1.877.833.1202

Making your documents available from home

Wednesday, May 6, 2020

Step 1 – Buy FileHold Cloud or upgrade your on-premise system to FileHold Cloud.

Step 2 – Log in from home; you’re done!

Okay, that seemed a bit too easy, but what if you do not want to use FileHold Cloud for some reason and you will stick with your self-hosted solution?

The good news is that the FileHold DMS has been internet enabled from day one, fifteen years ago. Whether you prefer the browser or desktop client or you want to use it from your phone, we have always been internet ready.

There are more ways than internet accessibility to work from home, but that is often the simplest and most familiar solution. Other options include extending your office network over a virtual private network (VPN) or use a technology like Microsoft Remote Desktop Services. These work nicely, but they likely have more cost and overhead associate with setting up and managing these add-on technologies. In highly security managed office networks, they may be the only option if any option is allowed at all.

If you are comfortable with access over the internet and you are confident you have or can buy the security equipment and services needed to be safe, there are several steps you can take to get your documents on the internet.

  1. Get an external address for your network. Chances you already have at least one or two, but you may need to ask your internet service provider (ISP) or cloud provider for the details.
  2. Buy a domain name if you do not already have one. There are plenty of places (registrars) to get these from such as Google Domains or Cloudflare. Allow at least a few days to do this. The actual time will depend on the quality of your registrar and their process for verifying who you are. You will pay an annual fee for this service.
  3. Once you have your domain you will likely want to create a subdomain for your FileHold server such as edms.mycompany.com. Whoever you use to manage your DNS records will likely have instructions to do this. Likely this is the same company as your registrar. When you create your subdomain you will need to point it to the IP address you got in step 1.
  4. Get an SSL certificate for your subdomain. This is the electronic document that both allows you to encrypt the data you send between your house and the FileHold server and identifies that your FileHold server is who it says it is. You will likely pay an annual fee for this service to a certificate authority like GeoTrust. Quality does matter here, but there are good free options like letsencypt.org. You should look for options like wildcards, SANs, extended validations, site seals, ease-of-use, etc. to see if you need any of that for your business.
  5. Lock down your FileHold server. This is a good idea even when you will not be on the internet. Make sure the only user that can access your repository is the FileHold service user and that user should have minimal access anywhere else in your network. Set the OS firewall to block port 80 traffic as well as all its other recommendations. Remove / disable all old protocols and ciphers from your server. If you have not limited your server to use TLS 1.2 or better, do it now. If you have not disabled all the but the latest ciphers, do it now. If you are using anything older than Window Server 2016, upgrade now. Make sure your OS is updated regularly. Upgrade anything older than FileHold 16. Browsers tend to upgrade themselves, but dump Internet Explorer. Add the latest browser supported headers to your http traffic. Check out the security tests at SSL labs and similar sites. Think about hiding your IP behind a content delivery network (CDN).
  6. Setup your firewall. You really do not need to wait to start this step; you can do it at step 1. Virtually everyone that has an internet connect these days has a firewall. It will be the default for anyone setting up a home internet connect and the same is likely true for your business. If you are using a cloud service provider, they will have a firewall option for you when you request your external address. Your Windows Server OS will have a firewall. You likely have piece of firewall hardware back in your server room and you might even have a cloud firewall. More firewalls are not a bad thing, but whatever you have in place for a firewall will need an opening for the incoming internet traffic destined for your document management system. For FileHold this will typically mean a hole open for port 443 that directs traffic on that port to your FileHold server. Port 443 is the standard port to use for HTTPS traffic. HTTPS is the encrypted and secure version of HTTP. You definitely will not/should not use HTTP.
  7. On your FileHold server you will need to create a binding for HTTPS with the certificate you purchased in step 4.
  8. If you use external document links, make sure you update your FileHold base URL configuration with your external domain name.
  9. Check your application-level security configuration. If your users are synchronized with active directory, you manage those settings there. The FileHold management interface provides a screen for setting for password requirements. If you have a minimum length of 6 characters, that is very 1994. Time to up your game. Make sure to require special characters, numbers, capitals, etc. The minimum length should be long. You will need about 20 character passwords to match the security of current best practices for encryption. Think about getting a password management tool such as Lastpass to help your users with that (they will never remember hundreds of 8 character passwords let alone 16 or higher).
  10. Enable two factor authentication. FileHold has supported Duo two factor authentication for a couple of years now. Users will get a nice little prompt on their phone when they log in to FileHold to make sure it is really them. You can easily control how often they need to do this and when they do not need to do it.

That’s about it. If you managed to read all the way down to here you might be scratching your head why you did not choose to buy or upgrade to FileHold Cloud. It is true that FileHold Cloud does solve many of these items by default and the rest can be added if they are needed for the level of security and risk you require. For many, the do-it-yourself option will be the only or preferred option and it is perfectly doable with a little work if you follow this general guide.

If you want us to take this off your plate with FileHold Cloud, drop a line to [email protected].

If you are self-hosting and you would like our professional services team to help you with, or walk you through, some of the 10 steps, they are only as far away as [email protected].

Our knowledge base has some more reading on many of the topics introduced here at the following links.

https://www.filehold.com/help/technical/making-filehold-server-internet-accessible

https://www.filehold.com/help/technical/setting-the-base-URL

https://www.filehold.com/help/system/logon-password-security

https://www.filehold.com/help/system/mfa-configuration

https://www.filehold.com/blog/17/05/configuring-different-internal-and-external-server-names-filehold

Russ Beinder portrait Russ Beinder is the Chief Technology Officer at FileHold. He is an entrepreneur, a seasoned business analyst, computer technologist and a certified Project Management Professional (PMP). For over 30 years he has used computer technology to help organizations solve business problems.