Using the DiskAES256 encrypted VFS Server! version: 4.0.0+

As of version 4.0, Server! has introduced storage access via VFS (Virtual File System). This new storage virtualization layer allows an administrator to choose among different ways to access the underlying file system; one of them, that encrypts/decrypts data at-rest on the fly, is the DiskAES256 VFS.

When a VFS is of DiskAES256 type, all files uploaded to that VFS will be encrypted and then saved to disk. Similarly, when an SFTP client downloads them, the files will be read from disk and decrypted on-the-fly before they are sent to the client over the network (don’t worry SSH/SFTP network encryption still applies).

So, because of the way it works, as described here above, when you create a new VFS of type DiskAES256 you have to make sure it points to an empty path/directory (that has no files in it). Otherwise it would try to decrypt existing files that are not encrypted in the first place, and fail.

Here’s a brief example of how to use a DiskAES256 VFS. First of all let’s create the new VFS and make sure it points to an empty directory on our file server (but, of course, it could also be a directory on a local drive):


The \\ex4nas\vault directory used in this example is assumed empty.

Now let’s create a user profile, and set its home VFS to the encrypted one we just created. Since such VFS points to a directory on our NAS, we will also have to make sure that impersonation is properly configured (impersonation wouldn’t be necessary if the VFS pointed to a directory on a local disk):


That’s it.

But Server! allows you to do even more! For example you can set the user’s home VFS to a plain-unencrypted VFS, and use the encrypted VFS as a virtual folder, so that only files in such virtual folder will be encrypted. A brief example in the following 2 screenshots. Here’s the main user profile configuration:


And here’s the virtual folder:


Thank you for your attention.

Print Friendly
Bookmark the permalink.

Comments are closed