Qiata Solution
Before you start
Qiata currently supports German, English, French and Simplified Chinese.
JYes, a static IP is required to ensure the consistency of external file downloads. If the Qiata File Transfer Appliance is not intended for sharing with external users, it can be used without static IP.
The instructions can be found on the USB stick that comes with your appliance and in the download area.
Each transfer is made via HTTP using SSL or HTTPS. External users can only access the service through a unique link sent to them. They do not access the service directly. Internal users can be assigned to specific IP areas to prevent access from the Internet. The files on the system are "hashed" to make direct identification impossible. Transfers can also be provided with an individual password for the access of individual users.
The appliance is a hardware that has been specially designed for the particular application. It is not necessary to administer the entire operating system like with a PC or a server. The administrator only has to manage the appliance specific functions. It is used without a monitor and is usually administered with a serial console or via the network using a browser. If the system should fail or need to be reset, there is no need to reboot the entire operating system or application. The administrator just has to follow the reset instructions and the appliance will be returned to its factory state.
The beginnings
SDR (Secure Disaster Recovery), SECUDOS 'unique USB stick recovery technology, reduces the number of appliance returns by half due to an apparent defect, enables software upgrades and downgrades, automatically generates a hardware test log file and detects SECUDOS hardware automatically.
An SDR allows the Qiata FTA to be reset to factory settings.
The configuration and the file transfer service is available by any browser from the user computer. This can be accomplished either locally or remotely as long as there is access to the network. To administer the system, it is not necessary to learn a mysterious programming language.
The basic functionality of the FTA requires the following ports:
- Qiata FTA WebUI: Port 443 TCP -> external
For the administration of the FTA the following is needed:
- DOMOS WebUI: Port 10000 TCP -> internal
Optional Ports:
- SSH: Port 22 TCP -> internal
- Smart Delivery: 9000 UDP -> internal/external
- MailClient Integration: 25 TCP -> internal
FTA
The FTA license is the .xml file which is responsible for the applicability of the software. In addition to this, the expiration dates and features of the software are controlled here - if this license expires, the message "This installation is not yet licensed" appears on the interface. The license must be imported in the ftadmin area (black interface) and can be reached via the user "ftadmin".
DOMOS
The DOMOS license is the .lic file. This license is used to receive updates from our repository. If this license has expired or is not intended for the device, it is not possible to receive updates. Thus, the software always remains on the same level. This license should be installed in the DOMOS interface and can be reached at the address https://FQDN:10000.
Install Qiata
Yes, this is possible. When logged in as administrator, you can configure the interface with your own logo and much more.
You can set up as many users as you need. The storage space on the appliance limits the space allocated to each user.
Administration
With full backup there are two ways to create them (Add Backup Job):
1)No backup directory selected
If the "Backup Directory" field is left empty when creating the job, a full backup will be created each time the job is executed. That means, if you have configured a backup every day, DOMOS will create a folder for each day (ex: 10.04.2015_backup, 11.04.2015_backup). Each of these backups can be used as a restore.
2) A backup directory is configured
If an extra backup directory has been defined (eg: A folder "Backup" has been created) there is always only one backup. Each newly created backup only adds the files that are really new. In our example, this would be a folder "Backup" in which only the latest version is saved every day. This backup can also be used for restoring, but always contains only the latest version.
Shut down the VM and adjust the size of the hard drive with the tool for your VM.
Then restart the VM and log in via SSH. Use "su-" to log in as root and execute the following program:
/opt/secudos/DomosConf/bin/DomosVMDiskResizer
The system reboots and then uses the extended hard disk space of the FTA.
There are basically two types of license serial numbers.
Hardware serial number
The Hardware Serial Number is a number created by our system that starts by default with LR and can be found on the bottom of your appliance. The hardware serial number is required for an RMA and should be kept ready for a support call.
Software serial number (Qiata license number)
The software serial number is provided with your Qiata license and can be viewed in your Qiata FTA-UI. To view your serial number please log into your Qiata FTA-UI as "ftadmin". In the following table you will find under the item ID your software / license number
A user can not remove files from the Qiata FTA. If a user transfers or files are removed they are not removed from the system but only from the respective user interface. Only the system's archiver (as Company Administrator under "System" -> "Archive" or "New Archive") can completely remove files from the system. The setup of the archiver is described in the Qiata documentation from point "1.3.8 System Archive".
Migration
FTA to V-FTA
Log into https://my.qiata.com:10000 with the user "admin" on your DOMOS interface. Go to the menu item "Backup / Restore" -> "Config Backup" and start a configuration backup. Save the offered configuration.dat on a suitable storage medium.
For a data backup, please consult the FTA manual under point 2.11 (Data Backup / Target). After a successful backup start the new system and insert the configuration.dat. Then the data backup.
Please contact our Sales TEAM to get a new license.
V-FTA to FTA
Log into https://my.qiata.com:10000 with the user "admin" on your DOMOS interface. Go to the menu item "Backup / Restore" -> "Config Backup" and start a configuration backup. Save the offered configuration.dat on your SDR stick.
For a data backup, please consult the FTA manual under point 2.11 (Data Backup / Target). Now install the new system via SDR Stick. Then you start the data backup.
Please contact our Sales TEAM to get a new license.
From the Qiata version 1.50 upwards, new templates for the Qiata File Transfer solution are available. In addition to the visual revisions, the update contains additional improvements in the workflow.
What's new?
- The color concept of the Qiata has changed from orange to blue and white.
- The look of all templates (Mail & Pages) has been modernized.
- The Pages (download page, upload page, login, etc.) now use current technologies such as Bootstrap and JQuery.
- The e-mail templates have been optimized and redesigned for all popular mail clients (desktop and mobile).
- From version 1.50 there are three central CSS files, which take care of the login area, the general styling and corresponding media queries (mobile adjustments). This allows color changes to be centrally controlled.
- All templates (Mail & Pages) are 100% responsive, which means they're usable on all devices without restriction.
How can I use the templates?
All Qiata systems installed before version 1.50 will not receive the new templates automatically. In order not to overwrite any changes in your current templates, a manual reset procedure of the templates is necessary. As a company administrator, navigate to the area "Company" -> "Templates". In the lower area you will find the button "Reset all templates". Upon execution, the new templates are loaded and automatically installed.
ATTENTION: : All changes from the current templates will be discarded. This action can not be undone.
Bugs / problems
Please deactivate the VMware Tools and perform an "Activate Settings". Afterwards you have to activate the VMware Tools and perform an "Activate Settings" again. Updates should now be able to be carried out without problems.
You have to tick the "increase security" option. Only then are the settings for the password enforced.
In the ftadmin area under "Restrictions" the "Upload size" has to be adjusted.
Please log in as "ftadmin". In the Organization tab under the paragraph "Restriction" there is the item "Maximum number of users" the default value is set to 100 here. Please increase the value here and you can create "User" again.
With DOMOS 5.4, NTP was removed from DOMOS, but ntpdate is still updated. Therefore, this dependency error occurs. To avoid the bug, you have to execute the following command as user 'root' on the DOMOS console:
rpm -e ntpAfterwards, the system update can be carried out as usual via the DOMOS WebUI.
The current patterns of the virus scanner "ClamAV" have the problem that they wrongly declare all PDF files as virus "Win.Exploit.CVE_2019_0903-6966169-0". This is a hoax and currently only exists in the latest patterns (daily.cld 25460) of the virus scanner. Other file types are not affected. To work around the problem temporarily, log in to the system as user root via SSH and run the following command:
echo "Win.Exploit.CVE_2019_0903-6966169-0" >> /var/clamav/sig_whitelist.ign2As a result, the virus is included in the whitelist of the scanner and "skipped". The PDF files can be sent as usual. To undo the adjustments, you can either reset the virus definitions via DOMOS CC (FQDN: 10000), or manually remove the file from the system
rm /var/clamav/sig_whitelist.ign2
Removing Java in version 3.x
In version 3.0 a new login concept (OpenID Connect) is released, which is no longer compatible with the current Java integration. Many added values that the Java integration used to bring, are now either done by the browser itself, or can be taken over by our Secure Desktop Client (SDC). In addition, the deactivation of the npapi interface within the browsers has deprived many users of the possibility to use the Java integration.
This is mainly about the upload and download of files and/or folders. Affected are for example: The new tab (upload of files and folders), the download page and the upload page. Furthermore, Java will no longer be available in TEAMTransfer (e.g. to download folders).
No. All transfers (whether created with or without Java) remain available as usual.
Basically nothing at first. The activation of the feature within Qiata is omitted for administrators. Java maintenance on the clients is no longer necessary (for Qiata).
The user no longer has the possibility to upload or download files/folders via the integrated Java functionality, or via the Java Manager.
Many current browsers have relaxed the "old" upload limit of 2GB. So it is often possible to upload large files directly via the standard upload. More detailed information about the upload limits of the browser, you can usually get from the manufacturer of the browser directly.
Sending folders, multiple files and much more is easy and secure with our Secure Desktop Client (SDC). The SDC is available for Windows and macOS and can be found free of charge for customers in the download area.
Additional settings are not necessary on the part of the administrator. As of version 3.0, all functions are removed from the WebUI and are no longer available to both the administrator and the user.
Important Information for Qiata 3.0
When updating to Qiata version 3.0, templates must be reset to guarantee technical operation. The following files and templates are affected:
Pages
- Upload Page (upload_plain.html)
- Reset Password Page (reset_password.html)
- Pincode-Seite (pincode.html)
- Newsletter Download Page (download_newsletter.html)
- Login Page (login.html)
- UI-Header(header.html)
- Forgot Password Page (forgot_password.html)
- UI-Footer (footer.html)
- Errorpage (error_page.html)
- Transfer Download Page (download_plain.html)
- Automatic Sign-Up Page (auto_signup.html)
CSS Files
- Main Styling (style.css)
- Login Styling (login.css)
Starting with the Qiata 3.0 release, we will gradually disable support for the current login method in the XML API. For upcoming applications that use the XML API, only the new standard (OAuth 2 with Open ID Connect 1) should be used. If you have any questions regarding the changes, please feel free to contact us directly at: This email address is being protected from spambots. You need JavaScript enabled to view it.
With version 3.0, accessibility from the internal system to the external FQDN is inevitably required. The Qiata must be able to access the OpenID service via its own FQDN (e.g. https://demo.secudos.com/.well-known/openid-configuration). If necessary, please adjust the host entries in DOMOS, or guarantee accessibility via the firewall.
Here is an example: Your system is running internally with the IP address: 192.168.1.1, the External IP is: 63.62.61.60, the FQDN is: files.domain.com. The system must now be able to resolve the FQDN files.domain.com from Internal. You can test this, for example, by starting a ping (Network -> Ping) to files.domain.com on the console or in DOMOS. If the FQDN is not resolvable, please create a new host entry in DOMOS.
- To do this, first log in to the DOMOS WebUI
- Navigate to the "Network" -> "Hosts" item
- Click on "Add a new host address"
- Then enter the IP address and the FQDN In our example, we enter here: 192.168.1.1 as the IP address and files.domain.com as the FQDN.
- Then click on "Activate Settings" to apply the configuration