Skip to end of metadata
Go to start of metadata

If a FIPS-enabled FileCloud license is installed, there is a new option in the Admin Portal to enable FileCloud to run in FIPS mode in FileCloud Server version 19.1 and later.


  As an administrator, you can encrypt Managed Disk Storage for compliance and security reasons.

To enable storage encryption:


 1. Encryption Pre-Requisites

Before you can enable encryption, you must meet the following requirements:

OrderRequirements
1FileCloud Installation (v13 or higher)

2Memcached installation
3

Path to SSL configuration file. This can be set to custom path by overriding the config value SSL_CONF_FILE in cloudconfig.php.
By default, SSL_CONF_FILE is set to
Windows:  XAMP_HOME\php\extras\openssl\openssl.cnf (till v17.3)

Windows:  XAMP_HOME\php\extras\ssl\openssl.cnf (from v18.1)
Linux: /etc/ssl/openssl.cnf

In Windows, for example if you have XAMPP installed in D:\xampp, then you will be adding the following line to cloudconfig.php.
define("SSL_CONF_FILE","D:\\xampp\\php\\extras\\ssl\\openssl.cnf");

4Only in windows, php_com_dotnet.dll is needed, which will be installed automatically with FileCloud v9.0 installer onwards.
5

For Windows, if your xampp is installed in location other than C:\xampp, then add the following key in <WWWROOT>\config\cloudconfig.php
For example, if your xampp is in D:\xampp, then in file D:\xampp\htdocs\config\cloudconfig.php, add the following string (any location before the bottom "?>" line)

define("PHPBIN_PATH","D:\\xampp\\php\\php.exe");

 2. Enable the Encryption Module

By default, encryption module is not enabled.

You can enable the encryption module in two ways:

  • If FIPS mode is active, use the Admin Portal.
  • If you don't use FIPS mode, edit the WEBROOT/config/localstorageconfig.php file

Enable Encryption Using the Admin Portal

If a FIPS-enabled FileCloud license is installed, there is a new option in the Admin Portal to enable FileCloud to run in FIPS mode.

  • This option is disabled in the Admin Portal if a non-FIPS license is installed.
  • IF the FIPS mode is enabled, FileCloud will notify you if existing files are encrypted with older ciphers. If this is the case, the current encryption must be disabled before enabling FIPS mode.
  • After FIPS mode is re-enabled, you must re-encrypt existing files if you want encryption at rest.

To test running in FIPS mode:

  1. Login into the following admin UI at:  fipstest.filecloudlabs.com
  2. Install a license with FIPS140 component.
  3. Refresh the admin UI.
  4. The admin UI should not switch to FIPS mode.
  5. Open the following file for editing: cloudconfig.php 
  6. Add the following line:
  7. Refresh the admin UI.
  8. The admin UI should switch to FIPS mode.


Enable Encryption by Editing the localstorageconfig.php File

Add a new line that reads as follows.

Additional Parameter To Enable Encryption
define("TONIDO_LOCALSTORAGE_INCLUDEENCRYPTION", 1 );

Details:

Parameter

Expected Value

Additional Notes

TONIDO_LOCALSTORAGE_INCLUDEENCRYPTION

1

1 to enable encryption for local managed storage

0 to disable encryption

 3. Manage Storage Encryption

After enabling the encryption module, the Admin Portal will display new options to manage the encryption.

Warning On Master Password

If an optional master password was specified, then you need to retain the password for future use.

Without this password the encryption module cannot encrypt or decrypt files in the FileCloud storage.

To manage encryption:

  1. Open a browser and log in to the Admin Portal
  2. From the left navigation pane, under SETTINGS, select Settings.
  3. On the Manage Storage screen, select the Storage tab and then the My Files sub-tab.
  4. You will see a new option called Encryption.





  5. To open the Manage Storage Encryption screen, click Manage



     

    You can set an optional password

    • When a password is set while enabling encryption, you will have the ability to create a recovery key.
    • This recovery key is a private key file, which can be used to reactivate encrypted filesystem, in the case of lost password.

    If the recovery key option is selected, the recovery key file will be available only once for download.

    • Once downloaded, the option to download the recovery key will not be shown again.


  6. To set an optional password, in Encryption Password, type in a strong password.
  7. To perform the necessary initialization of the encryption module, click Enable Encryption.




 4. Encrypt Existing Files (Optional)

Once the encryption is successfully initialized, another step will be necessary depending on whether your FileCloud server had existing files in local storage or not.

If Your System Already Contains Files:

If there are unencrypted files that existing storage system, another screen will be shown.

  1. Click Encrypt All  to encrypt the existing files.





     2.  When all the existing files are encrypted, the status window provides you with a Note.

 

If Your System Doesn't Contain Any Files:

You will not see an Encrypt All button.

Your system is already in a fully-encrypted state.


 

  • No labels