Table of Contents
Enterprise File Fabric Appliance Installation Guide version 1906
The SME File Fabric platform is shipped as a virtual appliance. Once you have deployed it into your environment you have to follow a few steps to get the product set up and ready for use. This document will walk you through the initial install steps needed to get started.
This document does not cover how to deploy the File Fabric in your virtual environment, only how to configure the software once the virtual appliance is deployed. For production deployments see File Fabric Sizing Guide.
For VMWare, vSphere 5.5 or above is required.
The virtual appliances support public and private clouds. Images are also available for the following:
You need to prepare/collect the following information before you can complete this configuration guide:
- Provided with trial email
- Linux smeconfiguser password
- Linux root user password
- Appliance appladmin password
- File Fabric license key
- Access to request / update DNS names for appliance (recommended)
- Outbound mail relay information (recommended)
- Default storage system connectivity details
- Active Directory service account, for connecting to AD (optional)
Part I - Configure Networking
Out of the box, the SME appliance comes configured for DHCP. For most production environments you will assign a static IP address. You can easily do this with tools provided and installed on the appliance. If you have DHCP with dynamic DNS enabled, you should be able to simply connect to “appliance.yourcompany.tld”. If not, and you do not know the IP address of the appliance, connect over a console session from your hypervisor.
Once the SME appliance is booted and you are ready to start, you need to log in with “smeconfiguser” to the Linux shell and start the configuration server. Before we start the web-based configuration tool, let us update the hostname.
Change the privilege to root user by issuing “su -“. As the root user, edit /etc/hostname with nano or vi.
Update the file with your real hostname..
Then identify the IP addresses, type ifconfig and look for the IPv4 IP address.
Note: If you do not have DHCP enabled on your network, you can run the smenetconf script and quickly assign a static address from the commandline. This must be run as the smeconfiguser.
Leave root privilege and as the smeconfiguser start the configuration server by typing smeconfigserver. You should see a confirmation that the config server is running:
Now open your favorite browser and got to
Here you will be able to configure network details, including domain names, and you can apply a custom certificate for secure HTTPS traffic.
Click “Configuration” to get started.
Give the system a static IP address and enter the same hostname you entered in /etc/hostname.
Then don’t forget to also create an A record in your DNS system for all 3 hostnames on this screen.
Follow the instructions on the webpages for IP Address, Domain name and SSL certificate. (You can also create an SSL certificate through Let's Encrypt following the instructions below.) When you are satisfied, follow the prompts to reboot the machine.
You can rerun the smeconfigserver at any time to go back and modify, or correct any information in your setup. i.e. you can go back and place a new certificate here at any time.
Let's Encrypt SSL Certificates
This section creates and configures SSL certificates from Let's Encrypt. If you are using your own certificates (or a different service) you can use the smeconfigserver above to add certificates.
Elevate to the root user by typing the following command and entering the root password when prompted.
Note: The appliance will be inaccessible during the request which may be up to a minute.
Run the following command:
certbot --authenticator standalone --installer apache --pre-hook "systemctl stop httpd" --post-hook "systemctl start httpd"
This command will prompt for an email address. It’s important to give this information so that an admin can be notified in the future if there are issues automatically renewing the certificate.
Please also agree to the Terms of Service. It is not necessary to share the provided email with the Electronic Frontier Foundation.
Certbot will automatically detect what FQDNs are setup for the Enterprise File Fabric and prompt for which should be included in the certificate.
Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: files.example.com 2: files-s3.example.com 3: files-webdav.example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1,2,3
Lastly, Certbot will prompt to disable all HTTP access. Please select option 1 as the File Fabric already has HTTP to HTTPS redirection options configured.
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. ------------------------------------------------------------------------------- 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
After successful completion, the Enterprise File Fabric will automatically start using the new certificates. These certificates will last for 90 days, so the final step is to setup automated renewal.
Automatically renewing the certificate
A Let’s Encrypt certificate is valid for 90 days, and can be automatically renewed within 30 days of expiration. A simple cron job will run daily and handle renewals.
Please Note: The File Fabric will be inaccessible during the renewal. Please ensure that the renewal time is during off hours. Downtime will only occur every 60 days when a renewal is required and may last up to one minute.
While still logged in as root run the following command to add a cron job.
In the example below the renewal attempt will process at 2:30AM in the timezone of the Enterprise File Fabric. The Enterprise File Fabric ships by default with the timezone set to UTC time. Please adjust this timezone as necessary.
30 2 * * * /bin/certbot renew >> /var/log/letsencrypt/le-renew.log
This will create a crontab entry for a cron job that will handle the renewals and write its output to a log file.
Use https://www.ssllabs.com/ to test the installation.
Part II - Configure Appliance and create the first organization
Starting with 1906.06, a new configuration value will need to be added to the File Fabric's core configuration file. Please follow this guide for editing the configuration file. The following configuration flag must be present:
var $redishost = 'localhost:6379';
You must perform a few steps before you can get started with the system.
After the system is restarted, log into https://<yourhostname>/ with a browser. Use the “appladmin” username. The appliance is a multi-tenant system, so the first thing we need to do is to set up the appliance and the first tenant.
1. Enter the license, under Settings -> License Key:
A trial key can be requested from https://www.storagemadeeasy.com/appform/.
Once you save the license, you will see the features available to you.
2. Outbound Email (Recommended)
An SMTP server is used by the appliance to send registration and notification emails to users. It can be configured under Settings > Email & Filebox.
If you do not configure an email server remember not to use email notification when adding users.
Using Gmail for Outbound Email
Below is a sample what the configuration looks like, for an SMTP setup using a Gmail account. You will have to ask your email administrator for your specific details, or sign up for a free Gmail address:
The “Notification Email” address will receive emails from the system warning of license expiration etc. You should enter your email here.
Change Appliance Admin Email
With an SMTP server configured you can change the email of the Appliance Admin. Go to the main menu (Hamburger icon) to Password/Login.
You can also set up Two Factor Authentication (2FA) for the Appliance Admin from this screen.
Server Notification Email
Server errors and a daily report are sent to a notification email that must be configured by the Appliance Administrator. The default is not to email reports.
The “Notification Email” setting is on the “SMTP and Filebox Configuration” page that can be found via the menu “Email and Filebox”.
3. Look & Feel
Under Look & Feel is where you can upload your logos for the login page, and set a site title for the site.
4. Site Functionality
Here you can enable or disable certain functionality or features. The default settings are generally good for the initial deployment, but please go through the options to familiarize yourself with advanced options. Examples are: Enable in browser editor for inline editing of office docuemnts, enable SFTP access, etc.
5. Tenant template.
The File Fabric platform uses templates for organizations, in order for us to create our organization, we need to pick a template, before we do, let’s review.
Click “User Packages” and then click the pencil to modify “Organisation Cloud 20 Users” This is a good template to start from. Scroll down to the “Extra options” section and add “Content Search Enabled” and Dropfolders.
“Crtl-Click to add to the selection”
6. We are off to a good start, let’s go ahead and create our first organization. In the hamburger menu, click “Users”
7. Delete the sample accounts by clicking the red “X”.
8. Click “Add a User”
On the Add a User screen create your Organization admin user. (This will also be your organization.)
- User Login: Admin user login and Organization short name
- E-mail: Email address of organizational admin, must be unique to the system, do not use your own.
- Name (Company Name): Full organization name.
- Package: The template from step 5.
- We do not need to split the license between organizations, leave the last field empty.
Part III - Configure the organization
Log out from the Appliance Admin, appladmin user, and log back in as the user you just created.
You will first see the “Add Storage Provider” screen. You have to add storage before you can continue. Select your provider and follow the instructions on the next couple of screens. There are many providers to choose from, but a CIFS share, google drive or S3 bucket are easy examples to get started with. Do not use a storage location with existing production data for the initial trial.
Once you have added your storage, Select Options from Organization Menu:
There are of course a lot of different was to configure your organization based on your specific use case(s). In this example I will set them to what I think are good starting points.
Enable personal clouds by toggling “Private User Clouds”. Enabling this will allow for both a per user home folder (Admin managed) and for users to add a personal drop box, or google drive into the SME file manager.
File Sharing Policy
Here I like to turn on most of the options in order to get a feel for the SME sharing features. See screenshot below.
See screenshot below for how to toggle the options on this page:
You can provide a key here and enable encryption for all data at rest. Note, if you do, you will not be able to access your data from outside of SME.
I enable versioning, it is a nice feature to have in case of conflicts or accidental end user overwrites and deletions.
Leave the defaults here.
Leave the defaults here.
Toggle “Send email notification for file comments:” to “To all members and file commentators”
Options for you to create your organizations specific here
At this stage you either create local users or you tie SME into your corporate directory.
Configure Active Directory
Under Organization, select “Auth systems”
There are a many options to consider and there is the possibility to make the integration with a highly customized AD schema, but for the sake of evaluation the product, we don’t have to make it that complicated. Below I have listed the fields where you have to add site specific information. I will skip the lines you don’t have to configure, so when you follow this list below, make sure to match the names on the screen, as they are not sequential.
- Auth System: Toggle the dropdown to LDAP
- Auth System Name: Give it a friendly name
- LDAP Server host or IP: IP address or hostname of AD controller
- Base DN: Enter a base OU of your directory to limit searches to certain sub-OUs, or leave it as “DC=domain, DC=tld” for the entire directory
- Administrator User DN: The service account that can connect and validate AD info, should be an unprivileged service account. On the following format: “CN=LDAP Bind,OU=Service Accounts,DC=sme,DC=com”
- Administrator User Password: Password of above user.
- Update user roles/groups on login: Important to check, or user group membership will be managed from SME and not by AD groups
- Login Field: What AD attribute is the login name, I suggest using sAMAccountName
- User Name Field: I switch this to displayName, but not mandatory
- Role Name Field: I prefer to switch this to “name”
These are the 10 fields you have to fill in to enable AD authentication, now let’s move on to “Test settings” button, and then save your changes. Next step Authorization.
Roles, in order to simplify management of ACLs for your data, we recommend that you assign permissions on a group – or role – level. Open up the configuration page:
If you set up AD authentication in the above step, leave the two default roles, (“Administrator”, “Member”) and instead go to “Import roles from remote source”.
On the next page, you can select to put in a partial or full name in the “Role:” field, to act as a filter before clicking “Get roles”
I chose to filter on “gs_” and can select all for import.
This process can be done many times until all desired groups are imported.
If you are doing this without AD, simply click Add new role and add the different roles you need to provide adequate segregation for your users.
When the roles are populated, proceed to importing / creating the users:
This page is set up much the same way, select “Import users from a remote source”
The import screen works much like the Roles import screen with one important difference.
As you can see in the Role section to the right we will show you what AD groups the user is a member of, so you can ensure the relevant groups are imported.
Repeat the user import until you have imported your users.
Once again, if you had skipped the AD setup, you can manually create local users. Simply click one of the Add new user buttons. Without confirmation will still give you the option to send the user a welcome email.
Setting up shared storage and access.
Earlier we connected to our default storage, now let’s configure it.
Click File Manager
And navigate into your default storage provider, in my case it is a bucket called “smestoragesme”
Unless this is the name of the root share you want your end users to see, create a new folder inside the root. I created one called FinanceShare and one called EngineeringShare.
Right click the first folder and select Convert to Shared Team Folder
Then repeat for any other folder you have created and want to be a share root. By default, in SME, a shared folder is shared with no one (except the admins) so we have to modify permissions.
Go to the settings page for shared folders:
The default tab should be the Permissions tab:
Go ahead and select the permissions Icon (2)
In the popup windows (below) select the user or group from the dropdown (1), select the permissions (2), and click apply. (3)
When you are done with the permissions, for this share click close. (4)
Your initial setup is complete, now when a member of the Engineering group logs in, he or she will only see the EngineeringShare folder:
While the members of the finance group will see only FinanceShare.
For any questions or comments on this document, please contact email@example.com