive solution that specializes in file storage, sharing, and management. It is compatible with many different storage solutions, such as AWS and Azure, and it can be run on a virtual machine or as part of a virtual desktop infrastructure environment.

However, because of the limitation to on-premises hosting only, there are no cloud or hybrid options, which can take away from the expected flexibility of a CCP. Nextcloud also doesn’t offer multitenancy or high-availability architecture.

With FileCloud, you can choose between on-prem, cloud, or hybrid hosting to suit your IT infrastructure and the needs of your organization. Multitenancy provides customization and data security to different offices or organizations under your umbrella, and high-availability architecture ensures uninterrupted service, even under heavy processing loads.

Deployment

Admin

When it comes to Admin features, FileCloud and Nextcloud cover similar territory. Both support the ability to limit and manage user storage quotas, create groups and policies, and delegate admin powers to specific users as a way of streamlining workloads and points of contact. Both CCPs also provide admins with detailed user/file activity and audit reporting.

One key difference is FileCloud’s Admin dashboard. Admins can prioritize the information they need the most by resizing, moving, or even deleting the informational widgets. FileCloud also provides a unique Geo-IP widget, which shows environment access according to IP address on a map. This tool enables admins to easily spot suspicious logins at a glance and take direct action.

New Admin Dashboard

Security

FileCloud and Nextcloud also share several security features, although FileCloud distinguishes itself in the market for its focus on hyper-security.

Both FileCloud and Nextcloud support features like SAML integration, two-factor authentication, Role-Based Access Controls (RBAC), LD and LDAP integration, and password strength enforcement policies. However, FileCloud takes security a step further by providing AES 256-bit encryption for data at rest and in transit; Nextcloud does not offer the same protection to data in transit.

Additionally, Nextcloud does not offer ICAP-supported antivirus protection, and clients must pay extra to gain access to FIPS 140-2 encryption through the Nextcloud ECM platform. Antivirus scanning is another add-on with the Kaspersky Scan Engine. FileCloud offers ICAP antivirus scanning, ransomware protection, and advanced encryption without paying extra.

One overlooked element in Nextcloud is customization options. While this may not seem like an obvious “security” feature, FileCloud recognizes how a customized portal and UI help organizations build trust with external customers and vendors.

By using their own branding, including logos, theme colors, graphics, and communication language, clients can extend their organization’s digital landscape and protect against email spoofing and other malicious exploits. By comparison, clients are extremely limited when it comes to customizing their Nextcloud environment, unless they decide to upgrade to the Enterprise Standard or Premium plans.

FileCloud Customization Menu

Compliance/Governance

Nextcloud does offer powerful compliance and governance tools as part of their Enterprise (Basic) plan. These tools include retention policies to manage files throughout the document lifecycle and simplified configurations for HIPAA and GDPR compliance.

With FileCloud’s Enterprise plan, clients gain access to a powerful and intuitive Compliance Center, with configurations for HIPAA, GDPR, and ITAR (and more on the way!). Users can view the specific requirements (with links to regulatory documentation), a brief explanation of how FileCloud supports compliance with that requirement, the option to enable (or disable) a rule, and a status column that shows if compliance has been achieved or not. If any “issues” are flagged during a scan, FileCloud offers explicit instructions to help redress the issues and achieve compliance.

FileCloud also offers support documentation for FINRA and CMMC compliance. Advanced compliance reports can be generated and exported for ease of governance, along with comprehensive audit reports on user and file activities throughout the FileCloud environment.

FileCloud Compliance Center

Content Management

A CCP would be a poor solution if it didn’t offer features and tools to support content management. In this case, the FileCloud vs Nextcloud comparison yields similar features, including:

  • Real-time collaboration through web editing
  • Unlimited file versioning
  • File Locking, or the ability to check files in/out for editing
  • Editing collision detection
  • Content analytics
  • Built-in archiving support
  • Default and custom metadata set
  • Full-text search of content, based on file names and metadata

One distinction between the two is how FileCloud uses metadata to make data more accessible. For example, FileCloud enables automatic metadata extraction from uploaded images, which reduces the workload for organizations handling large arrays of visual content.

Additionally, FileCloud users can take advantage of color tagging with their metadata, so that organization methods and sifting can become more intuitive and receptive to different styles and preferences.

FileCloud Edit Metadata

Collaboration & Sharing

Again, CCPs by their very design should offer streamlined solutions to collaboration. Features covered above, like team folders, file versioning, web editing, and editing collision all support collaboration. However, FileCloud’s platform provides just a bit more functionality through the power of integrations, including:

  • Microsoft Office, Outlook, and 365
  • OnlyOffice
  • Collabora
  • Google Apps (Slides, Sheets, and Docs)

Users can utilize their preferred apps and tools to work on documents in real-time, without ever leaving the security of their FileCloud environment.

In comparison, Nextcloud only integrates with Outlook on the Enterprise (Basic) plan. To gain access to Collabora and OnlyOffice, clients must upgrade to the Enterprise (Standard) plan. To utilize Microsoft Office Online, clients must upgrade to the Enterprise (Premium) plan. Nextcloud does not currently offer any integration with Google Apps, cutting many users off from their preferred and commonly used collaboration tools.

Furthermore, FileCloud has developed a critical feature to address the expanding workloads of modern organizations: Workflow Automation. These complex “if this, then that” workflows support streamlined, efficient handling of files and documents. Examples include candidate review and onboarding, contract approvals, project and meeting note distribution, and invoicing, among other administrative tasks. Though Nextcloud offers simple approval workflows, it is limited compared to the opportunities afforded by FileCloud.

Create Full Workflows

Remote (Mobile) Access

Remote/mobile access is an important feature for both FileCloud and Nextcloud. To answer the remote needs of their clients’ user base, these CCPs have implemented such tools as:

  • Mobile apps for iOS and Android
  • Desktop and selective sync (so users can choose to sync specified content)
  • Virtual drive clients
  • Large file support
  • Document preview
  • Drag/drop upload

With these tools, users can easily upload, edit, download, and share files across their devices, even when working on their mobile phones or tablets or while disconnected from the network.

FileCloud Drive Activity

FileCloud vs NextCloud Conclusion

It’s easy to note all the similarities between FileCloud and Nextcloud. To be sure, there are many when it comes to the expected features of a CCP.

Where FileCloud differs though is in pushing the envelope and consistently developing the platform to the expanding needs and requests of the client base, particularly when it comes to compliance, security, and user features.

With FileCloud’s automated and user capabilities like workflow automation, the Compliance Center, collaboration integrations, and customization options, you can confidently balance the tightrope between security and accessibility.

Also Check out the comparison between ownCloud vs Nextcloud

 

To learn how FileCloud can support your company, check out the tour page or sign up for a free trial!

 

Article written by Katie Gerhardt

 

Upgrade Your FileCloud Cluster and MongoDB with Offline Upgrade Tool

This blog post explains how to upgrade the FileCloud High Availability cluster using the FileCloud Offline Upgrade tool for Linux. At the moment, the FileCloud Offline Upgrade tool only supports CentOS7 and RHEL7 machines.

Offline Upgrade Tool download links:

offline_rpm_upgrader.tgz

mongodb_upgrader_40_rpm.tgz

mongodb_upgrader_42_rpm.tgz

 

Reviewing the Architecture

In this scenario, let us consider the architecture. The FileCloud architecture below consists of:

  • 2 x web servers
  • 3 x MongoDB servers
  • 1 x Solr server

Update FileCloud Cluster - 9 Server Cluster Example

The example used throughout this how-to blog post is based on FileCloud 20.1, where MongoDB runs on 3.6. Starting from 21.1, we will have to upgrade the MongoDB clusters manually, prior to Web node upgrades.

 

Upgrading FileCloud’s MongoDB Servers

We described how to upgrade MongoDB servers for Windows and Linux in a previous blog post. Here, we describe steps to upgrade MongoDB with the FileCloud offline upgrade too.

Step 1: Download the Upgrade Tool and Create a Path

First, download mongodb_upgrader_40_rpm.tgz and mongodb_upgrader_42_rpm.tgz into the MongoDB servers. You will need to implement these upgrades step by step.

mongodb_upgrader_40_rpm.tgz is MongoDB 4.0
mongodb_upgrader_42_rpm.tgz is MongoDB 4.2

Step 2: Create a Directory and Path

Create a directory as below in any path; $path can be any path location

mkdir -p $path/mongo40
mkdir -p $path/mongo42

tar -xzvf mongodb_upgrader_40_rpm.tgz -C $path/mongo40
tar -xzvf mongodb_upgrader_42_rpm.tgz -C $path/mongo42

Step 3: Set Feature Compatibility to 3.6

mongo --host {IP address of Primary}  --eval "db.adminCommand( { setFeatureCompatibilityVersion: '3.6' } )"

Step 4: Upgrade Secondary Nodes to 4.0

service mongod stop
cd $path/mongo40
rpm -Uvh *.rpm

Step 5: Stepdown current primary as secondary

rs.stepDown()

Step 6: Upgrade the last server to 4.0

Step 7: Set Feature Compatibility to 4.0 in the current Primary Server

mongo --host {IP address of Primary} "db.adminCommand( { setFeatureCompatibilityVersion: '4.0' } )"

Step 8: Upgrade Secondary Nodes

Upgrade secondary nodes from 4.0 to 4.2, one by one, using the below commands or by running as a script

cd $path/mongo42
service mongod stop
rpm -Uvh *.rpm

Step 9: Stepdown current primary as secondary

rs.stepDown()

Step 10: Upgrade Server to 4.2

Run command in Step 6 to upgrade the last server to 4.2

Step 11: Set Feature Compatibility to 4.2

In the current Primary Server, apply the following to update the feature compatibility to 4.2:

mongo --host {IP address of Primary} "db.adminCommand( { setFeatureCompatibilityVersion: '4.2' } )"

 

Upgrading FileCloud’s web and Solr servers

Download the offline_rpm_upgrader.tgz to both the web and Solr servers.

tar -xzvf offline_rpm_upgrader.tgz

Run the upgrader_offline_rpm.sh in the web nodes (you can skip the MongoDB upgrade option in upgrader_offline_rpm.sh as we will upgrade MongoDB servers manually prior to web nodes)

For Solr nodes, select the option Solr server and skip the web server and Solr.

 

Conclusion

Please note that this blog post is written based on the sample architecture mentioned at the start of the post. If you have different architecture, please feel free to reach out for any clarifications at support@filecloud.com.

 

Article written by Nandakumar Chitra Suresh

 

Securing Your Filecloud Installation with a Wildcard Letsencrypt SSL Certificate

For this blog post, we will delve into the steps necessary to secure a FileCloud installation with a wildcard “Lets Encrypt” SSL Certificate and  Ubuntu 20.04 LTS on a multi-tenant site.

Install Certbot Package

To obtain the Let’s Encrypt SSL certificate, we will be required to install a Certbot package in the Ubuntu 20.04 LTS machine. This package can be installed from one of the default Ubuntu package repositories. The below command can help install the necessary packages.

apt install certbot python3-certbot-apache -y

Generate SSL Certificate

After the installation is complete, run the below command to generate the SSL certificate. This process is managed by the Apache plugin that comes with the certbot. In this case, we are going to install a wildcard certificate for the domain example.com. Since this is a wildcard certificate, we will need to manually generate the certificate using the certbot command. The command we are using is below:

root@fcsrv:~# certbot certonly –server https://acme-v02.api.letsencrypt.org/directory –manual –preferred-challenges dns -d ‘*.example.com’

Confirm (or Deny) Logging of IP Address

After running this command, it will ask to confirm if the machine IP can be logged for the SSL generation purpose. In this demo, we have selected Yes.

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

NOTE: The IP of this machine will be publicly logged as having requested this

certificate. If you’re running certbot in manual mode on a machine that is not

your server, please ensure you’re okay with that.

 

Are you OK with your IP being logged?

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

(Y)es/(N)o: Y

 

Then it will ask us to create a TXT record against the domain for which we need to have the SSL issued:

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Please deploy a DNS TXT record under the name

_acme-challenge.example.com with the following value:

 

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 

Before continuing, verify the record is deployed.

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

For security reasons, we have masked the record. After the verification is completed, the SSL can be found at

/etc/letsencrypt/live/example.com/

Configure Changes and Create Virtual Host Entry

The next step is to make the required changes in /etc/apache2/sites-available/default-ssl.conf. Since this is a multi-tenant installation, we must first create a separate virtual host entry. Below is the virtual host entry we created in the file default-ssl.conf:

<VirtualHost *:443>

# Admin email, Server Name (domain name) and any aliases
ServerAdmin xxx@xxxxxx
ServerName demo.example.com

# Index file and Document Root (where the public files are located)
DirectoryIndex index.php

DocumentRoot /var/www/html
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

</VirtualHost>

Run Configuration Test

After making the changes, it is advised to run an apache config test to make sure everything is configured correctly. The expected output should be:

root@fcsrv:/etc/apache2/sites-enabled# apachectl -t

Syntax OK

Restart the apache service and use any SSL verification site to make sure your SSL certificate has been installed correctly. For additional support, please contact our FileCloud Support Team.

 

Article written by Nandakumar Chitra Suresh