Skip to end of metadata
Go to start of metadata

Introduction

FileCloud supports storage encryption for "Managed Disk Storage" as of the latest release. This section explains how to enable this encryption module.

Encryption Requirements

NoRequirements
1Latest FileCloud Installation.
Note: Upgrading existing FileCloud will not have all the necessary components needed for encryption.
2Memcached installation, which will be part to the new updated FileCloud installers.
3

Path to SSL configuration file. This can be set to custom path by overriding the config value SSL_CONF_FILE in cloudconfig.php.
By default, SSL_CONF_FILE is set to
Windows:  XAMP_HOME\php\extras\openssl.cnf
Linux: /etc/ssl/openssl.cnf

In Windows, for example if you have XAMPP installed in D:\xampp, then you will be adding the following line to cloudconfig.php.
define("SSL_CONF_FILE ","D:\\xampp\\php\\extras\openssl.cnf");

4Only in windows, php_com_dotnet.dll is needed, which will be installed automatically with FileCloud v9.0 installer onwards.
5

For Windows, if your xampp is installed in location other than C:\xampp, then add the following key in <WWWROOT>\config\cloudconfig.php
For example, if your xampp is in D:\xampp, then in file D:\xampp\htdocs\config\cloudconfig.php, add the following string (any location before the bottom "?>" line)

define("PHPBIN_PATH","D:\\xampp\\php\\php.exe");

 

Enable Encryption Module

By default, encryption module is not enabled. In order to enable the encryption module, edit using the WEBROOT/config/localstorageconfig.php file and change the configuration to suit your environment. 

Add a new line that reads as follows.

Additional Parameter To Enable Encryption
define("TONIDO_LOCALSTORAGE_INCLUDEENCRYPTION", 1 );

Details:

Parameter

Expected Value

Additional Notes

TONIDO_LOCALSTORAGE_INCLUDEENCRYPTION

1

1 to enable encryption for local managed storage

0 to disable encryption

Enable Storage Encryption

Upon enabling the encryption module, admin UI will get new options to manage the encryption.

To manage encryption:

  1. Login into admin UI as an admin user with necessary permissions. 
  2. Goto Settings -> Storage. You will see a new option in the screen as shown in the following picture.





  3. Click on the "Manage" button. A manage popup window appears. 



     


  4. Enter an optional password and click on "Enable Encryption". This will perform the necessary initialization of the encryption module.
  5. When an password is set while enabling encryption, you will have the ability to create a recovery key. This recovery key is a private key file, which can be used to reactivate encrypted filesystem, in the case of lost password.
  6. If recovery key option is selected, the recovery key file will be available only once for download. Once downloaded, the option for download will not be shown again.





     

Encrypt Existing Files (optional)

Once the encryption is successfully initialized, another popup will be shown depending on whether your FileCloud server had existing files in local storage or not.

System already contains files:

  • If there are unencrypted files that existing storage system, the above popup will be shown. Click on "Encrypt All" button to encrypt the existing files.  



  • When all the existing files get encrypted, the status window should be as shown below.

     

System doesn't contain any files:

  • System already will be in fully encrypted state.


     


 

  • No labels