Setting up FileCloud Managed Azure Blob Storage
As an administrator, you can integrate FileCloud Server to store user data on an Azure Blob storage server.
Getting Started with Azure Blob Storage
- Only change the FileCloud storage type to Blob for new installations.
- Do not change the FileCloud storage type to Blob if FileCloud has been in use and data is already stored.
- Be very careful when changing the storage path. If done improperly, it could lead to data loss.
- When changing the storage type from local to Azure Blob, the files and folders that have already been saved to local storage will not be moved automatically to Blob storage.
- For existing files and folders, the administrator must manually export them from local storage before changing the storage type.
- After changing the storage type to Blob, the administrator must manually import pre-existing files and folders.
- The Azure Storage Container should NEVER be modified outside of the FileCloud subsystem.
- Do not add/edit/modify files directly using Azure Storage tools. Doing so will destabilize your FileCloud installation.
Integrate Azure Blob Storage
For this step you will need to access WWWROOT. It is typically located at:
(later than Ubuntu 14.04)
(earlier than Ubuntu 14.04)
To enable Azure Blob storage as the backend:
- To make sure that your server does not have any time variations, set up the time on your server to be synchronized.
Open the following file for editing:
Find the following line:
Change it to this:
- Save and close the file.
Find the following file:
Rename it to:
Nothing needs to be added or edited in azureblobstorageconfig.php
After you have set up the storage implementation key in step 1, you can configure the following credentials:
|Account Name||This is your Azure storage account name. For an RBAC user, it requires at least the following permissions. |
|Account Key||This is your Azure storage account key (To get your account key, visit Amazon security portal). For an RBAC user, it requires at least the following permissions.|
Provide a storage container name.
The container should be new (in some circumstances, containers previously used in FileCloud could be used).
It is very important that the Azure storage container is never modified outside of the FileCloud subsystem.
Container name rules
Optional: This is the Azure Blob storage endpoint.
To use an Azure endpoint, it must be one of the values published here.
|Blob Storage Folder|
Optional: All files will be stored inside this root storage folder.
To configure Azure Blob storage Credentials
Encryption at rest
Azure Storage automatically encrypts your data when persisting it to the cloud. Encryption protects your data and helps you meet your organizational security and compliance commitments. Data in Azure Storage is encrypted and decrypted transparently using 256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant. Azure Storage encryption is similar to BitLocker encryption on Windows.
Azure Storage encryption is enabled for all new and existing storage accounts and cannot be disabled. Because your data is secured by default, you don't need to modify your code or applications to take advantage of Azure Storage encryption.
Storage accounts are encrypted regardless of their performance tier (standard or premium) or deployment model (Azure Resource Manager or classic). All Azure Storage redundancy options support encryption, and all copies of a storage account are encrypted. All Azure Storage resources are encrypted, including blobs, disks, files, queues, and tables. All object metadata is also encrypted.
Encryption does not affect Azure Storage performance. There is no additional cost for Azure Storage encryption.
This means that all configuration can be done in Azure Portal and no additional steps are required in FileCloud
The following keys are not typically used. However, they may be needed in specific circumstances.
|TONIDOCLOUD_NODE_COMMON_TEMP_FOLDER||"/somepath/location"||In HA installs, temp folder must be a commonly accessible location. This key must be set in each of the HA nodes|
|TONIDOCLOUD_AZURE_BLOB_DOWNLOAD_SIZE_LIMIT||10485760||Specifies the file size limit for which file will be downloaded|
|TONIDOCLOUD_DISABLE_AZURE_BLOB_REDIRECT||"1"||(NOT RECOMMENDED) This will force filecloud server to download the file from Azure Blob storage to the filecloud server system and then send it to client on file downloads (Can be slow)|
If you are having problems in previewing images, you should add a line to the .htaccess file.
To add a line to the .htaccess file:
- Open the following file:
Add the following line:
Header set Content-Security-Policy: "default-src 'self' *.live.com *.amazonaws.com *.core.windows.net; style-src 'unsafe-inline' 'self';script-src 'unsafe-inline' 'unsafe-eval' 'self';font-src 'self' data:;img-src 'self' data: *.duosecurity.com *.live.com *.amazonaws.com *.core.windows.net"