Skip to end of metadata
Go to start of metadata

FileCloud also supports storing user data into Amazon S3 storage server. Amazon S3 is a scalable internet storage server and such a storage server can be used with FileCloud now.

Enabling Amazon S3 Storage


Do not change this once the installation is setup and data is already stored. This should only be setup for fresh installs.
When changing the storage type from local to openstack, the file(s)/folder(s) that have been already stored in the local storage will not be automatically moved to OpenStack storage.
In this case, adminstrator has to manually export file(s)/folder(s) from local storage before changing storage type and manually import them after changing storage type.
Be very careful when changing the storage path, If done improperly it could lead to data loss. 


To enable Amazon s3 storage as the backend,

In Windows WWWROOT is typically c:\xampp\htdocs and in Linux is its /var/www/

Time Synchronization: Please make sure that your server does not have any time skew (setup time server to synchronize time).


Step 1:

Edit the file "WWWROOT/config/cloudconfig.php" and change the line

define("TONIDOCLOUD_STORAGE_IMPLEMENTATION", "local");

to read as

define("TONIDOCLOUD_STORAGE_IMPLEMENTATION", "amazons3");

Step 2:

Rename file "WWWROOT/config/amazons3storageconfig-sample.php" to "WWWROOT/config/amazons3storageconfig.php"

Nothing needs to be added or edited in amazons3storageconfig.php

Setting up Amazon S3 Credentials

Once the storage implementation key is setup in cloudconfig.php,
  1. Log into Administration Portal
  2. Navigate to Settings 
  3. Select "Storage" tab
  4. Enter the S3 config information. Refer to the following table for more information about each setting
  5. Click on Save S3 setting


FieldDescription
S3 KeyThis is your amazon authentication key (To get your access key, visit Amazon security portal) . For IAM user, it requires at least the following permissions.
S3 SecretThis is your amazon authentication secret (To get your access key, visit Amazon security portal). For IAM user, it requires at least the following permissions .
S3 Bucket Name

Provide a bucket name. The bucket should be new (in some circumstance, previously used bucket in FileCloud could be used).

It is very important that the S3 bucket is never modified outside of the FileCloud subsystem.

S3 Storage FolderOptional: All files will be stored inside this root storage folder (Will be created automatically).
S3 Region

Optional: Provide the region string. If the region is not provided, then US Standard region will be used. If you are planning to have your

bucket in different region(say europe, south east) provide the correct region string. The strings should match the region string published by amazon.

Note: For govcloud installs, you must use region string: us-gov-west-1

S3 End Point URL

Optional: This is the S3 endpoint. Use this if you are planning to use your own S3 endpoint (typically S3 compatible storage) or if it is a unpublished region.

For using AWS end point, it must be the ones published at here

Note: The Amazon S3 Bucket should NEVER be modified outside of FileCloud subsystem
Do not add/edit/modify files directly using Amazon tools. Doing so will destabilize your FileCloud installation.

Setting up S3 Encryption for FileCloud Managed Storage

 

S3 Managed Storage Encryption support to protect data at rest is available in Filecloud. The communication between FileCloud to AWS will use SSL encryption resulting in complete protection for data in transit.

Once the S3 is setup correctly, a new field "S3 Encryption" will be available under Amazon S3 Storage Settings.

FileCloud supports the following Server Side Encryption

Encryption TypeNotes
Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)All data is encrypted at rest using AES256 bit encryption. The data can only be accessed using the supplied key/secret credentials. The data will be accessible via S3 Console (which should NOT done for FileCloud Managed storage data)
Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)Similar to SSE-S3 but the key itself is managed using Amazon's KMS service. This allows management of specific keys and their permissions for encrypting the data. The data is still encrypted at rest and is accessible via S3 Console with appropriate credentials.
Server-Side Encryption with Customer-Provided Keys (SSE-C) This is a new support available from FileCloud v15 on-wards. The data will be encrypted using customer supplied 32 bit encryption key. This option will have SLOWER performance due to restriction on how this data can be decrypted (Amazon server will NOT be able to decrypt the data and the data has be first downloaded to FileCloud server and decrypted). The data will NOT be accessible via S3 console as well.


To manage S3 encryption,

  1. Log into Administration Portal
  2. Navigate to Settings 
  3. Select "Storage" tab
  4. Click on "Manage" button in the S3 Encryption option

Depending on the status of encryption, you will see "Enable encryption" or "Disable encryption" button. 

Enabling encryption will attempt to encrypt all available data in the bucket as well as all new data will be encrypted. This can take some time depending on the amount of existing data in the bucket. Please modify encryption setting when there is minimal activity in FileCloud.

Though, changing encryption can be done at any time, we recommend using off-peak hours to avoid any unexpected access issues.


When upgrading from older installation of filecloud, an additional extension needs to be enabled in php.ini files(WEBROOT\php\php.ini).
Add the following line to the php.ini file and restart Apache.

extension=php_com_dotnet.dll

For Windows, If your xampp is installed in location other than c:\xampp, then add the following key in <your xampp folder>\htdocs\config\cloudconfig.php
For example, if your xampp is in D:\xampp, then in file D:\xampp\htdocs\config\cloudconfig.php, add the following string (any location before the bottom "?>" line)

define("PHPBIN_PATH","D:\\xampp\\php\\php.exe");





Override Config Keys

These keys are not typically used however they may be used on specific circumstances 

KEYVALUEDescription
TONIDOCLOUD_NODE_COMMON_TEMP_FOLDER"/somepath/location"In HA installs, temp folder must be a commonly accessible location. This key must be set in each of the HA nodes
TONIDOCLOUD_S3_PROXY"http://proxyaddress" or "http://ip"If a proxy is set in the env, then this key must be set to allow FileCloud service to use the proxy to access S3 servers
TONIDOCLOUD_S3_REDUCED_REDUNDANCY"1"This will store the objects with "reduced redundancy"
TONIDOCLOUD_DISABLE_S3_REDIRECT"1"(NOT RECOMMENDED) This will force filecloud server to download the file from S3 to the filecloud server system and then send it to client on file downloads (Can be slow)



 

 

  • No labels