Using the DiskAES256 encrypted VFS

Syncplify.me Server! version: 4.0.0+

As of version 4.0, Syncplify.me Server! has introduced storage access via VFS (Virtual File System). This new storage virtualization layer allows an administrator to choose among different ways to access the underlying file system; one of them, that encrypts/decrypts data at-rest on the fly, is the DiskAES256 VFS.

When a VFS is of DiskAES256 type, all files uploaded to that VFS will be encrypted and then saved to disk. Similarly, when an SFTP client downloads them, the files will be read from disk and decrypted on-the-fly before they are sent to the client over the network (don’t worry SSH/SFTP network encryption still applies).

So, because of the way it works, as described here above, when you create a new VFS of type DiskAES256 you have to make sure it points to an empty path/directory (that has no files in it). Otherwise it would try to decrypt existing files that are not encrypted in the first place, and fail. Continue reading

Syncplify.me Server! v4: the Virtual File System (VFS)

Syncplify.me Server! version: 4.0.0+

One of the biggest additions to the upcoming version 4.0 of Syncplify.me Server! is the VFS (Virtual File System) support. But what is it exactly? And what advantages does it bring to our users?

Let’s start by setting the bar with v3. Our version 3.x, in fact – as nearly every competitor – allows you to place users’ “homes” (root directories) on a disk. It can be a local or a network disk, but it’s basically disk-based. The following picture explains the concept in a visual way: Continue reading

Syncplify.me Server! v4: Encrypted File System

Syncplify.me Server! version: 4.0.0+

One of the most anticipated features that Syncplify.me Server! v4 will deliver is the ability to mount virtual directories – even nested ones – as encrypted virtual file systems.

fzfolders

The Encrypted VFS transparently encrypts and decrypts data on-the-fly during uploads and/or downloads, making sure that the files at-rest on the server side are always encrypted. This way you can run your server externally, and still always be sure that who operates the server for you doesn’t have access to your files/backups. This is also a requirement in some cases when your company has to comply to the PCI/DSS or HIPAA regulations. Continue reading