Advanced Topics - System Internals - Remote Filesystem

MOVEit DMZ is capable of storing its encrypted files on a remote Windows fileshare. This is required for Resiliency and Webfarms configurations, but can also be used for standalone MOVEit DMZ servers. Storing the encrypted files on a remote location improves security by making it harder to access those files from a compromised webserver. This configuration can help MOVEit DMZ meet company requirements that no data reside in a DMZ network segment.

Using a Remote Fileshare

MOVEit DMZ Resiliency accesses remote fileshares differently from a standalone or webfarm-enabled MOVEit DMZ server, so for help configuring MOVEit DMZ Resiliency, see the Resiliency Pre-Installation Guide.

For standalone and webfarm-enabled MOVEit DMZ servers, follow these steps to configure a file server to provide remote filesystem support to MOVEit DMZ:

  1. Create a "moveitdmz" user on the file server. This user will be used by MOVEit DMZ to access the file share. The account only needs to be present on the file server.
  2. Create a "MOVEitDMZ" folder on the file server. This folder is where MOVEit DMZ's encrypted files will be stored.
  3. Give the "moveitdmz" user full permissions to the "MOVEitDMZ" folder. Add the "moveitdmz" user to the list of access control entries through the Security tab on the folder's Properties dialog. Give the user full permissions to the folder.
  4. Share the folder and give full permissions to remote users. Enable sharing on this folder through the Sharing tab on the folder's Properties dialog. Add the "moveitdmz" user to the share's permissions and give the user full control over the share (you may optionally remove all other users and/or groups from the share permissions list).

The shared folder may now be used as the MOVEit DMZ file store location. If you are configuring a standalone MOVEit DMZ server to use the shared folder, first shut down the MOVEit DMZ services and manually copy the contents of the existing \MOVEitDMZ\Files folder on the server to the new shared folder. Next, apply the new remote folder settings using the MOVEit DMZ Config program. Use the Advanced button on the Paths tab to enter the UNC path of the shared folder, as well as the username and password of the "moveitdmz" user configured above. Finally, start the MOVEit DMZ services and run the MOVEit DMZ Checker utility to make sure file transfers are working properly. If there are any errors, see the Troubleshooting section.

Troubleshooting

When using a remote fileshare for its encrypted file store, MOVEit DMZ will mount the fileshare internally using the configured username and password. If MOVEit DMZ is unable to download or upload files after changing to a remote fileshare, the problem will usually be either an error mounting the share, or a permissions error with the share. Typically the error code and message that MOVEit DMZ encountered when it tried to access the share will be reported back to the client that is trying to upload or download a file. If this is not the case, see the DMZ_WEB.log file on the DMZ server for more details about the error.

This is a list of some errors that might be encountered when using a remote share, and how to resolve them: