The concept of a Federated Cloud within PowerFolder aims to combine installed PowerFolder Services on several locations to seamlessly share and sync files between end-users of those services.
Users of different organizations, that already use a PowerFolder Service at their location, should get enabled to access other organization's data by sharing Folders instead of sharing File Links. Thus allowing them to share data with end-users to that organization. Files should be accessible via the web interface, the PowerFolder Client connecting to different services at all participating organizations and the PowerFolder Mobile App. Every organization should stay in control of their user administration. Users are authenticated by their home institution. A Trust Relationship has to be established between participating organization's services. This enables system administrators to decide which systems to connect to.
User A (Hosted on Cloud X) wants to share files with User B (Hosted on Cloud Y).
User wants to access files from two or more PowerFolder Cloud Services by web portal
User wants to sync files from two or more PowerFolder Cloud Services by client.
User wants to sync and access files from two or more PowerFolder Cloud Services by mobile app.
Installation of PowerFolder Version 11 or higher at all participating services:
Server with version 11.5 aren't compatible with versions below.
Server with version 11.6 aren't compatible with versions below.
This documentation is for server with PowerFolder version 14.6 and higher.
At least the following Cyphersuite should get used: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
Set the config Parameter "server.federation.login_enabled=true" in the PowerFolder.config file of your server. Restart your server afterwards.
Ensure that your server has a valid TLS certificate and can get accessed via HTTPS. HTTP only is prohibited for security reasons.
Ensure that your web ports and your data ports can get reached by the federated servers and their clients.
Login as admin and navigate to "Federation".
Add a federated service simply by entering the service URL on top and click "Add":
Your server will request mutual trust with the federated service. Their admin just has to accept your invitation.
Make sure that all services that are working with you accept your invitation.
Please contact us for enabling mutual trust for your service.
Ready! Now that all services joined the same federation and enjoy mutual trust, sharing files and folders between user's across all services is possible.
Login for users
A user can log in on any federated service. When he enters his Username/E-Mail he will get redirected to the correct service where he can enter his password. For this purpose the login page got modified to only accept the username and after finding the account the password field shows up.
In this example there is one local user account (firstname.lastname@example.org) on the "black" service:
and two accounts (marge@ and email@example.com) on the "green" service:
Both services have joined the same federation and established mutual trust relationship.
Login as user and navigate to the folder to be shared (firstname.lastname@example.org at black service):
Press "Add". The invitation will be send to the federated service and the user shows up:
Accessing shared folder
On the target service (green service) login as recipient user of the invitation (email@example.com)
The shared folder will show up in the list indicating, that it's shared within the federation:
Click on the folder to access its contents:
Et voilá! The two users just shared a folder across two services within the federation. The recipient may now list, download, rename, delete, restore, create and upload contents.
Known Issues and Restrictions:
Currently the federation has some known issues:
Federated proxy accounts can get merged by other accounts, when they add the external mail address to their own account. All future invitations will be handled locally.
At the moment for every mail address a proxy account gets created. Even if it is the same user.
Permission management is not possible. When inviting a user initially the permission can get set but not changed. Only R/W and Read Only are possible!
Deleting permissions on the hosting service doesn't delete the folder on the federated service, but files aren't accessible any longer.
When the user on the federated system leaves a folder he is not deleted in the member list on the folder in the hosting system.
When a federated service has dynamic folder mounting activated the client might not be possible to connect to the folder of this federated service until a user logs in who has direct access to the folder.
The function to show files in web is not working automatically on a federated folder.
Adding the services on both sides results in no invitation to accept the mutual trust. Please only add a service on one side and accept it on the other.
Your feedback is urgently needed to extend and harden out the federated cloud sharing feature. If you encounter problems or have recommendations please provide the following information if possible:
Set file logging level to FINE
Enable logging of web requests
Support Packages of servers
Step by step description on how to reproduce the problem