FileCloud on AWS - User Deployment Guide

Introductory Material

Introduction

FileCloud is the leading, self-hosted file sharing, sync and mobile access for Businesses. Using AWS infrastructure (EC2, EBS, S3) you can jumpstart your own branded, file storage solution in few minutes at a compelling price point. FileCloud client apps are available for all the desktop and mobile operating systems (Windows, Mac , Linux, iOS, Android and Windows Phone 8). Our 5 star rated mobile apps provide secure access to organization content from anywhere. In addition to file sharing and sync, FileCloud also provides endpoint backup, data leak prevention (DLP) and HIPAA compliant auditing. FileCloud can be completely customized to reflect your organization brand: company logo and run FileCloud under your own domain. FileCloud's unique capabilities to monitor, prevent, and fix data leakage assure corporate data is protected across all your devices (Laptops, Desktops, Smartphones and Tablets). FileCloud can save you over 15,000 USD for 100 user licenses when compared to the similar enterprise file share and sync products. FileCloud is currently used by more than 1000 businesses across 90 countries including world's leading Universities, Research organizations, Government entities and Enterprises. FileCloud is also named in Gartner's 2018 content collaboration platform magic quadrant.

 Use Cases

• File Sharing Portal- Use FileCloud to create your own own, branded file sharing, sync and mobile access, solution for your employees, customers and partners.
• File Sync -  Use FileCloud for effortless file synchronization across users computers, smart phones and tablets, so everyone can work together anywhere from any device
  
• Client Document Portal - Use FileCloud to create a client document portal on AWS infrastructure to server your clients, customers and partners.
• Endpoint Backup and DLP -  Use FileCloud to securely backup your endpoint computing devices (PCs, Mobile Phones and Servers).
• Enterprise Data Protection and DLP:  Use FileCloud's unique data leak prevention (monitor, prevent and fix) capabilities to protect your enterprise data across all your users devices (Computers, Mobile Phones/Tablets.
• File Server Enablement - Use FileCloud's ServerSync to sync/backup you branch office windows files servers to FileCloud running on AWS to get low latency LAN access as well as remote access from anywhere.
• White Label Content Platform - Use white label  FileCloud Platform as part of your own product line to manage digital assets. 

Overview of Typical Customer Deployment

FileCloud AMI's are available on the latest versions of Ubuntu and Windows. Depending on your requirements and familiarity, you can choose any operating systems supported by FIleCloud. FileCloud stores the file, user and shares metadata in MongoDB (pre-installed in AMI) and actual files can be stored in a disk, AWS Elastic File System or AWS S3.  For smaller deployments, disk is sufficient for file storage. For medium and large deployments, our recommendation is to use AWS S3 for file storage. The FileCloud AMI is also pre-configured for document preview and document indexing for full text search. It takes less than 30 minutes to configure the FileCloud AMI and get it running for production workload.

Prerequisites and Requirements

FileCloud AMI's are completely self contained. You don't need to install any additional software. Basic AWS skills are sufficient to deploy FileCloud on AWS. Simple deployments involve just EC2 and Disk (OR) EC2 and AWS S3. FileCloud AMI's are available as BYOL model. You need to register in our customer portal to get the trial license. Once you get the trial license you need to upload the license to your running EC2 instance. Since FileCloud AMI's are available on Ubuntu and Windows Server OS, you can choose the OS you  are familiar with.

Architecture Diagrams

To access FileCloud, you only need port 80 (http) or 443 (https). We strongly recommend to use 443 and only allow SSL access. Depending on the underlying OS, you may need to open up port 22 (SSH access) and 3389 (Remote Desktop) for managing the FileCloud instance. Our recommended security practice is to specify the IP range for SSH and Remote Desktop instead of opening it for access from anywhere.

FileCloud secrets and keys are protected and managed in the FileCloud database. FileCloud  supports encryption at Rest. To initialize encryption, administrator may supply an optional master password and start the initialization process. Once the initialization process is started, the following steps happen as part of the process:

1. An asymmetric key pair (private/public) known as "Master" key is generated with the optional master password.
2. A symmetric key known as "Plain File" key is generated.
3. The File key created in step 2 is encrypted using the Master private key resulting in an "Encrypted File" key.
4. All the existing uncrypted files (if they exist) in the FileCloud storage will be encrypted before the system will be ready for use. Look at the next section for more information on file encryption.

Additional details on the keys:

 If you are going to use S3 for Managed File storage, please see the security section given below to understand possible file encryption options available.

Planning Guidance

Security

When you deploy FileCloud you can use EBS for managed file storage or you can choose the S3. If you choose S3, Please use the following instructions to set up your S3 for FileCloud.

Setting up Amazon S3 Credentials

1. Log into Administration Portal
2. Navigate to Settings 
3. Select "Storage" tab
4. Enter the S3 config information. Refer to the following table for more information about each setting
5. Click on Save S3 setting

IAM Policy for S3 Access

If you are going to use S3 for file storage, FileCloud requires S3 access in order to create bucket and manage it.The IAM user used to manage it must have the following permissions. This shows access to all buckets in your S3 console. You can restrict to specific bucket using the appropriate resource arn. Something like arn:aws:s3:::bucket_name

{
          "Version": "2012-10-17",
          "Statement": [
                            {
                               "Effect": "Allow",
                               "Action": [
                                     "s3:CreateBucket",
                                     "s3:DeleteObject",
                                     "s3:GetObject",
                                     "s3:ListBucket",
                                     "s3:PutObject"
                               ],
                                "Resource": [
                                     "arn:aws:s3:::*"
                              ]
                          }
                      ]
}

Setting up S3 Encryption for FileCloud Managed Storage

S3 Managed Storage Encryption support to protect data at rest is available in Filecloud. The communication between FileCloud to AWS will use SSL encryption resulting in complete protection for data in transit. Once the S3 is set up correctly, a new field "S3 Encryption" will be available under Amazon S3 Storage Settings.

FileCloud supports the following Server Side Encryption:

To manage S3 encryption,

1. Log into Administration Portal
2. Navigate to Settings 
3. Select "Storage" tab

4. Click on "Manage" button in the S3 Encryption option

Depending on the status of encryption, you will see "Enable encryption" or "Disable encryption" button. 

Costs

T2.Medium or T3.Medium is suffice to run FileCloud for 100 users. File Storage cost depends on the storage method you choose (EBS, EFS or S3) and amount of files you will be storing and the access pattern.  Typical cost for 100 users and 10 TB storage comes around 2800-3250$ per year.

Sizing

A T3.medium (Unlimited) can handle approximately 30-40 FileCloud calls per second which equates to approximately 100-200 users using FileCloud. Depending on number of users and thier access pattern, you can vertically (choose bigger instance)  or horizontally (add more instances) can scale your deployment.

Deployment Guidance

Deployment Assets

FileCloud pre-built AMI's (Amazon Machine Image) are currently available in Amazon AWS Marketplace. We have pre-built images for both Linux (Ubuntu) and Windows Server OS.  You can choose the base OS  as per your preference.

Steps to Launch FileCloud AMI

1. Login to AWS management console and Click EC2 (Virtual Servers in the Cloud)

2. Click Launch Instance

3. Search FileCloud AMI in AWS marketplace. Choose the latest version.
The version details in the screen shot is for reference purposes only. The latest version details may be different from the information shown.

4.  Choose the desired Amazon EC2 Instance type. We recommend atleast t2.medium or t3.medium. However, for best performance, the "m" series is better. For example m3.medium. If you choose the t2 or t3 series, please enable T2/T3 unlimited when you configure the instance.

5.  Configure the security group to open up the port 80/443 for web access.

6. Complete the Final Review and launch the instance.

7.  You can see now your FileCloud is running in your AWS dashboard.  Please note the Public DNS name to access your FileCloud.

8. Type 'http://<public_dns_name>/ui/admin/index.html' in your browser to access the FileCloud admin portal.   If the Webpage fails to load, please verify port 80 is open as mentioned above in Step 5.

9. Once you logged into the admin portal, please install the FileCloud License.
Please register at our license management portal (https://portal.getfilecloud.com/ui/user/index.html?mode=register) to get trial licenses.

1. The user name for the underlying Ubuntu OS is 'ubuntu'. Before launching the instance you will be required to create a key pair or you can use your existing key pair.
2. If you go to 'http://<public_dns_name>/install' , the page will show all the installed packages in this instance. Check the page and familiarize yourself with FileCloud components. Before going production move the install folder to somewhere else.
3. We recommend you to use S3 for file storage instead of the EBS. Please check the following section (Enabling Amazon S3 Storage) to know how to set up S3 for FileCloud file storage.
4. The default FileCloud instance uses our SMTP servers and accounts to send emails. Please change this to your SMTP server for security purposes. 
5. Please change the admin email to your organization email address. This email address is used in all the emails that sent out from the FileCloud System

Enabling Amazon S3 Storage

To enable Amazon s3 storage as the backend,

Step 1:

Edit the file "WWWROOT/config/cloudconfig.php" and change the line

define("TONIDOCLOUD_STORAGE_IMPLEMENTATION", "local");

to read as

define("TONIDOCLOUD_STORAGE_IMPLEMENTATION", "amazons3");

Step 2:

Rename file "WWWROOT/config/amazons3storageconfig-sample.php" to "WWWROOT/config/amazons3storageconfig.php"

Nothing needs to be added or edited in amazons3storageconfig.php

Once you configured the FileCloud storage, Please follow the site setup instructions to set up the FileCloud site according to your requirements

Operational Guidance

Health Checkup

AWS offers excellent system, instance status checks and CloudWatch monitoring. Pay attention on CPU utilization, Network In/Out and Network Packet In/Out  of your EC2 instance. Using CloudWatch monitoring scripts, you can also monitor memory, swap, and disk space utilization of your EC2 instance.

Apart from the standard AWS monitoring metrics, FileCloud also offers system alerts. FileCloud Alerts are available in FileCloud's Admin portal.

This page tracks all unhandled exceptions, system error messages generated in the FileCloud server. The number of alerts are shown in the Dashboard and the Alerts page will show detailed information about the various errors encountered.

Depending on the error, you might need to take steps to correct the problem. For example, if alerts indicate that system is frequently running out of memory, then system memory may need to be increased.

To view alerts:

1. Log into the Administration portal.
2. On the left navigation panel, click Alerts.

The following view shows errors detected by FileCloud.  The alerts are categorized as Informational, Warning, Critical and Fatal. Always pay attention to critical and fatal errors. FileCloud administrators also get periodic Administrator Summary emails that will show the number of alerts.

Backup and Recovery

FileCloud supports unlimited file versioning and to recycle bin.  You can configure this options by logging in to FileCloud admin portal. This provides protection from accidental deletes by users.

In addition to that, please take periodic snapshots of your running instance for disaster recovery and as an additional backup for FileCloud database and app.  If you are not taking snapshots of your running instance,  atleast make sure you are backing up the mongodb database to a disk or S3 using AWS CLI . As long as we have the FileCloud database, we can recover the FileCloud application from instance/service failure.

The following instruction will backup the mongodb to a designated s3 bucket (You can also make it as a cron job so that it runs periodically),

cd /var/lib/mongodb
aws s3 sync . s3://my-bucket/fileclouddbbackup/

In case of instance failure, Please start a new FileCloud AMI and  and follow the instructions below to bring the instance up and running.

1. Before making any changes, stop mongodb service

service mongod stop

2.  Copy the backup database files back to /var/lib/mongodb from the s3 bucket

cd /var/lib/mongodb
aws s3 sync s3://my-bucket/fileclouddbbackup/ . 

3. Finally start the mongodb service using following command.

service mongod start

Routine Maintenance

We release 2 or 3 major releases every year. Routine maintenance requires you keep your FileCloud system updated to the latest version.

Generally, new FileCloud release availability will be notified in two ways:

1. By subscribing to the FileCloud Mailing List

2. By seeing the version update available in the FileCloud Admin Dashboard.

   

FileCloud offers in-place system updates. Please follow the instructions to update FileCloud from the admin portal.

1. Login into the admin UI. Select "Upgrade" from the left-side navigation panel.
   
   
   
2. In the upgrade screen, click on "Click here to upgrade" button. 
   
   
3. If there are no new updates available, no additional actions required.
   
   
4. If there are any new updates available, a popup will be shown with new update information. 
   
   
   
   
5. Click on the "Click here to Upgrade" button to start the upgrade process.
   
   

6. The upgrade process will check for perform the upgrade and a report will be generated after the update process is completed

   

   
   

7. Once the upgrade is completed, you will be redirected to the install verification page at http://site/install

8. Once it is verified that the checks are complete, refresh the browser UI (Ctrl + F5) to get the latest updated User Interface.

Emergency Maintenance

If the EC2 instance where you are running FileCloud is degraded, You have two options:

1. Take the snapshot of EBS disk and start an instance from the snapshot. 
   (or)
2. If option 1 is not feasible, please start a new FileCloud AMI and copy the backed up FileCloud Database files to /var/lib/mongodb  (Linux) or c:\xampp\mongodb\bin\data (Windows). Then start the mongod service.

Support

Please send an email to support@filecloud.com to receive technical support. 

• We answer all support questions within one business day and most within a couple of hours
• If your question or issue cannot be resolved via email, our support team will connect remotely via screen sharing software to troubleshoot and fix the problem on your server

Support Costs

Your annual FileCloud subscription includes a basic support plan, software updates, and security updates. For pricing of advanced support plans, please contact our sales team.

Accessibility

Reference Materials

FileCloud Site Setup Guide - FileCloud Site Setup Guide

FileCloud End User Guide - FileCloud End User Guides

FileCloud API Getting Started Guide - FileCloud Developer Guide