### Installation Instructions: The Quickstart Guide

The FileCatalyst Server QuickStart Guide is available on the main FileCatalyst web site for download (or here if you are viewing this user guide after installing the software). The Quick Start Guide provides overview instructions on how to quickly install the Server application (Windows, MacOSX).

The contents of the Quick Start Guide will not be duplicated here.

For command-line installs on headless Linux, please see the Administration via Command Line section of this document, and the Install as a Service section.

Upgrading FileCatalyst Server requires a sequence of steps be taken based on the installation platform. Some steps are optional (to safeguard configuration data in case of a rollback), but should be followed to ensure the smoothest upgrade experience.

#### Windows

1. Stop the FileCatalyst Server.

IF you are running the server as a service, please open up the Windows Services and stop the process from running (default name is "FileCatalyst Server").
2. Backup configuration files.
If upgrading from v3.0.1 or less, you should copy the following configuration files into an "upgrade" folder.
• fcconf.conf
• authentication.xml
• ipfilters.xml
• users.xml
If upgrading from v3.1, the following files & directories should be copied into an "upgrade" folder before running the new installer:
• fcconf.conf
• ipfilters.xml
• .fcdb/

Note: Starting in v3.1, the authentication.xml and users.xml information is now stored in an internal database file in the directory ".fcdb/".

If upgrading from 3.0.1 or older to 3.1 or later, the Server will automatically import the users. If a user is missing correct authentication, the server will generate a new random password. Until the administrator sets the password to a known value, these users will not be able to log in. The server admin will display a list of reset users on the start up after the import.
3. Run the installer (install_fc_server.exe).
4. Restart the FileCatalyst Server application (either as a service or standalone).

#### Linux/Unix

1. Stop the FileCatalyst Server.
If you are running the FileCatalyst Server stand-alone (i.e. running fc_server.sh or fc_server_console.sh script), you need to shut FileCatalyst Server down before executing an upgrade. The following commands can be done to shut the service down and verify that processes are not running.
• Execute the command "fc_server_shutdown.sh".
• Verify the service is down by running the command: ps -ef | egrep -i "filecatalystserver"
If you are running the FileCatalyst Server as a service, you need to shut it down using one of the following commands:
• Linux: service fcserver stop
• Solaris: svcadm -v disable fcserver
2. Backup configuration files.

If upgrading from v3.0.1 or less, you should copy the following configuration files into an "upgrade" folder.

 cd /opt/utechsoft/server/ mkdir ./upgrade cp fcconf.conf ./upgrade cp authentication.xml ./upgrade cp ipfilters.xml ./upgrade cp users.xml ./upgrade 

If upgrading from v3.1, the following files & directories should be copied into an "upgrade" folder before running the new installer:

 cd /opt/utechsoft/server/ mkdir ./upgrade cp fcconf.conf ./upgrade cp ipfilters.xml ./upgrade cp -Rp .fcdb ./upgrade 

Note: Starting in v3.1, the authentication.xml and users.xml information is now stored in an internal database file in the directory ".fcdb/".

If upgrading from 3.0.1 or older to 3.1 or later, the Server will automatically import the users. If a user is missing correct authentication, the server will generate a new random password. Until the administrator sets the password to a known value, these users will not be able to log in. The server admin will display a list of reset users on the start up after the import.
3. Unpack the software. gunzip ./fc_server.tar.gz tar -xvf ./fc_server.tar 
4. Copy back fcconf.conf settings overwritten by tar bundle cp ./upgrade/fcconf.conf .  Other files ("ipfilters.xml" and ".fcdb/" directories) should not be overwritten by tar bundle.
5. Restart the FileCatalyst Server application (either as a service or standalone).

#### MacOSX

1. Stop the FileCatalyst Server. If you are running FileCatalyst Server stand-alone (on launch panel), please select the "Exit FileCatalyst Server" option in the file menu.
2. Backup the configuration files.
• Upgrade from v3.2 or older: Backups of the configuration files are kept in your user home. During an upgrade of the server, we recommend a simple rename of the application folder to "FileCatalystServerOld". This will keep all configuration files intact until we know the upgrade has been successfully installed.
• Upgrade from v3.3 onwards: Configuration files are stored in different places if you are running the Server as a service or if you are running it standalone.
• Standalone:
"/Users/<username>/Library/Application Support/FileCatalyst/Server/"
• Service:
"/Library/Application Support/FileCatalyst/Server/"
3. Run the installation Run the installer package file. The software should locate old configuration files and place them where needed.
4. Restart the FileCatalyst Server application either as a service or standalone. For information to how to install as a service, see the Mac service section.

### Silent install on Windows

1. To generate the settings file,run the installer from the command with the SAVEINF flag and the destination file for the settings.
install_fc_server.exe /SAVEINF="C:\path\to\settings\settings.inf"
2. Copy the installer and the generated file to the machine where you would like to perform the silent install.
3. Run the installer from the command line with LOADIINF flag and the full path of the settings file.
install_fc_server.exe /VERYSILENT /LOADINF="C:\path\to\settings\settings.inf"

### Uninstalling FileCatalyst Server

#### Windows

• Shut down all the standalone applications
• Open ‘Services Manager’ by clicking on ‘Start’, search for services.msc, and then run that application
• Locate the FileCatalyst Server module and stop the service
• Open ‘Control Panel’ then navigate to ‘Programs and Features’.
• Click on the FileCatalyst Server and hit ‘uninstall’.
• Click the 'yes' option when prompted

#### Silent uninstall on Windows

• Run the uninstaller from the command line with the VERYSILENT flag.
unins000.exe  /VERYSILENT
• Note that if you have installed multiple versions in this directory, the number at the end of the exe may have been incremented

#### MacOSX

• Quit the application and stop the FileCatalyst service by using ‘System Preferences’ located under the Apple menu
• Locate FileCatalyst Server and stop the service
• To uninstall the service, open ‘System Preferences’, find the FileCatalyst Server service module, right-click on it and click ‘remove from pane’
• From the ‘Finder’ window, click on ‘Applications’, find  FileCatalystServer.app, right-click on it and delete it
• Use ‘Finder’ to access the Library folder, open ‘Application Support’, and delete the FileCatalyst folder (path e.g. /Library/Application Support/FileCatalyst)

#### Linux

• If you are running the FileCatalyst Server stand-alone (e.g. running fc_server.sh or fc_server_console.sh script), you need to shut down the FileCatalyst Server
• Open a new Terminal window
• Navigate to the folder where your server is installed (e.g. /opt/utechsoft/server/)
• Execute the command "./fc_server_shutdown.sh"
• Verify the service is down by running the command ps -ef | egrep -i "filecatalystserver"
• If you are running the FileCatalyst Server as a service, stop the service by using the appropriate command needed for your version of Linux in the terminal window (Ubuntu e.g. "service fcserver stop")
• Remove the service by navigating to service_wrapper folder located within the server folder (e.g. /opt/utechsoft/server/service_wrapper)
• Run ./uninstall.sh
• You can now remove the folder structure by using rm -rf  <path to the server directory>  (e.g. rm -rf /opt/utechsoft/server)

## Managing Users, Groups, and Virtual Files/Folders

### Overview

#### Users Overview

FileCatalyst Users live at the application layer, and are managed by our internal database. Unlike standard UNIX FTP servers, you do not need to create a user at the OS level in order to utilize FTP access. If the user also exists on the operating system however, FileCatalyst Server can authenticate the user using external directory services such as Active Directory, LDAP or PAM.

FileCatalyst users by default are jailed to their home directories. This security feature ensures that a user cannot see data which does not belong to them (i.e. cannot see "C:\Windows") .

Example: Bob has a home directory of "D:/data/bob/". They can only see files within this directory structure when logged into the server. Files outside of the home directory are inaccessible (cannot modify files in C:/Program Files/ for example).

If you require more flexibility (i.e. user needs to access more than one mount point, or more than one user needs to collaborate on work together), you need to enable Virtual Files/Folders.

#### Virtual Files/Folders Overview

Example: Bob requires access to project files stored in "Y:/DEV" in addition to files in his home directory.

On the server, we can create a Virtual Folder (i.e. "project1" with a path "Y:/DEV//"). Once this is done, the Virtual Folder can be assigned to the user, where it will appear as a mounted subdirectory inside his home directory. Note that these labels will be case insensitive on a Windows machine. (i.e. "project1" is the same as "PROJect1")

Multiple Virtual Files and Folders may be assigned to a user, each with assigned permissions.

In this example, a new subdirectory "/project1/" would be visible from Bob's user home, which can access files stored under "Y:/DEV/".

#### User Groups Overview

For larger and more complex configurations, user groups are available. These allow administrators to easily map drive access to organizational roles (example: IT staff needs access to backups), and allow users to be assigned to one or more groups.

When assigning Virtual Files or Folders to either Users or Groups, permissions may also be granted. If multiple paths exist to a file or folder (example: John sees folder "project1" both through "IT" and "development" group), permissions are stacked for each access a user has to that file or folder.

#### Permission Overview

As the user (and groups and virtual files/folders) are contained in the application layer, permissions a user has to their files and directories are handled in the FileCatalyst Application as well.

There are 10 permissions assigned either to the user (used when accessing content in their home directory) or to virtual files/folders (either directly assigned to the user or via group relationships). 5 apply to files, 5 apply to folders.

#### File Permissions

If selected, the user has the ability to download files from the server.

If selected, the user has the ability to upload files to the server. This does not indicate that they can modify or overwrite files if they already exist.

##### Modify/Overwrite Files

If selected, the user is given permission to upload files, as well as modify existing files by overwriting, or performing file operations (chmod, etc).

Note: Some features require modify/overwrite permissions:

• HTTP upload transfers need this enabled, as HTTP blocks are appended to a file and are considered "modified" rather than an original upload.
• Transfers using auto-resume as an option require modify to be enabled, as resuming a partially transferred file is considered modification of an existing file.
##### Delete Files

If selected, the user is able to delete files from the server.

##### Rename Files

If enabled, the user is able to rename existing files on the server.

Note: Upload transfers with temporary filenames requires rename permissions to be enabled.

#### Folder Permissions

##### List Directories

If enabled, the user is given permission to browse the file system, and get directory and file listings. This is required for FileCatalyst HotFolder's download option to work correctly.

##### Create Directories

If selected, the user will be able to create new directories on the server.

##### Modify Directories

If selected, the user is given permission to create new directories, and modify existing directories (chmod, etc)

##### Delete Directories

If selected, the user is permitted to delete existing directories from the server.

##### Rename Directories

If enabled, the user is able to rename existing directories.

### User Manager

FileCatalyst Server uses a user-based permissions system which allows administrators to create and manage user accounts for all users of the system. The user menu allows administrators to add, edit, or delete existing user accounts. Each user also has a Connect link which provides access to the Quick Connect functionality.

Accounts that are faded indicate they are not active, either because they have been disabled or have expired. The red anonymous account is disabled by default. By enabling this account, it allows users to anonymously access the system, with no password required.

#### Creating a New User

To create a new user, click the "New" button and follow the steps in the wizard. You will be prompted to specify a username, password, permission settings, and account information before the user is added to the system.

#### Managing Existing Users

To edit, or delete existing users, right click and select the appropriate option, or click the “Delete” or “Edit” text inside the panel.

#### Search Existing Users

To bring up the find window in the user list, select the menu item "Actions -- Find User", or press "ctrl-f".

### User Authentication

The username of this account, used to authenticate with the server.

Note: User passwords are stored on the FileCatalyst Server for users created by the administration tool. Changing a password for an existing user will modify the encrypted password entry in the database.

Users created by auto provisioning (LDAP and Database) have passwords stored in the remote authentication service. As FileCatalyst supports LDAP in read only mode, password changes on users will not modify the LDAP repository but place a password entry on the local file only.

### SFTP Public Key Authentication

#### User Keys

There can be multiple Public Keys assigned to a user to authenticate against. Keys are imported into the database and can be removed via the "Remove Selected" button.

#### Import Key

To import a key, copy and paste the generated public key from the client source, into the text area and "import". The encoded public key will now be stored in the database.

Note: The import tool can only import single keys and will not properly parse batches of keys.

#### Public Key Generation

Note: Public keys should be generated via the ssh-keygen commands, we do not support keys generated by Putty at this time.

### User Information

#### Full Name

The full name of the user to whom this account is assigned (optional)

The email address of the user to whom this account is assigned (optional)

### Account Settings

#### Disabling User Accounts

By deselecting the "Account Enabled" checkbox, the user will be unable to log on to the server or access any files or directories.

#### User Home Directory

The home directory of the user is the root directory to which they will have access. For example, if the user's home directory is specified as C:\Users\MyUsername\, they can access the MyUsername folder, and anything below it (i.e. C:\Users\MyUsername\MyNewDirectory)

#### Force File Ownership (Upload Only)

By selecting the "Force File Ownership" checkbox, all files transferred to the user will have their operating system user ownership set to the value specified. If the "Use user login" checkbox is selected, the FileCatalyst user's current username will be used instead of the specified value.

Note 1: On Linux or Mac OSX, an additional field allows configuring group ownership.

Note 2: Force File Ownership is currently only supported with internal file systems. All external file system transfers will not have their file ownership changed to the configured value.

Note 3: If the Maintain UID/GID system property is enabled, the user and group data will be updated to accept user and group identifiers. Please note that this functionality is only on Linux and Mac OSX operating systems.

#### Account Expiry

To specify an account expiry (a time and date at which the account will no longer be active), ensure the "Enable Account Expiry" checkbox is selected and enter the time and date in the applicable field.

#### Disk Write IO Test

Commands the server to perform a sequential write operation to the user's home directory. Using a small file size will likely demonstrate only system/hardware cache availability. Select a larger file size to test and show true disk write speeds.

A maximum timeout value (seconds) can be set to ensure that the I/O test stops after a specified time. If the test was not able to complete when the timeout expires, the last speed before stopping will be returned, and all I/O resources will be released back to the server.

NOTE:The test creates a temporary file on the disk. Ensure that enough space is available for the test.

### User Permissions

Permissions details can be found here.

Shortcut that selects all permission for the user for both files and folders.

#### Write Only

Shortcut that selects permissions normally required for a user which only needs to upload files to the server.

Removes all permissions to the user.

### Bandwidth / Quota

#### Priority

This setting determines how much bandwidth will be allocated to a connected user in proportion to other connected users. The possible settings are High, Medium, and Low. The weight of each priority is 10, 5, and 1 respectively. The combined weights of all connected users are added together, and divided into the total available bandwidth of the server. The result is then multiplied by the weight of the user to determine the actual allocated bandwidth. For instance, if there is a high priority user and a low priority user connected, and the server is licensed for 100 Mbps, then the total priority is 11. Divided into 100000, this gives 9090.09 Kbps. This means the low priority user will get 9.09 Mbps, and the high priority user will get 90.91 Mbps.

If only one user is connected, they will be allocated all available bandwidth.

#### Bandwidth

This setting determines the maximum bandwidth for a particular user, regardless of what is allocated to them via the priority settings. (Note that when there are multiple connections to the FileCatalyst Server from the same user account, bandwidth allocation is distributed evenly among all sessions using that account.)

This setting is useful if the available bandwidth of the end user is known to be a particular value. This ensures that all UDP transfers will never exceed that value. Although the end user also has the option to specify the maximum bandwidth on the client side, this might be easier.

If the calculated bandwidth based on priority is higher than the maximum value specified in this setting, the difference will be re-allocated to all other connected users.

This setting helps maintain fairness and still make optimal use of available bandwidth.

Note on slower bandwidth settings (most noticeable below 100Kbps) it may be necessary to lower the packet size of the udp transfers to get a tighter control over the limit due to the granularity effect packet size has on bandwidth throttling.

This setting ensures that a user cannot upload more than the specified value in KB on a given day. A day is determined by the date settings on the server machine. Note that this is not a disk usage quota, but a fair usage quota. A user who has exceeded their quota is not necessarily blocked from transferring; however priority is always given to users with daily quota remaining.

For example, if all currently connected users have exceeded their daily usage quota, all transfers may proceed with no restrictions. The instant a user (lets call them userX) who has not exceeded their daily usage quota connects, all users who have previously exceeded their quota will be prevented from transferring while priority is given to userX. Once userX exceeds their daily usage quota, all users will again be able to transfer without restrictions.

The administrator may reset Daily Usage by clicking the Reset button.

### Virtual Files/Folders

Virtual Folders allow an administrator to select a secondary path to which a user may browse into and transfer files outside of their home directory. Virtual Files allow the administrator to give access to specific files outside the users home directory. To the end-user, these files and folders will appear as either a simple subdirectory structure they can CD into, or a file in their home directory root. Virtual Files/Folders can point to anywhere the server can access, including alternate local drives ("D:/") or an accessible UNC paths ("\\10.1.1.3\datadrive\").

Note: It is always recommended to utilize UNC paths rather than mapped drives on a Windows environment if the FileCatalyst Server is going to be run as a service.

#### New

Launch the Virtual File/Folder Wizard.

#### Browse

Open up the native browser to explore the virtual file/folder location (only available Remote Admin running on the server).

#### Edit

Modify the Virtual File/Folder, including assigning it to either Users or Groups.

#### Delete

Remove the Virtual file/Folder. Will remove all assigned references to Users and Groups.

### Creating Virtual File/Folder

#### Label

This represents the sub-directory or file name a user will see in their home directory when logging into the system.

In the example above, if the user performs a "cd roadmap" upon logging into the system, they would be redirected to the contents of "I:/future/".

#### Description

Description of the file or folder. Useful for administrators to recognize the purpose of the virtual file or folder.

#### Physical Path

Physical disk location on the server where this virtual file or folder is pointing. This can be a local file or full UNC path (i.e. "\\10.1.1.1\dir\").

### Assigning Virtual Files/Folders to Users and Groups

There are three different avenues you can take to assign Virtual Files/Folders:

• Edit the Virtual File/Folder directly by first navigating to the File/Folder List (shown below).
• Assign a Virtual File/Folder to a group by editing User Groups.
• Assign a Virtual File/Folder to a user by editing a User.

Each has advantages -- editing the Virtual File/Folder directly, you can assign it to all Users and Groups in one screen. On the other hand, assigning it by editing a User allows you to see if the Virtual File/Folder is already assigned to the user via a group assignment.

#### Editing a Virtual File/Folder from the Virtual File/Folder List

Once a Virtual File/Folder has been created, you can then edit it and start assigning it to either Users directly or to User Groups. Permissions the User and Group have to the Virtual File/Folder can be selected as it is assigned, or can be edited afterwards.

Note: Permissions stated as "ADV" fall outside of basic configuration of READ or ALL (read-write). Details can be viewed by selecting the permission link on the list.

Note: Changes to the User or Group list is modified immediately on the FileCatalyst Server database. The standard Apply and Cancel (where modifications wait for administrator confirmation) does not apply here.

#### Editing a User to assign Virtual Files/Folders

By editing a User and selecting the "Files/Folders" tab, you can also have a look at what Virtual Files/Folders a User can have access to. This also allows an administrator to quickly see not only what file and folders a user has access to, but what permissions are granted either directly or via groups which a user is assigned to.

Note: A star '*' next to READ/ALL/ADV indicates that multiple permissions are granted to the user either by direct assignment of a folder or through various groups, and that these are the sum total of the permissions granted to the user.

It is possible to assign a Virtual File/Folder to a User even if they already have permission to access the folder via a User Group.

It is not possible from this panel to remove assignment of a Virtual File/Folder from a User if assignment is granted via a User Group. The administrator needs to modify either the group access to a Virtual Folder or this User's access to Groups.

### User Groups

User Groups allow easier management of Virtual Files/Folders by joining common access and permissions granted to multiple users on a team to be controlled in a single location.

#### New

Launch the User Group Wizard.

#### Edit

Modify the User Group, including assigning Users or Virtual Files/Folders to the Group.

#### Disable/Enable Group (right click option)

Disable the User Group. Allows an administrator to temporarily restrict access that a group provides without permanently removing the group's configuration.

#### Delete

Remove the User Group.

### Creating User Groups

#### Group Name

Unique name on the FileCatalyst system to represent the Group. This is the name which will appear when provisioning a Virtual File/Folder to the Group or assigning a User to a Group.

#### Group Description

Description of the User Group. Useful for administrators to recognize the purpose of the group.

### Editing Groups

Once a User Group has been created, you can start assigning Users to the Group, and configure Virtual Files/Folders to be accessible to the Group.

#### Assigning Virtual Folders/Files to Groups

Note: Permissions stated as "ADV" fall outside of basic configuration of READ or ALL (read-write). Details can be viewed by selecting the permission link on the list.

### Authentication Services (LDAP, RDBMS, PAM)

In addition to the internal user definitions, FileCatalyst Server allows the integration of LDAP servers for user management. This allows easy integration into existing corporate infrastructures, and allows users already defined in a corporate environment to be auto-provisioned.

Two different types of LDAP databases are supported by FileCatalyst server: OpenLDAP and Active Directory. Both can support multiple context strings, allowing easy integration on even complex corporate structures. LDAP queries over SSL (ldaps://, default port 636) are supported for secure encrypted communication between the FileCatalyst server and the remote authentication service.

Note: FileCatalyst does not support the ldapi:// protocol, which is also known as StartTLS, where an LDAP connection is established first (ex. on port 389) and then it becomes protected via TLS. Be sure your TLS LDAP server is configured for the ldaps:// protocol.

#### Service Switch

The service switch defines which order FileCatalyst Server will query authentication services to validate a user/password pair. The syntax is similar to the nslookup switch on Unix systems, and is configurable by the Authentication Wizard ("Setup" button).

Acceptable values are combinations of:

 "internalDB" "OpenLDAP" "ActiveDirectory" "db" "PAM" 

#### Enable Auto-provisioning

If OpenLDAP or Active Directory has been selected as an authentication service, the administrator can configure the server to automatically create users which already exist in the remote authentication service the first time they attempt to log in. If this is disabled, users must be explicitly be created by an administrator before being granted access to the server.

User accounts that are auto provisioned will be created using settings listed under the User Defaults tab.

#### OpenLDAP and Active Directory Configurations

Any changes to LDAP configuration must be sent to the server first ("Apply" button) before they can be tested or used by FileCatalyst server. For step by step LDAP configuration and examples, start the Authentication Setup Wizard ("Setup" button).

#### Verify Directory Services Online

Tests if remote directory services (OpenLDAP and/or Active Directory) are currently on-line and available to the FileCatalyst server. Used primarily to verify that the port/IP have been properly configured.

#### Test Authentication

Test complete authentication process on the FileCatalyst server. Administrator must provide a username/password pair. Server logs during the authentication process are output to capture trace and error logs.

### Installing an SSL Certificate

To simplify the certificate installation process, steps 2-4 are best executed from within a Windows command line. In the examples, the certificate authority file used is "cacerts", which is part of the JVM/JRE directory as seen in step 2.

1. Set up the LDAP server or Active Directory server with your certificate according to your organization's particulars.
2. Copy the certificate authority file into the FileCatalyst Direct Server directory. Using default installation paths, your command will look like this:
copy "c:\Program Files\Java\jdk1.8.0_72\jre\lib\security\cacerts" "c:\Program Files\FileCatalyst Server\"
3. Copy the certificate file(s) onto the FileCatalyst Direct server directory. This must be an X.509 certificate format.  Note: For Active directory servers, the certificate is normally found on the root (c:\) directory. Example:
copy "c:\mycertificate.crt" "c:\Program Files\FileCatalyst Server\"
4. Import the LDAP server certificate key into authority file using Keytool, which is distributed with JAVA. Note: Replace values represented by <> brackets with appropriate values. The "alias" is arbitrary and can be any easy-to-remember value. You will be prompted for a keystore password. By default, cacerts has a password of "changeit". Example import command:
"c:\Program Files\Java\jdk1.8.0_72\jre\bin\keytool.exe" -import -alias <myldapserver> -file <mycertificate.crt> -keystore "c:\Program Files\FileCatalyst Server\cacerts"
5. Insert the authority file keystore into fcconf.conf. Open fcconf.conf in an editor and modify the appropriate line as follows:
FCServer.server.config.LDAP.ssl.selfsignkeystore=c:/Program Files/FileCatalyst Server/cacerts

### Authentication Setup Wizard

#### Select Authentication Services

One or more authentication services may be selected for FileCatalyst Server. If an OpenLDAP or Active directory server is selected, you have the additional option of enabling users found on these remote authentication services to be auto provisioned.

#### OpenLDAP

##### OpenLDAP URL and Port

Enter the URL and Port Number of the server to connect to. The URL must start with "ldap://" or "ldaps://". By default, LDAP servers use port 389 for regular LDAP connections, and 636 for LDAP over SSL connections.

NOTE: Secure LDAP connections require a signed SSL certificate be installed on the LDAP server to function properly and securely. Though not recommended, the use of self-signed SSL certificates is possible. The SSL certificate file (.pem or .pkcs12) must first be transformed into a Java TrustStore file, and requires having the Java virtual machine on the FileCatalyst Server side accept the certificate as valid and trusted.

Once the certificate is a TrustStore, manually edit the FileCatalyst Server fcconf.conf file and add the following line:
FCServer.server.config.LDAP.ssl.selfsignkeystore=TrustStore.filename

##### Context Strings

Context strings are required for LDAP queries to uniquely identify a user in the repository. They are templates for the queries. The LDAP driver requires that curly brackets "{userinput}" exist in the context string, as these will be removed and replaced with the username during the login process. The FileCatalyst Server will try each context string, one at a time, until it finds one that works for the user being queried. Context strings are matched against configured LDAP dn values. Therefore, each context string must match the intended dn values exactly.
For example: If the LDAP server is configured with dn values formatted such as
dn: cn=victor,ou=People,dc=utechsoft,dc=com
where victor is a username, then the matching context string must be
cn={userinput},ou=People,dc=utechsoft,dc=com
Alternative dn formats may use a different RDN (relative distinguished name) syntax for the username instead of cn= (for example, uid=victor). Configure your context string(s) appropriately.

Multiple context strings (one per line) can be entered for LDAP queries to satisfy more complex organizations. Configuring specific distinguished names also allows organizations to limit access to the application to only a subset of users where required. To optimize performance it is best to list multiple context strings in order of most preferred or most prevalent matching strings first.

#### Active Directory

##### Active Directory URL and Port

Enter the URL and Port Number of the server to connect to. The URL must start with "ldap://" or "ldaps://". By default, LDAP servers use port 389 for regular LDAP connections, and 636 for LDAP over SSL connections.

##### Active Directory Context Strings

Context strings are required for Microsoft Active Directory to uniquely identify a user in the repository. The LDAP driver requires that curly brackets "{userinput}" exist in the context string to be replaced with the user name during the login process.

Values normally modified:

• enter the user domain
• enter the search base (identifies your organization)
• fill in the security group (to limit access to subset of users)

Multiple context strings (one per line) can be entered for LDAP queries to satisfy more complex organizations. Security groups in Active Directory can optionally be entered to restrict access to FileCatalyst to a subset of users.

##### Active Directory Authentication Service Switch

This switch determines the order in which the authentication services are called. By default, FileCatalyst Server requires a positive authentication from only one authentication service to accept an incoming user connection.

##### Active Directory Limitations

The names of security principal objects can contain all Unicode characters except the special LDAP characters defined in RFC 2253. This list of special characters includes: a leading space; a trailing space; and any of the following characters: # , + " \ < > ;

#### Test LDAP Authentication

The complete authentication process is validated on the FileCatalyst server. Administrator must provide a username/password pair. Server logs during the authentication process are output to the dialog box to capture any issues with the login procedure. This is the preferred method of validating authentication services.

#### Multiple Disjointed Directory Services

For organizations with multiple ActiveDirectory or OpenLDAP servers, it is normally best practice to configure the directory services to point to each other, allowing one AD or OpenLDAP server to authenticate any user within the organization.

If this is not possible, FileCatalyst does have the ability to support multiple ActiveDirectory or OpenLDAP servers. This must be done by editing fcconf.conf and manually setting LDAP settings for additional LDAP server.

## Example shows two active directory servers being utilized for user authentication.
## Default "ActiveDirectory" values can be edited via GUI
## "ActiveDirectory01" values must be edited in the configuration file

## authentication switch
FCServer.server.config.user.auth=ActiveDirectory ActiveDirectory01 internalDB

## Default AD server. These values may be edited (as before) in the GUI
(&(sAMAccountName={userinput}))SEARCH_BASE=dc=unlimitechSECURITY_GROUPS=FCUsers

##"ActiveDirectory" or "OpenLDAP" to be valid, plus an additional label ("01" in this example)
(&(sAMAccountName={userinput}))SEARCH_BASE=dc=unlimitechSECURITY_GROUPS=

#### RDBMS as Authentication Service

Organizations where user/password information in stored in relational database (i.e. MySQL, Oracle), FileCatalyst can be configured to utilize JDBC drivers and query user tables to validate user/password pair.

This must be done by editing fcconf.conf and manually directory services. Multiple databases may be utilized for authentication.

## Example shows a MySQL and Oracle servers being utilized for user authentication.

## authentication switch
FCServer.server.config.user.auth=db db01 internalDB
#
# FCServer.server.config.auth.db.jdbcpath=C:/Program Files/FileCatalyst Server/lib/
mysql-connector-java-5.1.8-bin.jar
# FCServer.server.config.auth.db.jdbcdriver=com.mysql.jdbc.Driver
# FCServer.server.config.auth.db.jdbcconnectionstring=jdbc:mysql://10.1.1.50:3306/schemaname
# FCServer.server.config.auth.db.jdbcuser=mydbuser
# FCServer.server.config.auth.db.jdbcvalidationquery=SELECT * FROM mysql.db
#
# FCServer.server.config.auth.db.01.authenticationquery=SELECT * FROM schemauser.usertable WHERE username=
# FCServer.server.config.auth.db.01.jdbcpath=C:/Oracle/XEClient/jdbc/lib/ojdbc14.jar
# FCServer.server.config.auth.db.01.jdbcdriver=oracle.jdbc.OracleDriver
# FCServer.server.config.auth.db.01.jdbcconnectionstring=jdbc:oracle:thin:schemauser/system@10.1.1.46:1521/XE
# FCServer.server.config.auth.db.01.jdbcuser=schemauser
# FCServer.server.config.auth.db.01.jdbcpasswd=system
# FCServer.server.config.auth.db.01.jdbcvalidationquery=SELECT * FROM DUAL
# FCServer.server.config.auth.db.01.password_encrypt=true
##### authenticationquery

Provides FileCatalyst Server with the SQL used to determine if the supplied credentials are valid. The authentication query MUST contain {username} and {password} to properly function. NOTE: If the function returns a record, authentication is considered successful.

##### jdbcpath

JAR for the JDBC driver. This is provided by the database vendor.

##### jdbcdriver

Class name for the JDBC driver. These are provided by the database vendor.

##### jdbcconnectionstring

Database connection parameters. This includes server IP, Port, driver type, and database identifier.

##### jdbcvalidationquery

Performed to ensure that the JDBC connection is still up. This should be a quick running query that can be periodically run by the JDBC pool (for Oracle, you can use "select * from dual").

Used when the user passwords are encrypted as an MD5 hash on the database already. Setting this value to true will enable the MD5 hash value to be sent over the JDBC connection in the query instead of the plain text password (default false).

#### OpenLDAP with Security Filters

Organizations that use an implementation of LDAP such as OpenLDAP or SunONE directory services can specify a security filter against which users will be authenticated. The authentication involves two steps. The first step is to make sure the user can bind with the username and password provided. The second step is to check if the user meets the security filter defined in the context.

To define a security filter, append SECURITY_FILTER at the end of the context string.

This must be done by editing fcconf.conf or manually entering it through the user interface.

# To enable security filtering searches, append SECURITY_FILTER={filter string}
at the end of the context string.
# {filter string} is to be replaced by the string you wish to filter users. Context 3, 4, and 5 will
show examples of this.
# EXAMPLES:
# FCServer.server.config.LDAP.open.context.00=displayName={userinput},dc=myCompanyName,dc=com
# FCServer.server.config.LDAP.open.context.01=mail={userinput},dc=myCompanyName,dc=com
# FCServer.server.config.LDAP.open.context.02=sn={userinput},dc=myCompanyName,dc=com
# FCServer.server.config.LDAP.open.context.03=displayName={userinput},dc=myCompanyName,dc=comSECURITY_FILTER=
(&(mail={userinput})(uid=100))
# FCServer.server.config.LDAP.open.context.04=mail={userinput},dc=myCompanyName,dc=comSECURITY_FILTER=
# FCServer.server.config.LDAP.open.context.05=sn={userinput},dc=myCompanyName,dc=comSECURITY_FILTER=
(&(mail={userinput})(admin=true))

#### Unix PAM as Authentication Service

When installing the FileCatalyst Server on a UNIX machine, you can configure the application to authenticate against the operating system using native PAM interface. This allows you to configure users either on the OS (/etc/passwd + /etc/shadow files) or point to another authentication system (i.e. NIS server).

Authentication switch should have the PAM in it to direct calls.

FCServer.server.config.user.auth=PAM internalDB
# - This setup means that user lookup is done using PAM first.
# performed on an the Files.


Configuration of PAM on the system requires several steps to prepare the operating system to accept calls from the FileCatalyst Server. Please refer to the JPAM_README.txt and RELEASE_NOTES.txt under the Unix ./jpam/ folder for details.

### User Defaults

User Defaults allows the administrator to pre-define what configuration values a new user shall have by default when created. These are a subset of the options presented when editing a user account.

#### Account Settings

The Default User Home Directory Root specifies where user directories will be stored by default. Sub-directories using the username will be created from this location to separate user files. In the following example, a new user "joe" created would have his user files default to "C:/Program Files/FileCatalyst Server/data/joe/" directory.

#### Permissions

Select file and folder permissions that an account will have by default.

#### Bandwidth / Quota

The priority and volume of data (upload only) the user will be entitled to use by default.

By default, the FileCatalyst Direct Server allows case sensitive usernames. A user identified as ‘bob’ is different than ‘BOB’ or ‘Bob’.

Microsoft Active Directory, on the other hand, is case insensitive; consequently, when AD authentication is coupled with auto-provisioning, duplicate entries are created. To solve this issue, you may configure FileCatalyst Server to force all user names to be case insensitive.

Note: When choosing to enable this feature, a user list purge is required on the server. This means:

• All users will have their usernames converted to lowercase.
• Duplicate users found on the system (‘Bob’, ‘BOB’, ‘bob’) will be removed from the system. When duplicate users are detected, the purge will try to keep the user with only lowercase characters if possible (‘bob’ in this case is preserved).
• All existing connections must be dropped for the user list to be purged. Clients can connect after the purge is complete.

Note: To roll back changes:

• Uncheck force username on GUI, and hit Apply
• Stop FileCatalyst Direct Server
• Replace the .fcdb\FCSERVER_DB folder with one from backup/database/<date of backup> where the date of backup is from before the conversion.
• Start FileCatalyst Direct Server

At this point, you will have returned the user list to the state it was before the purge.

FileCatalyst Server can be configured to block user accounts and/or IP addresses which have been identified as having multiple consecutive failed login attempts. This includes consecutive failures which may have occurred before the relevant options are enabled by the administrator. When the limit is reached, login failures are recorded in the application log files. If the Monitoring Agent is configured, alarms are also sent out notifying that a User account or IP address has had multiple consecutive login failures.

FileCatalyst Server records the event and may enforce one of two actions:

• Temporarily block logins for the account/IP (to prevent brute force attacks on user passwords).
• Permanently block user accounts (or IP addresses using IP Filters).

Once user accounts have been blocked, they are “grayed out” in the Users section of the FileCatalyst Server interface. A link with the label “unblock” also appears, allowing the account to be re-enabled.

If the Monitoring Agent is configured, an additional alarm will be sent to alert the fact that accounts/IPs have been disabled.

#### User accounts

Default failure limit is set to 5 consecutive login failures. Account blocking is enabled by default for a 3 minute interval (180 seconds).

Default failure limit is set to 50 consecutive login failures. IP blocking is disabled by default. Recommended 600 seconds (10 minute) timeout if set.

Note: It is recommended that the IP address limits be above those for specific user accounts to prevent a single user who forgot their password from blocking an entire remote office.

### Quick Connect

Once a user has been added to the File Catalyst Server, it is possible to use the connect option to transfer data between the file system and the user's directory.

Note: Quick connect from the Server uses 2 connections. One is for browsing and the other is used to transfer files.

To open the quick connect, click on the connect text inside the panel.

In the connect dialog, you may navigate to the files you wish to move and the location you wish to move them using the directory trees, listings and path text fields. In order to transfer files, select the files or folders you wish to move and drag them across to the other side.

Once the transfer has begun, the progress and status of each file transfer is visible in the panel below the file listings.

### Network

#### Bind to Server IP Address

FileCatalyst Server can bind server port to specific IP addresses hosted by the machine. By default, the server will try to bind (port 21) on all IP addressed assigned to the host.

In some situations the server will try and bind to an IP address that has not yet been initialized by the server. If you are experiencing this problem, you can add a bind timeout too allow for more time to establish a bind. To add this value, you must add the following new line to the fcconf.conf:

FCServer.server.config.bind.timeout=TIME

Replace "TIME" with the number of millisecond you wish to wait to establish a bind. The default is 30000.

#### Server Port

The port on which the server is listening for incoming connections. Clients connecting into this port should be aware that the data (including user/password) are non-encrypted, and can be intercepted on the network. This is maintained mostly for backwards compatibility with standard FTP. Default 21.

#### Secure Server Port

FTPS port, where connection data is encrypted using SSL. Default port 990. By default, a self-signed SSL certificate will be created at run-time by the application. Configuration of an alternate SSL certificate may be done by navigating to the Security panel.

#### SFTP Server Port

SFTP port, where connection data is encrypted using ssh. Default port 22. Be aware this feature does not have any bandwidth throttling capability like the Secure Server Port or the Server Port, however transfer statistics are displayed normally. Also note that ssh shell commands are disabled for this feature but scp commands are not.

Be aware that scp downloads are limited to one file at a time due to security limitations. Attempts to download complete folders will fail using scp command line.

When using SFTP there will be additional logging, if you do not desire this additional logging you can turn it off in the FCConfig.conf, setting FCServer.server.config.sftp.logging.enabled = false

#### Data Port Range

The port range which the server can use for data connections.

When FileCatalyst server is running on a private IP address, behind a NAT device, you must specify the public IP of the NAT device in order for FileCatalyst to allow connections from outside the NAT.

By default, the IP masquerade applies to all connections. However, it may be desirable to bypass the masquerade address for local connections. A local connection is considered one whose IP address is within the 192.168.*.*, 172.16-31.*.*, or 10.*.*.* ranges.

#### Idle Timeout

The amount of time (in seconds) to remain idle before automatically disconnecting a client. This value defaults to 300 seconds or 5 minutes. Note that in some cases the client may be executing long running processes such as an MD5 or delta calculation on very large files and thus it may be necessary to increase this value.

### Memory

#### Maximum Block Size

The maximum block size dictates to all clients uploading files what the maximum block size will be. The block size determines how much data will be stored and sent at one time from the transmitter to the receiver. For example, if the block size is 10MB (10240000 bytes) then 10MB of data will be sent before proceeding to the next 10MB of data. Generally the larger the block size the better the throughput due to less acknowledgments. A server with a larger amount of memory may have a larger maximum block size. Consideration should be given to how many concurrent transfers may be occurring at one time as the memory usage of the server may rise to the product of the maximum block size * the maximum sender threads * the number of concurrent connections.

#### Maximum Packet Size

The maximum UDP packet size that client applications can send to the server. Generally this should be less than the MTU of your network, usually 1500.

In order to improve performance, FileCatalyst transmit clients can begin to send another block of data before the previous block has been acknowledged. This setting defines how many blocks can be started before waiting for all previous blocks to be acknowledged. This improves performance as it removes the down time between when the transmitter has sent an entire block and when the receiver has acknowledged the receipt of that block. The memory consumption on the server and the client will necessarily consume more memory the higher this value is set. The amount of memory will be the product of the number of threads and the block size. Since the overlap time can be quite small, sometimes only 0.5 seconds or lower, the memory usage may appear to increase then drop once the previous block has been acknowledged

#### Concurrent Connection Limit / Configure for High Server Load

When enabled, the server can set a maximum concurrent user limit below the value granted in the license.

As a general rule, very high latency and high bandwidth network conditions often see performance improvements by having higher number of sender threads or allocating larger block size each thread. With limited memory on a system and a large volume of concurrent users connecting, you can encounter situations where the Java Virtual Machine runs out of memory, and cannot accept new connections.

If this scenario is encountered, the solution can either decrease memory allocation each user consumes server-side (the button ‘Configure for High Server Load’ does this), or limit the number of concurrent users while maintaining high throughput links within available memory.

### UDP Resources

When configuring the FileCatalyst server to achieve high speed levels (500Mbps - 10Gbps for a single connection), several optimizations must be done in order to make sure the system is able to utilize multiple cores of a server. These include configuring the number of reader threads per connection, packet processors (used for decoding AES packets on the receiver side), and the number of block writers.

By default, the block size used for each read operation is the same size specified by the client in the network block size. This can be adjusted for improved performance. Please run the advanced IO testing tool to see what works best for your system.

##### Packet processors

Packet processors are responsible for taking packets off the network socket, decrypting them, and preparing them for the block writers. When using AES at speeds greater than 200Mbps, it may be required to increase the number of packet processors on the receiving end to ensure multiple CPU's are utilized to decrypt the incoming data.

On the server, setting this value will only affect uploads. If downloading data from the server, similar settings should be set on the client applications.

Number of threads PER CONNECTION spawned to write blocks off the disk. On the server, setting this value will only affect uploads. Writer threads in FileCatalyst perform the following tasks:

• Uncompress data block (if using on-the-fly compression)
• Perform MD5 checksum on block (if using on-the-fly Verification)
• Write block data to disk

For systems using LMZA compression or possibly high speed transfers (> 1Gbps), setting multiple block writers may allow higher performance for single high speed connections. If your system is configured to accept 50+ concurrent connections, it is recommended to leave this value at the default settings (1) to minimize system resources.

##### Writer block size

By default, the block size used for each write operation is the same size specified by the client in the network block size. This can be adjusted for improved performance. Please run the advanced IO testing tool to see what works best for your system.

These values should be modified only after running through some performance IO testing. See here for more details.

### Miscellaneous

#### Bandwidth

##### Unlimited bandwidth for FTP LAN Transfers

By default, LAN FTP connections are granted unlimited bandwidth to the server. This behavior can be disabled, restricting even non-latent FTP traffic to abide by the server license restriction.

##### Enable Bandwidth Limit

In some cases, it may be beneficial to impose a bandwidth limit on the FileCatalyst Server. To enable a global bandwidth limit, select the Limit maximum bandwidth option, and then specify the limit that you wish to have. Do note, that this limit cannot be negative, and cannot exceed the bandwidth limit on the current FileCatalyst Server license.

#### System Monitor

Toggles the FileCatalyst Server to allow File System Event Monitoring, a feature provided with the HotFolder to trigger notifications when the file system detects a change event on a user directory. If errors are occurring because the file system is not compatible (some mounted network file systems), you can disable the feature to prevent error messages from appearing in the logs.

#### Rotation Time

This setting allows you to rotate logs and reset quotas at a time other than midnight. This is useful in situations where your server is located in a different time zone than most of your clients. i.e. you could have the quotas reset at midnight for your clients, rather than midnight on your server.

#### File Post Processing

The server will attempt to execute the given script after each file upload is complete passing in the following parameters into the said script. <%U%> will be replaced with the user receiving the transfer. <%F%> will be replaced with the absolute path to the uploaded file. If <%F%> is not found, the server will append the absolute path. <%A%> will be replaced with either UPLOAD or DOWNLOAD.

For example: /scripts/postProcess.sh <%F%>

Note: currently this feature is disabled for archiving since it defeats the purpose of batching large groups of small files together only to send a post command to the server for each individual file transferred, incurring the overhead that auto zipping (and Auto Archiving in multi manager) hoped to avoid.

##### Sample Scripts

Windows sample, to go into a .bat file. This script simply reads the parameters and saves the values to a post_process.log file

 echo %1 %2 %3 >> C:\Program Files\FileCatalyst Server\post_process.log 

Unix sample, to go into a .sh file. This script simply reads the parameters and saves the values to a post_process.log file

 echo $1$2 \$3 >> /home/adminuser/post_process.log 

### Server Optimizations

#### Disable Force Flush

By default, write operations automatically flush both data and meta data to file system for all IO calls. Disabling force flush allows Java to utilizes the OS file cache (RAM). This option is only visible in advanced mode.

More details about the server license can be viewed and modified in this area. License changes can also be applied from a remote admin to the server.

### System Properties

#### System Properties

This advanced feature is a tool for tech support to change Java VM System Settings on the fly, do not change any settings here without help from tech support.

Server may require a restart for these values to take effect.

## Security Settings

### Enable Implicit SSL

By default, FileCatalyst server establishes a clear text channel to communicate commands with connected client programs. If you are using a password for authentication, or if policy dictates that this type of communication must be secure, you must enable SSL on the Control Connection. When enabled, FileCatalyst will use the specified certificate (see SSL Certificate Settings) to encrypt all commands and replies that are sent through the Control Connection.

Enabling Security will also ensure all admin sessions are created using SSL.

To enable a secure channel, go to the "Advanced" tab and check "Secure Server Port". If security has not previously been set up on the system, click the "Configure Security" text and step through enabling security for the application.

In order to connect from a 3rd party FTP client, you must set the connection mode to FTPS/Implicit.

### Enable AES

If procedure dictates that all data be encrypted, you must enable the AES option for the Data connection. When enabled, FileCatalyst will use AES encryption to ensure that, in the unlikely event that data was intercepted, it is useless to everyone except the intended recipient.

The strength of the encryption can be adjusted in the config file (fcconf.conf) to 128, 192, or 256 bit. The higher the encryption strength, the higher the overhead, and subsequently the lower the attainable transfer speed will be. It is recommended that unless policy dictates a higher strength, that users keep the default value of 128 to achieve the best balance of security and performance.

### SSL Certificate Settings

When "Enable SSL" is selected, you must specify a certificate to be used to encrypt the control connection:

#### Certificate File

This is the path to the SSL certificate stored in PEM format (*.pem).

#### Private Key File

This is the path to the private key file for the selected certificate stored in PVK format (*.pvk).

This is the password for the selected private key.

#### New Certificate

FileCatalyst provides a convenient SSL Certificate Generation wizard that, in the event you do not already have a certificate issued from a 3rd party such as Verisign or Thawte, allows you to create your own "self-signed" certificate. Please see help section for "SSL Certificate Generation Wizard" for more details.

Online instructions for converting .crt files into PEM files are available: http://conshell.net/wiki/index.php/Keytool_to_OpenSSL_Conversion_tips.

Mode details on installoing SSL certificates are available: https://support.filecatalyst.com/index.php?/Knowledgebase/Article/View/293/0/how-to-install-a-ssl-certificate-into-a-filecatalyst-server.

#### View Certificate

This option allows you to view the details of the currently selected SSL certificate.

### SSL Cipher Restrictions

FileCatalyst Server allows the selection of specific SSL ciphers which are considered appropriate for encrypted communication. By default, the entire Java SSL/TLS set is utilized. To modify the default values (example: enforce a minimum 128-bit encryption cipher), manual configurations may applied to fcconf.conf.

The following steps illustrate how to configure so that only strong ciphers are utilized:

1. Enable SSL on the FileCatalyst Server: Follow the example provided in section 4.0. The option "Enable Implicit SSL" must be selected, and SSL must be properly functioning before restricting enabled ciphers.
2. Shutdown FileCatalyst Server: As this is a manual fcconf.conf file modification, the server must be shutdown before changes can be made to the server.
3. Restrict the Cipher List: The following lines should be added onto the fcconf.conf file to restrict ciphers:
## SSL Cipher restriction
# By default, accepted SSL ciphers are specified as part of the standard Java JRE.
# These can be modified to exclude less secure ciphers.
FCServer.server.config.ssl.restrict.ciphers=true 
4. Restart the Server & Verify Logs for Supported Ciphers: Because there is no specific cipher list defined yet in fcconf.conf, the server will recognize the lack of allowed encryption algorithm and immediately shut down. By examining the server logs, the complete list of supported ciphers for the platform is listed. The following is an example:
Mon Sep 21 14:32:07 EDT 2009 - System: Windows XP 5.1 x86 - Java(tm) 1.8.0_1
Mon Sep 21 14:32:07 EDT 2009 - Initializing SSL Administrative Socket on port 12400
Mon Sep 21 14:32:08 EDT 2009 - No ciphers listed are currently supported by the JVM. Please revise the
allowable ciphers in the configuration.
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (0) SSL_RSA_WITH_RC4_128_MD5
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (1) SSL_RSA_WITH_RC4_128_SHA
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (2) TLS_RSA_WITH_AES_128_CBC_SHA
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (3) TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (4) TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (5) SSL_RSA_WITH_3DES_EDE_CBC_SHA
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (6) SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (7) SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (8) SSL_RSA_WITH_DES_CBC_SHA
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (9) SSL_DHE_RSA_WITH_DES_CBC_SHA
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (10) SSL_DHE_DSS_WITH_DES_CBC_SHA
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (11) SSL_RSA_EXPORT_WITH_RC4_40_MD5
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (12) SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (13) SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (14) SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (15) SSL_RSA_WITH_NULL_MD5
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (16) SSL_RSA_WITH_NULL_SHA
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (17) SSL_DH_anon_WITH_RC4_128_MD5
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (18) TLS_DH_anon_WITH_AES_128_CBC_SHA
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (19) SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (20) SSL_DH_anon_WITH_DES_CBC_SHA
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (21) SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (22) SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (23) TLS_KRB5_WITH_RC4_128_SHA
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (24) TLS_KRB5_WITH_RC4_128_MD5
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (25) TLS_KRB5_WITH_3DES_EDE_CBC_SHA
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (26) TLS_KRB5_WITH_3DES_EDE_CBC_MD5
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (27) TLS_KRB5_WITH_DES_CBC_SHA
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (28) TLS_KRB5_WITH_DES_CBC_MD5
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (29) TLS_KRB5_EXPORT_WITH_RC4_40_SHA
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (30) TLS_KRB5_EXPORT_WITH_RC4_40_MD5
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (31) TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
Mon Sep 21 14:32:08 EDT 2009 - Available SSL cipher supported by JVM: (32) TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
Mon Sep 21 14:32:08 EDT 2009 - null
Mon Sep 21 14:32:08 EDT 2009 - Server can not start Admin server on port 12400 Cannot create SSL server socket.
Shutting down.
Mon Sep 21 14:32:08 EDT 2009 - Server shutting down
5. Enable Cipher List on the Server: There are multiple on-line forums describing the exact makeup of each cipher. In the case where only strong ciphers are required (encryption levels >= 128 bit), the following lines are entered into fcconf.conf. Only these specific ciphers will be used by the application server socket. If clients connecting does not have a match, the connection will be logged and dropped.
# If the restrict.cipher == true, you must supply a list of acceptable ciphers
# the application can utilize when opening up SSL server sockets.
# Each cipher listed should have a unique number assigned (start with ".00"), with the preferred
# cipher set to the lowest numerical value.
FCServer.server.config.ssl.allowed.ciphers.00=SSL_RSA_WITH_RC4_128_MD5
FCServer.server.config.ssl.allowed.ciphers.01=SSL_RSA_WITH_RC4_128_SHA
FCServer.server.config.ssl.allowed.ciphers.02=TLS_RSA_WITH_AES_128_CBC_SHA
FCServer.server.config.ssl.allowed.ciphers.03=TLS_DHE_RSA_WITH_AES_128_CBC_SHA
FCServer.server.config.ssl.allowed.ciphers.04=TLS_DHE_DSS_WITH_AES_128_CBC_SHA
FCServer.server.config.ssl.allowed.ciphers.05=SSL_RSA_WITH_3DES_EDE_CBC_SHA
FCServer.server.config.ssl.allowed.ciphers.06=SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
FCServer.server.config.ssl.allowed.ciphers.07=SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
6. Restart the Server and Verify Server Logs If SSL ciphers are restricted, server logs provide a list of ciphers enabled.
Mon Sep 21 15:23:44 EDT 2009 - Initializing SSL Administrative Socket on port 12400
Mon Sep 21 15:23:45 EDT 2009 - SSL ciphers restricted by configuration.
Mon Sep 21 15:23:45 EDT 2009 - SSL cipher enabled: (0) SSL_RSA_WITH_RC4_128_MD5
Mon Sep 21 15:23:45 EDT 2009 - SSL cipher enabled: (1) SSL_RSA_WITH_RC4_128_SHA
Mon Sep 21 15:23:45 EDT 2009 - SSL cipher enabled: (2) TLS_RSA_WITH_AES_128_CBC_SHA
Mon Sep 21 15:23:45 EDT 2009 - SSL cipher enabled: (3) TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Mon Sep 21 15:23:45 EDT 2009 - SSL cipher enabled: (4) TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Mon Sep 21 15:23:45 EDT 2009 - SSL cipher enabled: (5) SSL_RSA_WITH_3DES_EDE_CBC_SHA
Mon Sep 21 15:23:45 EDT 2009 - SSL cipher enabled: (6) SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Mon Sep 21 15:23:45 EDT 2009 - SSL cipher enabled: (7) SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

### Setting Encryption Method

In order to help keep sensitive configuration information secure, the application encodes data in the settings files. The default setting may be overridden to use either a salted AES or a salted DES encryption. To set the value, you must edit your fcconf.conf file. Find the line:

FCServer.server.config.encoding.format=DEFAULT

Changing the value of this setting to AES, DES, or DEFAULT will cause all encoded values to be re-encoded and saved with the new algorithm. If you are upgrading from a version where encoding did not take place, these values will be encoded and saved.

The default settings are:

FCServer.server.config.deployment.security.defaultTransport=TLSv1
FCServer.server.config.deployment.security.SSLv2Hello=true
FCServer.server.config.deployment.security.SSLv3=false
FCServer.server.config.deployment.security.TLSv1=true
FCServer.server.config.deployment.security.TLSv1.1=true
FCServer.server.config.deployment.security.TLSv1.2=true


Supported protocols include:

• SSLv2Hello
• SSLv3
• TLSv1
• TLSv1.1
• TLSv1.2

### Remote Access via Encrypted Protocols

If you are accessing the server using a remote admin, that application must have access to an FCConf.conf file that contains the protocol information. On Windows and Linux, this is the install directory and if you are running the admin that was installed with the server no file creation is necessary. If you are running the server as a service on OS X, you will need to copy the fcconf.conf file from

/Library/Application Support/FileCatalyst/Server

to

/Users/User/Library/Application Support/FileCatalyst/Server

Note that these settings must also be provided for other clients, such as the HotFolder, so that they can access the server.

### FileCatalyst Reverse Proxy

FileCatalyst Reverse Proxy allows a FileCatalyst Server to be completely isolated behind a firewall, with no incoming ports open and still be accessible to FileCatalyst Client applications. Documentation for the FileCatalyst Reverse Proxy is available for download.

## SSL Certificate Generation Wizard

### Certificate Information

This step allows you to enter information about your organization and will be stored in the generated certificate.

Note: The Common name is generally the domain name on which FileCatalyst server will be running. For example, if the server is located at filecatalyst.mycompany.com then set common name to ‘filecatalyst.mycompany.com’.

### Key Length

The key length allows you to specify the encryption strength that will be used to generate the SSL certificate. The higher the strength the more secure your data will be. However keep in mind that higher strength encryption will also lower performance.

### Certificate Name and Save Location

The certificate name specifies the filename under which the certificate will be stored. For example if you specify ‘mycert’ as the certificate name, the files will be stored as ‘mycert.pem’ (certificate file) and ‘mycert.key’ (the private key file).

When specifying a password for your certificate, please record the password and store it in a safe place. Without the password your certificate is useless and must be re-created. Passwords may not be the same as the certificate name.

You must select a location to store your certificate files. Please make note of this location as you will need it to select the newly created certificate on the Security Settings panel of FileCatalyst.

## IP Filters

IP Filters provide a method of protecting your server from attacks or malicious users. Servers can be pre configured to allow or deny all IPs by default, and then provide exceptions to the default rules. If Allow is enabled, any IP's on the allow list will take precedence over the Denied list. If Deny is enabled, items in the deny list take precedence over the allow list.

### Enable IP Filters

To enable IP filters, this box must be checked. If left unchecked, any filters applied (including the default apply/deny rule) will be ignored and all requests will be allowed.

### Allowed IP List

The allowed IP list indicates the IP's that should always be allowed access to the server, regardless of the default mode. In the case that an IP is found in both the Allowed AND Deny Lists, the rules of precedence described above will take place.

### Denied IP List

The denied IP list indicates the IP's that should always be denied access to the server, regardless of the default mode. In the case that an IP is found in both the Allowed AND Deny Lists, the rules of precedence described above will take place.

### IP Ranges and Wildcards

IP rules support both wildcards and ranges. For example:

• 192.168.1.1 (only this specific IP should be affected by the rule)
• 192.168.1-100.1 (all IPs starting with 192.168, followed by any value within the range of 1-100, followed by a 1 should be affected by this rule)
• 192.168.*.* (any IP starting with 192.168 should be affected by this rule)

### IP Filters XML Schema

The IP Filters XML file (ipfilters.xml) describes the status (enabled/disabled) of the IP Filters mechanism, as well as the default rule (allow/deny) and any other rules defined.

<?xml version="1.0" encoding="UTF-8"?>

<!-- Root Element in the XML Representing The Access Restrictions
and their current status (enabled=true/false) -->
<AccessRestrictions Enabled="true">

<!-- Denotes the value of the default rule (Allow/Deny) -->
<DefaultRule AllowDeny="Allow"/>

<!-- Denotes the start of the rules for this server -->
<Rules>

<!-- Rules describing specific IPs or ranges that are always permitted to access the server -->
<Allow IP="127.0.0.1" />
<Allow IP="192.168.*.*" />

<!-- Rules describing specific IPs or ranges that are always denied from access the server -->
<Deny IP="147.1-100.*.*" />

</Rules>

</AccessRestrictions>

## Email Settings

### SMTP Settings

#### SMTP Server

The hostname of your outgoing mail (SMTP) server.

#### Port

The port which the SMTP server is running on. Typically port 25.

#### Use SSL

If your server requires SSL to send mail, then check this box

If this is enabled and the user specifies on their side (i.e. from the client application) to send alerts, then email will be sent to the address provided. Note that some SMTP servers have rules in place that may limit the recipient email address to a certain domain name. If you encounter issues configuring these settings please contact the administrator of your SMTP server.

Enter the subject that you would like all email alerts to have. The default subject for alert emails is "FileCatalyst Transfer Notification"

#### Send emails 'From' Admin email

This option determines who will receive email alerts once a transfer has finished. If this option is unchecked, all email alerts will sent to the email address specifed within the Admin email text area. If the option is checked, all email alerts will be sent from the specifed admin email to the client's email address

### Configuration

#### Connection Port

Specifies the port which the remote administration tool will use to connect to the FileCatalyst Server (default: 12400).

#### Enable Remote Connections

Specifies whether or not to allow computers other than “localhost” to connect to the FileCatalyst Server. If enabled, a username and password must be specified.

Specifies whether or not to allow computers other than “localhost” to connect to the FileCatalyst Server through HTTP connections. If disabled, all non-local HTTP connections and REST services to the FileCatalyst Server will be rejected.

#### Force authentication for localhost

Expected behavior on a Windows machine is to set this value to false. It implies that when you start the server, the administration console will come up as expected and you can immediately configure and monitor the FileCatalyst Server.

On a Linux/UNIX environment however, client-side remote access is often granted onto a server via SSH or VNC. In order to lock down configuration from regular users, it is desirable to select this feature and limit access.

Provides an optional administrator account that is used only to monitor the server but not apply any settings. When this user connects, all configuration options are hidden, while all activity and monitoring tools are available.

FileCatalyst Server is managed through a remote protocol and server interface. This allows the flexibility of being able to manage your server, from anywhere, at anytime. You will use the FileCatalyst Server Admin tool (included in the FileCatalyst Server installer for Windows, and available as a separate download) for either of these scenarios:

1. Accessing FileCatalyst Server from a remote computer; for example, over the Internet or over a LAN.
2. From the local machine, while FileCatalyst Server is running as a service or is otherwise 'headless' (no GUI)

Once connected, the administrator is presented with the standard server administration GUI.

#### Logging In

With no sites defined, the tool is used to log into an instance of FileCatalyst Server running on “localhost” (ex. FileCatalyst Server running as a service on the same physical machine). However, to create a remote connection you must first define a site with the Connection Manager (see below). Once defined, select the server from the drop down, enter a username and password, and click “Login”

#### Using Active Directory

The remote administrator may authenticate using an Active Directory; however, this option must be enabled and configured through the fcconf.conf configuration file, located in the FileCatalyst Server install path. To enable, first locate the configuration parameter FCServer.server.config.admin.auth= and add the value "ActiveDirectory".

Next, the configuration values must be set by uncommenting the selection of FCServer.server.config.LDAP.AD parameters (found next in the conf file) and setting appropriate values. Once both steps are done, a resulting configuration section might look like the following example:

 FCServer.server.config.admin.auth=ActiveDirectory files FCServer.server.config.LDAP.AD.url=ldaps://127.0.0.1 FCServer.server.config.LDAP.AD.port=636 FCServer.server.config.LDAP.AD.context.00=SECURITY_PRINCIPAL=MYDOMAIN\\{userinput}SEARCH_FILTER=(&(sAMAccountName={userinput}))SEARCH_BASE=dc=myCompanyName,dc=comSECURITY_GROUPS=FCUSERS 

#### Connection Manager

After clicking ‘Manage’, the connection manager allows you to define connection information for various FileCatalyst servers. The “localhost” account is created by default, and is for connecting to a server running on the same machine. To define a new site, simply click add new site, then fill out the required information (site name, host, and port (default 12400)).

Click “Close” to save the site.

Virtually the same administration interface is available through a web browser, using the Remote Administration Applet. If your FileCatalyst Server license permits remote administration via applet, you may enable it by following the instructions found in the Enabling HTTP Access section of this document.

### Connections

The “Connections” tab allows you to see the connections into the FileCatalyst Server from remote administration tools such as the Remote Server Admin, Remote Server Applet, or Server API.

The ‘Connection Type’ column shows that each connection is one of:

1. ‘CONTROL’ connections sent commands to the server
2. ‘STATUS’ connections retrieve user and admin status updates from the server
3. ‘LOG’ connections retrieve administrative log output from the server

Right-clicking the table permits closing remote admin connections. Remote admin connections (such as the Server GUI) may reconnect.

FileCatalyst Server has the ability filter IPs for remote administration connections. This works similar to the User IP Filters, which allow you to designate a default behavior (i.e. DENY all connections) and then apply a filter to allow specific IP addresses or ranges that are allowed access.

Administrators trying to connect from a blocked IP address will be notified they have been blocked by IP Filters.

## HTTP Settings

### HTTP Access

FileCatalyst Server allows the application to administered through Internet access. To fully enable this access, visit the Administration panel and check “Enable Remote Connections”. The specified Connection Port and Web Port must be opened on the firewall if one is in place.

#### Enable HTTP Transfers

Allows FileCatalyst Clients to transfer data to the server via the embedded HTTP Servlet.

#### Use SSL

Enabling SSL will force all browser requests to port 12480 to go through an SSL socket.

#### HTTP Config

• The IP format can be chosen from the drop-down depending on whether the administration URL will be used internally or externally.
• Note: If the bind all interface option is selected, FileCatalyst Server will listen to all IP formats that are present within the drop-down window. If the option is disabled, the FileCatalyst Server will only listen to requests to the currently selected IP format.

• Web Port may be changed to any valid and available port.
• Webroot: This URL serves as the entry point for web applications hosted by the server.

The 'Manage application (HTML)' button leads to FileCatalyst Server's Web Administration tool. A detailed explanation on how to use the Web Administration tool can be found here

The 'Manage Application (Applet)' button is not available if the browser being used doesn't support applets. When available, it brings the user to an applet (still Java-based) version of the Server UI discussed in this very document.

The 'Transfer Files' button opens additional options for browser- and TransferAgent-based transfers to and from the FileCatalyst Server

• Servlet: This URL is used by FileCatalyst client software in order to establish HTTP-based transfers. Directly accessing it will show a status page.

• Link: This URL is the entry point to the FileCatalyst Link application described in this section: Link Settings.

• Note: When IP Masquerade is enabled, all access links will be updated to use the masquerade address. There will be also be a new notification that informs you of the changes that have been made the access links. Here is an example of what the access links may look like when IP Masquerade is enabled.

### Enabling AJP Connector

To enable the AJP Connector, check the appropriate box.

On their own, IIS or Apache cannot serve Java based applications. AJP (Apache JServ Protocol) allows the FileCatalyst Embedded Web server to be integrated with a 3rd party web server like IIS or Apache. The 3rd party web server may then proxy requests to the FileCatalyst server without the need to open additional ports on the firewall. It also allows the HTTP server in FileCatalyst to take advantage of any pre-existing SSL encryption that might exist on the web server.

The following documents explain how to integrate IIS and Apache with the Tomcat web server; the process is identical to integration with FileCatalyst.

Note that enabling AJP access will block direct access to HTTP on the server. All access must go through the AJP provider. This includes but is not limited to the HTML UI, the applets, the servlet, REST services, Link, the Server Upload Form and the help documentation. Links in the UI will not work.

### HTTP Uploads with HTTP Servlet

In order to use HTTP Servlet to upload files, HTTP transfers should be enabled first (see section Enabling HTTP Access).

The user can find the HTTP Upload tool via the splash page found at the web root (see image below). The user must click "Transfer Files", followed by "Upload (HTTP)".

Clicking on the "Upload (HTTP)" button will take the user to a login page where user must provide valid credentials associated with a user that exists on FileCatalyst Server. Once the user is authenticated, they can either browse files from local file system or drop files into the upload area and upload files into their home directory:

If the transfer is successful, has errors, or is cancelled, the user will be redirected to new page. Pictured below is the redirect from a successful file transfer:

The redirect pages are configurable. The file config.js can be edited to provide redirect URLs for transfer error, success, and cancelation events using "errorurl", "succesurl", and "cancelurl" respectively. To customize, simply replace the defaults with your own valid paths to custom files.

The config.js file provides several other configuration options. A detailed explanation of each field is provided here.

### Enabling Cross-Origin Resource Sharing (CORS) for HTTP Servlet

By default, the HTTP Servlet is not set up to respond to requests that come from web pages served from a origin different from its own. The HTTP upload tool does not need the HTTP Servlet to respond to Cross-Origin requests because the HTTP Servlet and the HTTP upload tool are both hosted on the same WebServer (ie. they share the same origin). However, If the HTTP upload tool is being integrated into another web application as described here, the HTTP Servlet would need to be able to respond to Cross-Origin requests.

The configuration file trustedorigins.xml is used to define the origins that are trusted by HTTP Servlet and allowed to make requests to the HTTP Servlet to transfer files. More specifically, the URL entered for an origin tag (<origin>) is a trusted origin. Add as many trusted origins as required, where each origin contains one unique entry. Alternatively, to allow the HTTP Servlet to trust any origin, enter an origin tag with the value set to '*'.

Restart the server after modifying the trustedorigins.xml file for the changes to take effect.

For instance, if the HTTP upload tool is deployed on a web application at  http://filecatalyst.com/httpupload/  then http://filecatalyst.com  must be added to the trusted origin list.

### Overview

In an attempt to allow FileCatalyst clients a simple and easy method to send files to others, FileCatalyst provides clients with the ability create an email "link" that is sent out to a recipient list specified when the link is created. Upon receiving the link, the recipient will be able to open the email and activate the link by clicking on the URL specified within the email's content. Once a link is activated, a temporary user with no assigned home directory will be created on the server, and the recipient of the weblink will use this temporary user to access the files that are contained within the link. Temporary users created this way will automatically delete after the period of inactivity set by you in link settings

Note: If IP Masquerade is enabled, all Links that are sent out by FileCatalyst Server will have their access IP replaced with the current masquerade address. If both the IP Masquerade and Use Host Name For Links options are enabled, the hostname will be used over the IP Masquerade address

Additional documentation can be found at the following locations:

The link management tab allows you see all of the links that are currently stored within the server application. In addition, the table provided will allow you to view important information such as the link ID, which user created the link, how many times the link has been accessed by a client, the creation date of the link and the date the link expires on.

In addition to the details for each link, the table that is presented supports a collection of options that you might find useful. Right clicking on an entry within the table will present a pop up window where you will be able to chose if you would like to delete, resend, or view the link that you have selected. The link table also supports the ability to search for links matching a particular link ID or user name specified within a search window. To bring up this search window, simply select the menu item "Actions -- Find", or press "ctrl-f".

#### Allow Clients To Set Link Expiration Options

Enable this option to give client applications the ability to set an expiration time on links. When a client specifies an expiry, the time must be smaller than the value found within the "Number of days that links will be stored" configuration option.

Note 1: This setting applies to all current Links for as long this option is enabled

Note 3: This setting takes precedence over "Allow Clients To Set Link Expiration Options". If both settings are enabled, a client application may only create single-use Links, but is still allowed to set a custom expiry date as per the description for "Allow Clients To Set Link Expiration Options" above.

#### Number Of Days That Links Will Be Stored

The number of days that a created link will stored. By default the amount of days that links are stored within the server is 7. However you may change this value to any value that is between 1 day and 31 days.

#### Number Of Days For Failed Emails Will Be Stored

The number of days a failed email will be stored for retry. The default failed email retention value is 2 days; however, you may change this value to any value between 1 and 5 days.

#### Number Of Minutes That Pass Before Inactive Temporary Users Are Removed

The number of minutes an inactive temporary user will be stored within the server. The default value is 20 minutes; however, you may change this value to any value between 1 and 60 minutes.

#### Use Host Name For Links

Hostname may be used instead of IP to give links a friendlier appearance, as well as to allow both internal and external users to access the application. If you wish to use a hostname instead of IP, check this box and specify a hostname in the provided field (ie. somemachine.yourdomain.com instead of default IP value).

Note: To function properly, the hostname must be able to be resolved by the recipients of the links. This is typically done through appropriate DNS entries, but may also be accomplished by the user editing their system (ie. a "hosts" file).

#### Enable Service Image

Enable this option and provide a valid image file (JPG, PNG, or GIF) in order to show the image in Link emails, as well as on the Link Creation and Link Download pages. In Link emails, the image is shown at the top of the email content; on the Link pages it appears at the top-left corner of the page.

Note: Updating these settings will not affect emails that have already been sent.

## Reporting

### Overview

FileCatalyst provides well defined Data and Bandwidth CSV files that may be used by 3rd party applications to generate reports for specific users over defined periods of time. The Data file will contain a record for every individual file transfer that takes place including uploads and downloads.

The Bandwidth file will contain records that include transmit and receive rate as well as username and a time stamp. The frequency of these records is determined by adjusting the report snapshot interval. If there are no active transfers at the time of the snapshot, there will be no record written. If there is data in the snapshot, a record will be written for each individual user that is currently transferring, as well as a record that is the sum of all transmit and receive rates for all users.

### Settings

Click the checkbox to enable reporting and press Apply. Define the location for reports in the first field, followed by the Retention Period and the Snapshot interval. The Retention Period is used to define how long logs are kept for before they are purged. Report Snapshot Interval refers to the granularity of the bandwidth data information being captured. Shorter intervals provide the most information, but at the cost of system performance and report file size.

### Run Report

FileCatalyst Server provides 2 basic graphical reports; one for the amount of data a user has transferred over a time period, and another that displays snapshots of the transmit and receive rates at defined intervals for individual users or the server as a whole.

Select a type of report, a range of users, and a range of time. Click "Run Report" to generate a graph of the statistics requested. Here are a few sample reports:

#### Zooming

FileCatalyst allows you to zoom in on the reports as well. If for example you run a report such as the one below, you can click in the top left of the area on which you want to zoom and drag the mouse cursor to the bottom right of the area on which you want to zoom. Here is an example of the full report, and the section to be zoomed on has been highlighted.

And once you release the mouse button, the highlighted section will fill the entire graph area as illustrated below:

In order to zoom out, hold the mouse cursor anywhere on the graph, click and drag it to the left, and the release.

### Report File Format

FileCatalyst report files are currently written using a CSV (Comma-separated values) file format. The first line of the file will always contain the headers for each field. The format for both the Data report and the Bandwidth report are as follows.

#### Data Report Information

Fields Values
Report Create Time A positive 64-bit integer value representing milliseconds since 1970
Transfer Type ‘UDP’, ‘FTP’ representing the protocol used for the transfer
ID 32-bit integer, can be negative but will always be unique across all records.
Status ‘SUCCESS’, ‘CANCEL’, ‘ERROR’ representing the state of the transfer upon completion
File Size A positive 64-bit integer value representing the total size of the source file to be transferred
Data Transferred A positive 64-bit integer value representing the amount of data actually transferred (less than total if cancelled or error)
Transfer Start time Date/Time of transfer start in format yyyy/MM/dd HH:mm:ss.SSS (i.e. 2008/07/30 16:09:10.037)
Transfer stop time Date/Time of transfer stop in format yyyy/MM/dd HH:mm:ss.SSS (i.e. 2008/07/30 16:09:10.037)
Average Rate A positive 32-bit floating point value representing the average data transmit/receive rate (Kbps)for the duration of the transfer
Peak Rate A positive 32-bit floating point value representing the peak data transmit/receive rate (Kbps) over the duration of the transfer
Effective Rate A positive 32-bit floating point value representing the effective data transmit/receive rate (Kbps) over the duration of the transfer
Packet Loss % A positive 32-bit floating point value representing the packet loss percentage over the duration of the transfer
Remote Host The IP address of the remote client which initiated this transfer
File Path The local path which the file was transmitted or received
Session ID A value created in a transfer with a FileCatalyst HotFolder which identifies which transfer task a particular file transfer is associated with
Agent ID The identification value assigned to the server by File Catalyst Central
Location The FileCatalyst Server's IP Address
Remote Location The IP Address of the remote client
Report Archive Time A positive 64-bit integer value representing milliseconds since 1970

Sample CSV file contents:

#### Bandwidth Report Information

Fields Values
TimeStamp A positive 64-bit integer value representing milliseconds since 1970
Username The username for account that initiated the transfer. The global sum user is ‘_SUM_’
Remote Host The IP address of the remote client which initiated this transfer. Value will be blank for the global sum user.
Report Time Date/Time of this bandwidth snap shop in format yyyy/MM/dd HH:mm:ss.SSS (i.e. 2008/07/30 16:09:10.037)
Transmit Rate A positive 32-bit floating point value representing the transmit rate (Kbps) at time of snapshot
Receive Rate A positive 32-bit floating point value representing the receive rate (Kbps) at time of snapshot

Sample CSV file contents:

"1217350587500","user","127.0.0.1","2008/07/29 12:56:27.500","0","85000"

## FileCatalyst Central—Enterprise Monitoring and Management

### Connecting to FileCatalyst Central

Allows a FileCatalyst Server to connect to FileCatalyst Central (formerly known as MonitoringAgent or MonitoringConsole).

Connections to FileCatalyst Central must be initiated by the service (HotFolder or Server). Fill in the information to connect to Central (address/port/monitor username/password), as well as indicate what IP this server is known as and an alias that can be used to recognize this specific service.

Enabling connection to FileCatalyst Central will also initiate report generation, so that Central can download transfer activities to it's database.

## External File Systems

FileCatalyst Server has the ability to leverage external file systems (such as cloud storage instances) for file storage. Supported file systems include:

1. Amazon S3
2. Azure Blob
3. OpenStack Swift
5. Backblaze B2
6. SMB / CIFS

This feature is described in a separate document: FileCatalyst Server: External File Systems.

## System Monitor

### System Activity Monitor

This graph indicates the transfer rates of your server, including both FileCatalyst and FTP traffic. The blue line indicates the total receive rate of the server (that is files being uploaded to the server). The red line indicates the total transmit rate (that is files being downloaded from the server). The green line is the total rate (that is combination of the transmit and receive).

### Monitor By Session

The system monitor allows you to view and manage current sessions on the server. It lists all active sessions, their IP address, username, status, and connection time. You can kill an individual session by right clicking on an item in the list and selecting “Kill Session”. You may also block the IP or disable the User account logged in for the session, which will also terminate it and prevent it from reconnecting.

### Monitor By User

This monitor allows you to view and manage current sessions, grouped by logged on users, on the server. It lists all active users, and how many active sessions they have. You can kill all sessions from a user by right clicking on an item in the list and clicking the Kill Session(s) button. You can also block all of the IP's used by that user, or disable the user account from this menu.

### Guaranteed Delivery

FileCatalyst Server provides the capability to perform on-the-fly modification to bandwidth allocation, priority, and file delivery time. This allows administrators to temporarily override the bandwidth values assigned to user sessions. There are a variety of ways to re-allocate bandwidth depending on the needs of the administrator.

In order to access these functions, navigate to the ‘System Monitor’ section on the left of the GUI, and select the ‘By Session’ tab. Assuming there are active sessions, right-click the session to be modified and select ‘Override Bandwidth /Priority’ followed by the desired option. Modified sessions are highlighted in yellow until defaults are restored automatically or manually.

The available options can be set by ‘Current File‘ or by ‘Current Session’. Modifications classed as ‘Current File’ will only take place for the duration of the one file already in progress. Modifications classed as ‘Current Session’ will span multiple files, and will end once the session in-progress has finished.

#### Current File Options

##### Deliver ASAP

This will allocate 99% of the available server bandwidth to the transfer of the current file, in the selected session. A note will appear to present the ETA (Estimated Time of Arrival) of the file. All other sessions will be reduced to very low bandwidth values until the selected file is completely transferred.

##### Specify Delivery Time

This will allow the administrator to choose an exact delivery time for the current file, in the selected session. The administrator will be warned if the selected time is not possible due to license or bandwidth constraints. If the selected time is possible, the exact bandwidth required to meet that delivery time is calculated and applied to the session. Upon completion of the file delivery, the bandwidth is returned to the default values for that user.

Note: this feature has known limitations. The bandwidth calculated to complete the transfer at the specified time is not re-adjusted as the transfer progresses. Over time, external factors such as congestion and/or other users connecting/disconnecting, may render the initial bandwidth calculation inadequate to complete the transfer by the specified time. For this reason, this feature may only be relied upon if the congestion is minimal, and there are a minimal number of connects/disconnects during the transfer. These limitations will be addressed in a future version.

#### Current Session Options

##### Override Priority

This will decrease or increase the priority of the selected session based on the value (1 - 10) selected by the administrator, permitting the selected session to use less or more of the available bandwidth relative to the other active sessions. The amount of bandwidth permitted as a result depends on how many sessions are active. User accounts, by default, have a priority of medium, so the impact of setting a session priority may be less if several users are connected. Please see the note below for more information.

##### Specify Exact Rate

This allows the administrator to specify the exact bandwidth for a session. For example, setting the bandwidth for a session to 500 Kbps guarantees that session will transfer at exactly that rate for the duration of the session. If the value is higher than the default bandwidth that user was assigned, additional bandwidth will be taken from other sessions to accommodate. If the specified value is lower than the default bandwidth the session was assigned, the difference will be divided among the remaining sessions. If the specified value is not possible due to other bandwidth already being allocated, a warning message will be presented to the administrator notifying them of the maximum available bandwidth they can assign.

The bandwidth override functions may be reset at any time by right clicking the desired session, selecting ‘Override Bandwidth /Priority’ followed by ‘Reset Default Bandwidth’. In addition, the bandwidth for all sessions may be reset by right clicking any session and selecting ‘Reset All Bandwidths’.

NOTE: These override settings cannot allocate more bandwidth to the user than they have assigned in their client application. For example, if a client application is set to use 10 Mbps, and the server attempts to allocate 50 Mbps, the rate of the client will not increase. The assumption is that the client application is set for their individual link speed, and as such an attempt by the server to override this value may accidentally oversaturate the client's network.
If all active sessions have the same priority, then the server permits each session to use an equal percentage of the licensed maximum bandwidth. The permitted bandwidth for each session depends on how many sessions are active, such that the sum of the maximum bandwidths permitted by all sessions equals the absolute maximum bandwidth allowed by the server licence. Sessions with different priorities are permitted to use different percentages of the licensed maximum bandwidth based on differences between the assigned priorities. If the network does not support as much bandwidth as the server licence permits, priority differences can have little to no effect on the balance of the realized session bandwidths.

## Running at Startup

### Windows Service

FileCatalyst Server can be configured to run as a service. Clicking the File menu option Run at Startup will install the FileCatalyst Server as a service. On next startup, FileCatalyst Server will start automatically. When run as a service, the administration will not be available through a Graphical User Interface (GUI). In order to use a GUI, the administrator must connect using the FileCatalyst Server Admin application or via an HTTP connection to the applet URL.

### Mac OSX

Note:Mac service installation is only available on 64-bit Mac OSX. Installation on a 32-bit OSX machine will provide you with a warning about not being able to run on an Intel-based MAC (the error is actually due to the OS trying to load a 64-bit native preference library in a 32-bit system).

To install the application as a service on Mac OSX, you will need to open up the System Preference window.
Under the "Other" group, select the FileCatalyst Server icon.

Enabling the checkbox to run as a service will prompt for your login password to verify your actions. Afterwards, the service will startup when the machine boots up.

Note: Configuration files for service are under:

"/Library/Application Support/FileCatalyst/Server/"
while running the Server standalone (not as a service) stores files in:
"/Users/<username>/Library/Application Support/FileCatalyst/Server/"

Administrators should be aware that switching between running as a service and running stand-alone may result in different configuration files being accessed by the Server application.

### Linux, Solaris, AIX Service

• Create application folder: /opt/utechsoft/server/
• Unzip/Untar bundle
cd /opt/utechsoft/server
gunzip ./fc_server.tar.gz
tar -xvf ./fc_server.tar
• Run server to extract License request string
java -jar FileCatalystServer.jar
Request String: R2D2C3P0W3333333
• Edit fcconf.conf, enter in licensing information, enable remote administration.
2. CONFIGURE application to run as a run-time daemon
• Run the following commands as the root user to install the service:
sudo su -
cd /opt/utechsoft/server/service_wrapper
chmod +x *.sh
• Edit the fc_env file if necessary (installation directory, java path, etc)
• Install the service
./install.sh
3. At this point, you should be able to start the service. You can now login using the FileCatalyst Server Admin to configure the application.
4. Logs can be examined in /opt/utechsoft/server/wrapper.log

Uninstall by running the /opt/utechsoft/server/service_wrapper/uninstall.sh script as the root user.

## HTTP Servlet

### HTTP Tunneling

The HTTP Servlet allows FileCatalyst Direct Clients to fall back to HTTP-based transfer when ‘auto’ mode is used, or to always use HTTP in certain client scenarios.

Typically, FileCatalyst Direct Clients will fall back from Accelerated UDP to multi-stream TCP to single-stream TCP; the servlet adds one more layer: fallback to HTTP.

The benefit of HTTP-based transfer is that it is almost never blocked by corporate firewalls. As long as a user's computer is able to connect to the Internet, they should be able to transfer files over HTTP. Although HTTP-based transfers cannot be accelerated with the FileCatalyst Protocol, two key benefits remain:

• virtually guaranteed connectivity between client and server ends. End users will not need to have special configuration performed by their IT department in order to make a transfer
• The reliability and scheduling benefits of the FileCatalyst product are still intact

The servlet will also translate HTTP requests to FTP for non-FileCatalyst FTP servers. If you have a legacy FTP server still in production, you may use the Servlet in conjunction with our client software (with a special Client Connect Key) in order to allow them to communicate with the legacy FTP server through the HTTP tunnel.

The Servlet needs to be licensed in order to operate within the Server architecture.

## Performance Tuning

The FileCatalyst Performance Tuning documentation can be found here

### Installing the Software

Download the desired version of FileCatalyst Server and save it to a location such as our recommended directory: /opt/utechsoft/server

Extract the files:

gzip -d fc_server.tar.gz
tar xvf fc_server.tar

Run the following command to make the shell scripts executable

chmod a+x *.sh

### Licensing the Server

Run the server for the first time:

./fc_server_console.sh

You will be prompted with a License Request String. If you have not already been sent a license key, send this request string to Unlimi-Tech and someone will reply with a license key.

## License key
FCServer.server.config.license=3D9456711670A38C040ABC66CA13297B23 

### Changing Default Ports

Edit the file ‘fcconf.conf’, and look for the lines similar to this:

## FC server port number.
## Default FC port is 21.

FCServer.server.config.port=21

## FC data port numbers
## Default data port is 0 (means any available ports will be used).

FCServer.server.config.data.port.pool=8000-8999

In some cases port 21 may already be in use by an FTP server running on the same machine. If this is the case, you can change the server port number to any open port. Make sure to note the port for client configuration.

The data port range can also be configured by changing 8000-8999 to the values you desire.

### Creating SSL Certificate and Enabling Security

A script is included to help you generate an SSL certificate. Run the following command and follow the on screen instructions:

./fc_server_genssl.sh

Once you have generated an SSL certificate, you must configure the server to use it. Edit the file fcconf.conf, and use the following settings:

## SSL settings
FCServer.server.config.private.key.pass=
FCServer.server.config.enable.security=true
FCServer.server.config.private.key=yourcert.pvk
FCServer.server.config.certificate.file=yourcert.pem

The password cannot be set directly in the fcconf.conf file, as it is not stored in plain text. To set the SSL certificate password, run the following command:

java -jar FileCatalystServer.jar -passwdssl

When the password is set, restart FileCatalyst Server and SSL will be enabled.

Mode details on installoing SSL certificates are available: https://support.filecatalyst.com/index.php?/Knowledgebase/Article/View/293/0/how-to-install-a-ssl-certificate-into-a-filecatalyst-server.

### Managing Users

Users cannot be created or edited from the command line as this information is now stored in a database. However, it is possible to change a password for a user by running the following command:

java -jar FileCatalystServer.jar -passwd <username>

Remote Admin is stand alone application that can run on a machine that has GUI or XWindows and can connect to either a FileCatalyst Server running on a headless Linux machine or to manage a FileCatalyst server service. To enable remote admin, you must edit fcconf.conf, and enable the following settings:

FCServer.server.config.remote.admin.enabled=true
FCServer.server.config.remote.admin.port=12400

java -jar FileCatalystServer.jar -passwdadmin

### Specifying Configuration Directory

FileCatalyst Server normally stores configuration files in the working directory where the application is installed. If it is desired to have a separate directory to store configuration files, this can be done by modifying the command-line arguments used when starting the server.

On Linux installs, modify the starting script files to add the "-fconfig [dir]" as additional arguments. Example: fc_server_console.sh script would become:

java -XX:+IgnoreUnrecognizedVMOptions --add-modules=java.xml.bind -Xms64M -Xmx1024M -jar FileCatalystServer.jar -fconfig /my/directory/ &

If launching the application as a service, the /conf/wapper.conf file must be modified to include these new run-time arguments:

# Application parameters. Add parameters as needed starting from 1
wrapper.app.parameter.1=unlimited.fc.server.FileCatalystServer
wrapper.app.parameter.2=-fconfig
wrapper.app.parameter.3=/my/directory/

On Windows machines, the executables (.exe) files cannot be used to start the application with separate configuration directories. However, you may start the FileCatalyst Server using a command-line JAVA call much like on Linux. In addition, if the server is run as a service, you may make similar modifications to the service wrapper portion of the fcconf.conf file in the installed directory. When the service is started, the Java service wrapper will load up FileCatalyst using a separate directory indicated by the application run-time arguments.

# Application parameters. Add parameters as needed starting from 1
wrapper.app.parameter.1=unlimited.fc.server.FileCatalystServer
wrapper.app.parameter.2=-fconfig
wrapper.app.parameter.3=c:/my/directory/

Note that two configuration files (fcconf.conf & ipfilters.xml) as well as database files (.fcdb/) will utilize this as the new configuration root directory.

### Command Line Usage

 Command-line usage for FileCatalyst Server Usage: java -jar FileCatalystServer.jar [COMMANDS] [options] HELP COMMANDS: -help --> prints this help to console -version --> prints out the Version number OPTIONS: -fconfig <path> --> Specify alternate configuration (fcconf.conf, etc) path) -path <path> --> Specify alternate server working directory -license <license string> --> Specify alternate licenses string to use at run-time -webroot <root www folder> --> Specify alternate webroot path to use at run-time -port <port num> --> Specify what socket plain server listens on (non-SSL) -writebuffer <buffer in KB> --> Specify value of the write buffer in KB -maxblocksize <bytes> --> Specify maximum block size (bytes) -controlpanel or -systray --> Launches the Server Remote Admin GUI in addition to the Server. -quiet --> Do not create console output logger ADDITIONAL COMMANDS: -shutdown --> Asks a running FileCatalyst Server to shut down INTERACTIVE COMMANDS: The following commands prompts user for more input to perform actions. FileCatalyst Server should be shut down first before running. -passwd <username> --> Modify user password in database -passwdadmin --> Modify the administrative password -passwdssl --> Encrypt and insert the SSL password -testIO --> Execute a write IO test for the server -testReadIO --> Execute a read IO test for the server 

## Firewall Setup

### Control Connection

The firewall on the server side of the network must be configured to allow incoming TCP connections on port 21, or whatever has been set as the incoming server port.

### Data Connections

The firewall on the server side of the network must be configured to allow incoming UDP/TCP packets on ports 8000 - 8999, or whatever range has been specified in the server configuration. If you only plan to allow uploads to the server, and do not plan to use standard FTP clients to connect to the server, you can limit this to UDP only. TCP is only required to establish data connection to retrieve directory listings for FTP downloads and directory listings.

## REST Services

### Enabling REST services

FileCatalyst Server is capable of accepting REST service calls in order to configure and control the service. REST services are required and automatically enabled when you connect the Server to be managed by FileCatalyst Central, but may also be used to build a remote control application external to the FileCatalyst Server.

To manually enable REST services, you need to allow HTTP access (see HTTP Settings tab). This will open up the web server port (default 12480), and allow access to REST services.

### REST services security

All REST services require user authentication to run them. User credentials are passed in using HTTP headers. There are two ways to pass in user credentials.

This HTTP header can be used to pass in user credentials. The user credentials are Base 64 encoded and follow the following format: username:password

URL: http://localhost:12480/rs/users
Method: GET
Accept: application/json
RESTAuthorization: YWRtaW46c3lzdGVt

Returned JSON:
{{"totalRecords":3,"totalFilteredRecords":3,"isListFiltered":false,"user":[...]}

This is the more secured (and recommended) version for using the REST services. At least one call needs to be called using the above mentioned HTTP Header (RESTAuthorization). A POST call to the /rs/AuthorizationSession REST service with the above header and the user credentials in the data content is required to get back a session secret. Once the session secret is known, it can then be used for all subsequent calls using the RESTSessionSecret header. The session secret will be valid for as long as the session stays alive on the server.

URL: http://localhost:12480/rs/AuthorizationSession
Method: POST
Accept: application/json
Content-Type: application/json
RESTAuthorization: YWRtaW46c3lzdGVt

Content:
{"authorization":"YWRtaW46c3lzdGVt"}

Returned JSON:
{"sessionSecret":"644783159662526094"}

JSON Example using RESTSessionSecret:

URL: http://localhost:12480/rs/users
Method: GET
Accept: application/json
RESTSessionSecret: 644783159662526094

Returned JSON:
{{"totalRecords":3,"totalFilteredRecords":3,"isListFiltered":false,"user":[...]}

### REST services documentation

Documentation on the REST services provided by the FileCatalyst Server application can be viewed here

### REST example using Swagger

In addition to the REST documentation, a web application built on the Swagger UI framework has been provided.

By using this application, you will be able to view all of the available REST services within the application, as well as examples of responses and requests that a particular call may produce or consume. In addition to these examples, the Swagger application supports the ability to configure REST call and make them directly against the application. Upon executing a REST call, the application will present you with the response for the call, as well as a small CURL example of the request that was made.

How to view the Swagger UI application

If you are viewing this document from a web-based connection, this application may be viewed by clicking here.

If you are viewing this document from a local connection, this application may be viewed at the following URL: http://{fc.server.web.ip}:{fc.server.web.port}/help/Server/restDocs/ui/index.html

## Frequently Asked Questions and Troubleshooting

1) Users are unable to connect to the server, what is going on?

Your firewall may be blocking incoming TCP requests on port 21 (or whatever port you set for the control connection).

2) No files can be uploaded to the server, what is going on?

Make sure the user under which FileCatalyst server is running has sufficient permissions to write files to the data directory specified.

3) I am seeing 0 byte files in the data directory, why aren't transfers working properly?

Your firewall or router must allow incoming UDP traffic so data can be received from the client applications. Further, if the server is behind a NAT, the packets must be forwarded to the proper IP address. Another possible issue is that the client side is behind a firewall and doesn't allow outgoing UDP data.

4) It looks like even with no firewall, no UDP packets are being received by the server, why not?

It is possible that you have set the encoding unit size greater than 1472, which results in fragmented UDP packets. Some routers and firewall's will automatically drop fragmented packets. If this is the case try lowering the packet size to 1472 or less. Windows operating systems tend to perform better with a value of 1024.

5) Transfers are slower when there are a large number of incoming file transfers, why?

The answer is likely that your disk is not able to keep up with the transfers. The only option is to upgrade your disk to something faster. To receive at hundreds of Mbps, you will need to have a very efficient storage device to keep up. You could start with a fast SATA drive at 10K or 15K RPM, a fast RAID, or a fast SAN or NAS connected over GigE.

6) Will a hub affect my performance?

Hubs are more susceptible to collisions at high speeds which will result in an additional packet loss. As you increase the packet size, the UDP packets FileCatalyst sends will no longer fit in an ether frame. The OS will fragment the Jumbo packets into many smaller fragmented packets that match the MTU of your network (usually 1500 bytes). The larger the packet, the more pieces it is broken into.

7) Are there additional bottlenecks that I should be aware of?

If your concurrent connection speed is 100 Mbps and FileCatalyst server is storing data to network storage (NAS or SAN) on a 100Mbps or lower switch; this will cause FC to compete with itself for bandwidth when receiving and writing. The transfer rate using this network topology would be approximately 50Mbps or lower.

Performance may be further affected if you are connected to a 100 Mbps or lower hub as this is a potential source of packet loss due to congestion. If replacing the hub with a fast switch is not an option, do not attempt to send at the full capacity of the hub with a packet size greater than 1472 (or whatever setting does not cause fragmentation) or significant performance degradation could occur.

8) Which version of Java is required to run the application?

FileCatalyst will run on any Windows, Linux, OS X, or Solaris/Sparc computer that can run Java 1.8 or higher. Please visit http://java.com to get the latest version of Java for your platform. Oracle JDK is recommended. OpenJDK and GNUJDK are not supported.

9) How can I see my networked mapped drives under Windows 8 or higher?

Windows machines which have mapped network drives may not being visible to the Server due to Microsoft's implementation of User Access Control (UAC) starting with Windows Vista.

There are examples online on how to disable this or set the system to allow drives to be visible to services.

To implement a workaround:

1. Unzip the file enablelinkedconnections.zip in the application directory (C:\Program Files\FileCatalyst Server\)
2. Run the registry entry enablelinkedconnections.reg to enable the Server to see mapped network drives.
3. A reboot will be required for this to take effect
4. To uninstall, run the undo.reg the same way as enablelinkedconnections.reg, a restart is also required on uninstall

10) Where are my logs?

On Window or Linux, the logs can be found in the logs directory in the application's install directory. On OS X, the logs will be found in logs folder of the appropriate application folder in "Library/Application Support/FileCatalyst" for the user running the application, or in the root library if the application is being run as a service. The path to the logs can also be found in the configuration file as log.location.

11) Why am I seeing an UnsupportedClassVersionError?

You are likely trying to run with an unsupported version of Java. FileCatalyst products require a minimum version of Java 1.8

### Save Info to Log Location

This will gather some basic info about your application version, Java version and OS

### Diagnostic Report

The Diagnostic Report button collects state, logs, and configuration information about your application that will be useful to FileCatalyst engineers for analysis and troubleshooting. The information is assembled into a zip archive under the diagnostics subfolder of your application installation directory, from where it can be forwarded to the FileCatalyst support team if desired.

Generating diagnostics is a background activity, there will be limited visual feedback to the user when the Diagnostic Report button is pressed, and regular product usage can be resumed immediately. The diagnostics archive can take a few minutes to generate, depending on how busy the product is with other operations. In order to keep times short and the resulting zip file small, the logs are filtered based on time and size. Some temporary files may appear in the diagnostics folder during this time. When the archive is complete and ready to send, it will appear in the diagnostics folder with a name similar to "FileCatalyst<product>_<date&timestamp>_diagnostics.zip".

Please login to the Support Portal (https://support.filecatalyst.com/) to submit a ticket and upload diagnostics and other relevant ticket files. If you already have a Ticket ID, you can also use Support2U (https://support2u.filecatalyst.com/) to send this diagnostics file directly.

## Support

### Support System

Visit our support website at https://support.filecatalyst.com to view the knowledge base and to submit a ticket (Available 24/7).

If you have already submitted a Ticket and would like to send us your case files please go to https://support2u.filecatalyst.com to upload them. A valid Ticket ID will be required.

### Chat, Email and Phone Support

Live Chat: Visit our website at https://support.filecatalyst.com - Available on Monday to Friday from 7 AM - 7 PM Eastern Time Except for Statutory Holidays

Email: support@filecatalyst.com - Typical response time is one business day

Phone: +1(613) 667-2439 or +1 (877) 327-9387 - Available on Monday to Friday from 7 AM - 7 PM Eastern Time Except for Statutory Holidays