File Store Service (FS)
The File Store Service (FS) in SOTI Connect has been enhanced to
provide stronger security, improved data management, and support for clustering.
CAUTION: In a multi-server setup where the Management
Service (MS) and File Store Service (FS) are installed on different machines, the FS
cannot be reused if MS is uninstalled while FS remains.
Configuration and Metadata Storage in SQL Server
The FS stores all data (except files) in SQL Server database.
- This improves internal data management and data integrity.
- It also enables FS clustering for scalability.
Note: Use the same SQL Server for both MS and FS to ensure proper coordination
during installation and uninstallation.
Secure MS—FS Communication with X.509 Certificate-Signed JWT Tokens
Communication between MS and FS is secured using X.509 certificate-signed JWT tokens.
This security is independent of user sessions and other subsystems.
- The MS database stores the encrypted signing certificate.
- The FS database stores only the public portion.
Note: MS must be installed before FS, since it holds the
signing certificate. FS does not require knowledge of user permissions, as
authorization is handled by MS.
Accessibility
The FS is not directly accessible.
- All requests are routed through MS, except file downloads.
- This enhances security, unifies error handling, and prevents direct browser access.
/download/root-download
For example, http://fs-host-machine.net/cm/api/root-download, where http://fs-hostmachine.net is the FS hostname (FQDN) specified during installation.
Enhanced Data Encryption
FS includes enhanced security for data encryption, ensuring files and metadata remain protected.
Independent HTTPS Certificates
The FS uses a dedicated HTTP certificate pair:
- Server HTTP Certificate: Used to establish HTTPS connections.Note: To update the Server HTTP certificate, navigate to (next to the used Root certificate marked as Active).
- Root HTTP Certificate: Parent certificate used to validate the server
certificate.Note: For HTTPS certificate update, use one of the following methods:
- If Root HTTP certificate's Subject Name or Common Name
(
cn) is the same for old and new certificate, then update the certificate using the Import New Root Certificate option. See Updating SOTI Connect System Certificates for more information. - If Root HTTP certificate's Subject Name or Common Name
(
cn) differs between the old and new certificate, then update the certificate using the SOTI Connect installer. Before the update, you must stop the MS using Windows Services. Also, if you have a FS cluster, then perform this update for one of the instances.
When you update File Store HTTPS certificates, either via SOTI Connect web console or SOTI Connect installer, only one instance updates instantly. The rest updates with new certificates within five minutes.
- If Root HTTP certificate's Subject Name or Common Name
(
Dedicated Communication Ports
The FS uses:
- Port 4646: Secured HTTPS connections.
- Port 4650: Unsecured HTTP connections.
/root-download endpoint on port 4650 provides the Root
certificate used to validate HTTPS connections (port 4646). FS runs as an
independent service. It can be installed on the same machine as MS but requires
dedicated ports.Note: Ports 4646 and 4650 are configurable
during FS installation.
Shared Network Location for File Storage
The FS stores its files inside the file system, and this is customizable. You can set
up a shared network location for file storage required to run more than one FS
instances as a cluster. See Setting Up a Shared Network Location
for more information.
Note: Storing files on a standard network drive is
not supported.
SOTI Connect Health Check Integration
You can view individual FS details on the SOTI Connect Health Check page for monitoring and diagnostics.