Filr Administrator can now enable or disable data encryption between the Filr server and the database.
The Database Connection page on the Appliance Console now includes a new option Encrypt Database Communication that enables you to encrypt the data from the Filr server. This option is disabled by default. Before selecting this option, you must ensure that the settings for your database are enabled to allow encryption of the data from the database server to the Filr server.
To enable the data encryption between the Filr server and the database server, you must first configure your database settings to support data encryption followed by configuring the settings on the Filr server.
If you are using the MySQL appliance, perform the following steps to secure the database communication:
On the MySQL database server, create a folder named /vastorage/conf/ssl-certs-dir/.
Download the ssl_mysql.sh script from the Filr 3.0 download site to the folder you created in the previous step.
Registration with Micro Focus is required. If you have already registered and received an email with a download link, the file is on the linked page.
Run the following command to install the files required for data encryption:
# sh ssl_mysql.sh INSTALL
Run the following command to enable the SSL setting:
# sh ssl_mysql.sh ENABLE <db-root-password>
Run the following command to check if SSL is enabled in the MySQL database server. The value of have_ssl flag should have changed from DISABLED to YES.
# mysql -uroot -p<db-root-password> -e "SHOW GLOBAL VARIABLES LIKE 'have_%ssl';"
NOTE:To disable the secure database communication, run the following command:
# sh ssl_mysql.sh DISABLE <db-root-password>
If you using your existing database server instead of the MySQL appliance, refer to the following database-specific documentation to enable the data encryption from the database server to the Filr server:
MS SQL Server: See Enable Encrypted Connections to the Database Engine (SQL Server Configuration Manager) on the Microsoft Website.
MySQL Server: See Server-Side Configuration for Secure Connections in the MySQL Documentation.
MariaDB Server: See the following MariaDB Documentation pages:
Before you configure your Filr server to enable data encryption from the Filr server to the database, you must ensure that you have already configured your database to enable data encryption from the database server to the Filr server. See Configuring the Database Settings.
To configure the Filr server to encrypt data:
Log in to the Filr appliance at https://server_url:9443.
Click Configuration > Database.
Specify the configuration options:
Existing Options: For information about the options that existed before this beta release, click the help icon.
New Option: This beta release introduces the Encrypt Database Communication option. Select this option to encrypt data communication from the Filr server to the database server.
A message that you must have the encryption from the database server already enabled pops up. Ensure that the encryption from the database server is enabled and then click OK.
Click OK, then click Reconfigure Filr Server for your changes to take effect.
This stops and restarts your Filr server. Because this results in server downtime, you should restart the server at off-peak hours.
NOTE:To disable the data encryption between the Filr server and the database server, you must first disable the secure database communication and then deselect the Encrypt Database Communication option. For information about configuring the database settings, see Configuring the Database Settings.