As an administrator, you can encrypt Managed Disk Storage for compliance and security reasons.
To enable storage encryption:
Before you can enable encryption, you must meet the following requirements:
|1||FileCloud Installation (v13 or higher)|
Path to SSL configuration file. This can be set to custom path by overriding the config value SSL_CONF_FILE in cloudconfig.php.
Windows: XAMP_HOME\php\extras\ssl\openssl.cnf (from v18.1)
In Windows, for example if you have XAMPP installed in D:\xampp, then you will be adding the following line to cloudconfig.php.
|4||Only in windows, php_com_dotnet.dll is needed, which will be installed automatically with FileCloud v9.0 installer onwards.|
For Windows, if your xampp is installed in location other than C:\xampp, then add the following key in <WWWROOT>\config\cloudconfig.php
By default, encryption module is not enabled.
You can enable the encryption module in two ways:
- If FIPS mode is active, use the Admin Portal.
- If you don't use FIPS mode, edit the WEBROOT/config/localstorageconfig.php file
Enable Encryption Using the Admin Portal
If a FIPS-enabled FileCloud license is installed, there is a new option in the Admin Portal to enable FileCloud to run in FIPS mode.
- This option is disabled in the Admin Portal if a non-FIPS license is installed.
- IF the FIPS mode is enabled, FileCloud will notify you if existing files are encrypted with older ciphers. If this is the case, the current encryption must be disabled before enabling FIPS mode.
- After FIPS mode is re-enabled, you must re-encrypt existing files if you want encryption at rest.
To test running in FIPS mode:
- Login into the following admin UI at: fipstest.filecloudlabs.com
- Install a license with FIPS140 component.
- Refresh the admin UI.
- The admin UI should not switch to FIPS mode.
- Open the following file for editing: cloudconfig.php
- Add the following line:
- Refresh the admin UI.
- The admin UI should switch to FIPS mode.
Enable Encryption by Editing the localstorageconfig.php File
Add a new line that reads as follows.
1 to enable encryption for local managed storage
0 to disable encryption
After enabling the encryption module, the Admin Portal will display new options to manage the encryption.
Warning On Master Password
If an optional master password was specified, then you need to retain the password for future use.
Without this password the encryption module cannot encrypt or decrypt files in the FileCloud storage.
To manage encryption:
- Open a browser and log in to the Admin Portal.
- From the left navigation pane, under SETTINGS, select Settings.
- On the Manage Storage screen, select the Storage tab and then the My Files sub-tab.
- You will see a new option called Encryption.
To open the Manage Storage Encryption screen, click Manage.
You can set an optional password
- When a password is set while enabling encryption, you will have the ability to create a recovery key.
- This recovery key is a private key file, which can be used to reactivate encrypted filesystem, in the case of lost password.
If the recovery key option is selected, the recovery key file will be available only once for download.
- Once downloaded, the option to download the recovery key will not be shown again.
- To set an optional password, in Encryption Password, type in a strong password.
- To perform the necessary initialization of the encryption module, click Enable Encryption.
Once the encryption is successfully initialized, another step will be necessary depending on whether your FileCloud server had existing files in local storage or not.
If Your System Already Contains Files:
If there are unencrypted files that existing storage system, another screen will be shown.
- Click Encrypt All to encrypt the existing files.
2. When all the existing files are encrypted, the status window provides you with a Note.
If Your System Doesn't Contain Any Files:
You will not see an Encrypt All button.
Your system is already in a fully-encrypted state.