File Store Service (FS)
This section describes the enhancements made to the File Store Service (FS).
Configuration and Files Metadata Storage in SQL Server Database
Secure MS—FS Communication Using the X.509 Certificate-Signed JWT Tokens
MS-FS communication is made more secure by using the X.509 Certificate-signed JWT tokens.
Moreover, this security is independent of user sessions and other security sub-systems in SOTI Connect.Accessibility
The FS is not directly accessible. You can access it only through MS, except for file
downloads, making FS an internal service and inaccessible through a browser. This
makes the FS even more secure and unifies error handling and all other interactions
by re-routing all browser requests through the MS. The two endpoints externally
accessible are, /download
and /root-download
, to
allow devices to get this data faster. For example,
http://fs-host-machine.net/cm/api/root-download, where
http://fs-hostmachine.net is the FS hostname (FQDN)
specified during the installation.
Enhanced Security for Data Encryption
The FS features enhanced security for data encryption.
Independent Certificates for HTTPs Connection
The FS uses a HTTP certificate pair as follows:
- Server HTTP certificate for establishing HTTPs connection.Note: If you need to update the Server HTTP certificate, navigate to (next to the used Root certificate marked as Active).
- Root HTTP certificate for validating the server certificate. This is the parent
of the server certificate.Note: For HTTPS certificate update, use one of the following methods:
- If Root HTTP certificate's Subject Name or Common Name
(
cn
) is the same for old and new certificate, then update the certificate using the Import New Root Certificate option. See Updating SOTI Connect System Certificates for more information. - If Root HTTP certificate's Subject Name or Common Name
(
cn
) differs between the old and new certificate, then update the certificate using the SOTI Connect installer. Before the update, you must stop the MS using Windows Services. Also, if you have a FS cluster, then perform this update for one of the instances.
When you update FS HTTPS certificates, either via SOTI Connect Web Console or SOTI Connect installer, only one instance is updated instantly. The rest will be updated with new certificates within five minutes.
- If Root HTTP certificate's Subject Name or Common Name
(
Dedicated Communication Ports for HTTP and HTTPs Connection
/root-download
endpoint through port
4650 to get the root HTTP certificate for server HTTP certificate validation
(connections on port 4646). The FS is a self-hosted, independent service that you
can install along with MS on the same machine, but it requires a separate port. The
new hosting model also eliminates the need for external certificate
binding.Shared Network Location for File Storage
SOTI Connect Health Check Page
You can view individual FS information on the SOTI Connect Health Check page.