Applies to: Server!
Version(s): 4.0 - 5.x
Warning:    this articles refers to an older version of our software 

As of version 4.0, Server! has introduced storage access via VFS (Virtual File System). This new storage virtualization layer allows an administrator to choose among different ways to access the underlying file system; one of them, that encrypts/decrypts data-at-rest on the fly, is the DiskAES256 VFS.

When a VFS is of DiskAES256 type, all files uploaded to that VFS will be encrypted and then saved to disk. Similarly, when an SFTP client downloads them, the files will be read from disk and decrypted on-the-fly before they are sent to the client over the network (don’t worry SSH/SFTP network encryption still applies).

So, because of the way it works, as described here above, when you create a new VFS of type DiskAES256 you have to make sure it points to an empty path/directory (that has no files in it). Otherwise, it would try to decrypt existing files that are not encrypted in the first place and fail.

Here’s a brief example of how to use a DiskAES256 VFS. First of all let’s create the new VFS and make sure it points to an  empty directory on our file server (but, of course, it could also be a directory on a local drive):

The \\ex4nas\vault directory used in this example is assumed empty.

Now let’s create a user profile, and set its home VFS to the encrypted one we just created. Since such VFS points to a directory on our NAS, we will also have to make sure that impersonation is properly configured (impersonation wouldn’t be necessary if the VFS pointed to a directory on a local disk):