File Store Service (FS)

This section describes the enhancements made to the File Store Service (FS).

Configuration and Files Metadata Storage in SQL Server Database

The FS is designed to store all data except files in SQL Server database. This improves internal data management and data integrity and allows FS clustering.
Note: SOTI Connect requires you to use the same SQL server for Management Service (MS) and FS to effectively manage different components when installing and uninstalling.

Secure MS—FS Communication Using the X.509 Certificate-Signed JWT Tokens

MS-FS communication is made more secure by using the X.509 Certificate-signed JWT tokens.

Moreover, this security is independent of user sessions and other security sub-systems in SOTI Connect.
Note: The MS database stores the signing X.509 Certificate in encrypted form, while the FS database stores its public unencrypted portion. As the MS database stores the signing X.509 Certificate, it is required to install MS with or before FS.
Note: The MS has the required permissions to perform the operations, so the FS need not be aware of the user’s permissions.

Accessibility

The FS is not directly accessible. You can access it only through MS, except for file downloads, making FS an internal service and inaccessible through a browser. This makes the FS even more secure and unifies error handling and all other interactions by re-routing all browser requests through the MS. The two endpoints externally accessible are, /download and /root-download, to allow devices to get this data faster. For example, http://fs-host-machine.net/cm/api/root-download, where http://fs-hostmachine.net is the FS hostname (FQDN) specified during the installation.

Enhanced Security for Data Encryption

The FS features enhanced security for data encryption.

Independent Certificates for HTTPs Connection

The FS uses a HTTP certificate pair as follows:

  • Server HTTP certificate for establishing HTTPs connection.
    Note: If you need to update the Server HTTP certificate, navigate to SOTI Connect Web Console > Administration > Certificates Management > Update (next to the used Root certificate marked as Active).
  • Root HTTP certificate for validating the server certificate. This is the parent of the server certificate.
    Note: For HTTPS certificate update, use one of the following methods:
    • If Root HTTP certificate's Subject Name or Common Name (cn) is the same for old and new certificate, then update the certificate using the Import New Root Certificate option. See Updating SOTI Connect System Certificates for more information.
    • If Root HTTP certificate's Subject Name or Common Name (cn) differs between the old and new certificate, then update the certificate using the SOTI Connect installer. Before the update, you must stop the MS using Windows Services. Also, if you have a FS cluster, then perform this update for one of the instances.

    When you update FS HTTPS certificates, either via SOTI Connect Web Console or SOTI Connect installer, only one instance is updated instantly. The rest will be updated with new certificates within five minutes.

This certificate pair can be different from its MS counterparts. The user provides the HTTP certificates during installation. The FS database stores these certificates, thus enabling synchronization between FS instances in a cluster.

Dedicated Communication Ports for HTTP and HTTPs Connection

The FS uses port 4646 and port 4650 for secured HTTPs and unsecured HTTP connections, respectively. You can use the /root-download endpoint through port 4650 to get the root HTTP certificate for server HTTP certificate validation (connections on port 4646). The FS is a self-hosted, independent service that you can install along with MS on the same machine, but it requires a separate port. The new hosting model also eliminates the need for external certificate binding.
Note: Port 4650 and 4646 are customizable during FS installation.

Shared Network Location for File Storage

The FS stores its files inside the file system, and this is customizable. You can set up a shared network location for file storage which is required to run multiple FS instances as a cluster. See Setting Up a Shared Network Location for more information.
Note: File storage on network drive is not supported.

SOTI Connect Health Check Page

You can view individual FS information on the SOTI Connect Health Check page.