Solved: It is not encrypted on the

Raymond Capriolo · ‎04-20-2015

Regard CWMS,

Version 2.5 MR3 introduces Secure NFS storage. As documented within the release notes for verson 2.5:

This release introduces the new feature Secure Storage. This provides encrypted communication, authorized only storage server access, and no longer requires 777 permissions on storage; all permissions are now mapped to a defined user in storage.

We are currently running CWMS version 2.0.

What excatly is secure and encrypted? Is there a document you can point me to which discusses this subject in further detail?

Thank you!

Ray Capriolo

dpetrovi · ‎04-21-2015

It is not encrypted on the server. Only transmission is encrypted when files are being streamed.

-Dejan

View solution in original post

dpetrovi · ‎04-21-2015

Hi Ray,

Sadly, the documentation is rather bad when it comes to explaining this new feature. I will file a documentation defect for that.

In general, with 2.5 MR3 you can actually specify a specific user account that will be in charge of accessing NFS storage and writing/deleting files/folders. With this in mind, you won't need to allow full permissions to everyone and allow anonymous access to NFS storage, but you can just grant full permissions to a specific user you created on NFS storage, and configured it in CWMS Administration > System > Storage section. In 2.5 MR3 and later, you will have something like this:

Since, Secure Storage is using port 22 communication, the communication/authentication between CWMS Admin/Media VMs and NFS storage is encrypted so the password for the user authenticating is not in clear text.

I hope this helps until the documentation is improved.

-Dejan

Raymond Capriolo · ‎04-21-2015

Thaks Dejan!

Is the data (recordings) encrypted when transferring from CWMS to the host PC - when the host plays back a recording? What about when the host shares or downloads the recording?

And is this different then with our current environment - CWMS ver 2.0.1.507.B-AE?

(Currently using anonymous for NFS storage)

Thank you,

Ray

dpetrovi · ‎04-21-2015

Hi Ray,

Access to recordings from clients' machines is encrypted. If you stream a recording it is done over encrypted connection (it's been like that since day one). If you are downloading a recording, the file is being downloaded securely. However, once the file is downloaded on a PC, it is being played locally with no connection to the server, so no need for any communication encryption.

Nothing changes to accessing and playing recordings between 2.0 and 2.5 versions. All that is already secured.

This new change just improves connection between Admin/Media VMs and the NFS server, and makes content on the NFS server a little bit more secure.

I hope this clarifies it.

-Dejan

Raymond Capriolo · ‎04-21-2015

Dejan,

Thank you again for the information and quick response. Greatly appreciated!

Last question: Once we implement seucre NFS storage can we can existing recordings and backups, be transferred to the new NFS secure storage server?

Thank you!

Ray

dpetrovi · ‎04-21-2015

Yes, Ray, you can transfer all the files from old to new NFS storage.

Do make sure that the newly assigned user has full permissions on all the files and that you don't change the directory structure of the files, so when the storage path is mounted, the system sees the files in the same "local" locations.

-Dejan

P.S. If any of the responses were helpful, feel free to rate them. Thank you.

Raymond Capriolo · ‎04-21-2015

Dejan,

last question!

Is the recording/data that is stored on the NFS server encrypted, or only encrpted while being transmitted?

Thank you!

Ray

dpetrovi · ‎04-21-2015

It is not encrypted on the server. Only transmission is encrypted when files are being streamed.

-Dejan

Raymond Capriolo · ‎04-21-2015

Thanks Dejan!

I think I have all the information i was looking for.

Again, greatly appreciated!!!

Ray

CWMS ver 2.5 MR3