Installing Onehub Enterprise

Onehub Enterprise is a secure file sharing application that you can deploy in your company’s infrastructure. Based upon the same technologies used by the onehub.com service, it can be used when company policies, ITAR or HIPAA regulations preclude using a public cloud solution.

Onehub Enterprise is provided to customers in the form of one or more Virtual Appliance images, and is licensed on a yearly basis.

VERSION 1.1 - JANUARY 10, 2013

© Copyright 2012 Onehub ! Page 1 of 18

Requirements 3Supported Virtual Machine Environments! 3Supported Network Environments! 3Disk Storage! 3

Installation 41. Download the virtual appliance! 42. Start the Virtual Appliance! 43. Configure the Virtual Appliance using the Web Interface! 54. Provision the Code File! 75. Verify and Launch Onehub Enterprise! 86. Applying the license! 97. Log in to Onehub Enterprise as Administrator! 9

Administration 10Accessing the Admin Page! 10Creating Accounts! 11

Troubleshooting 11Verify Service Operation! 11Frequently Asked Questions! 11

Configuring LDAP User Authentication 12Adding an LDAP Configuration! 12

Upgrading 15Upgrading the Virtual Appliance! 15Expanding the size of the Data Volume! 16

Additional Information 18Ports used by Onehub Enterprise! 18

Onehub Enterprise

© Copyright 2012 Onehub ! Page 2 of 18

Requirements• A virtual machine environment• A computer with at least 4GB of memory• Appropriate free disk storage (a minimum of 80Gb is recommended)• A local area network• A DNS or DHCP server somewhere on the LAN• An email gateway or server on the LAN

Supported Virtual Machine Environments

The virtual appliance image is supplied in the .ova format. These instructions assume that one of these environments has been installed.

• VMware Workstation, ESX, etc. (vmware.com) • VMware Fusion (vmware.com)• Oracle VirtualBox (virtualbox.org)

Supported Network Environments

Onehub Enterprise works in static or dynamic (DHCP) IP addressing environments. TCP Ports 443 and 80, at minimum, are required to use Onehub Enterprise. Port 80 (http) is only answered to redirect clients to use port 443 (https).

Disk Storage

Onehub Enterprise takes advantage of storage flexibility inherent in a virtualized environment. Files are stored on the file system of the virtual appliance. The virtual appliance can be managed via the host virtual environment to accommodate whatever backup and scaling is necessary.

Onehub Enterprise

© Copyright 2012 Onehub ! Page 3 of 18

Installation

1. Download the virtual appliance

Please contact Onehub for a link to the latest virtual appliance file(s). This file name will have a file extension of .deb

2. Start the Virtual Appliance

Using the .ova file, start the virtual appliance in your virtual environment. Note that you may receive warnings about devices that are unavailable in your particular machine environment; you can ignore these messages.

After a startup sequence, the following screen should be displayed:

Note the setup URL, and default username and password.

Onehub Enterprise

© Copyright 2012 Onehub ! Page 4 of 18

Upon initial startup, the virtual appliance attempts to obtain an address using DHCP. That address is displayed in the startup screen. If DHCP is unavailable, Networking can be configured manually.

The character-console network configuration is for initial configuration, only, so that configuration can continue using the web interface. Please see below for configuration of host name, domain name, name servers, etc. All setup beyond basic networking should be done using the web console.

To continue with configuration using the web interface, visit the Setup URL (as displayed on the screen) with a web browser – in this example, the setup URL is http://192.168.1.131/setup.

The default setup password can be used to gain access to this page. This is displayed after the Virtual Appliance has finished starting up, as noted above.

3. Configure the Virtual Appliance using the Web Interface

The web interface provides tabs for Dashboard, Settings, and Code. Configure settings by clicking on the Settings tab.

The Settings page is used to configure the basic operation of Onehub Enterprise. After changes are made on this page, they should be saved by pressing the SAVE button at the bottom of the page. After the settings are saved, there will be a brief delay as they are applied.

While all settings on this page are important, the administrator account security credentials, hostname, domain name, and name server IP addresses are the most important settings to change on this page.

ADMINISTRATOR ACCOUNT

The Administrator Account is used to provision application accounts & users, configure services, etc. In an AD/LDAP environment, it is the one account that can log in without using AD/LDAP authentication. It’s important that this account is kept secure, with a strong password.

Onehub Enterprise

© Copyright 2012 Onehub ! Page 5 of 18

SSH

Authorized Keys - To enable terminal login via SSH on port 22, supply one or more ‘public’ SSH keys. For more information on this topic, please refer to https://help.ubuntu.com/community/SSH/OpenSSH/Keys.

NETWORK

Hostname – The hostname is used to name the server on the network. The Onehub Enterprise URL will be https://<hostname>.<domain name>, so care should be taken in choosing the hostname. This hostname should match the SSL certificate (see below).

Domain name – The domain name field will be used to configure the Onehub Enterprise Virtual Appliance web server on the network, and used for name server resolution.

Primary and Secondary Name Servers – The IP addresses of name servers available to resolve hostnames on your local network should be supplied.

TIME

Primary and Secondary NTP Servers – The hostnames of network time protocol servers should be filled in (the defaults may be appropriate for you if they are accessible from your LAN). Certain security calculations rely on the time of the Onehub Virtual Appliance to be substantially similar to the time of any client connecting to it.

SSL

Public and Private KeyClients connecting to the Onehub Virtual Appliance use SSL over port 443; you should supply an SSL public and private key corresponding to the Onehub virtual appliance’s host name, otherwise client browsers will show an ‘untrusted certificate’ warning.

The SSL certificate may be obtained from a commercial vendor (such as Verisign, Go Daddy, Thawte, etc.), or with appropriate configuration of client trust settings, be used with a self-signed certificate.

Onehub Enterprise

© Copyright 2012 Onehub ! Page 6 of 18

When installing the private key, make sure that there is no password on it. If there is a password on the private key, it will prevent the web server from starting. The setup page will display an error message if a key with a password is attempted to be used:

“Ssl private key must be a valid RSA or DSA private key in PEM format,

with no passcode”

If your private key has a passcode, it’s possible to remove it by following the directions at http://www.akadia.com/services/ssh_test_certificate.html

MAIL

Root Address - any system-generated email by the Onehub Virtual Appliance which would normally be sent to the ‘root’ account will be sent to this address.

Relay Host - If you have a designated mail server on LAN which will accept email, provide the host name here. If your email server requires authentication, click the SASL Authentication button, and supply SASL credentials.

After the hostname and domain settings are changed and updated, verify that they are correct by successfully connecting to http://<hostname>.<domain name>/setup (instead of the numeric IP address).

4. Provision the Code File

After your settings have finalized, you can upload a code file to the Virtual Appliance by clicking on the “Code” tab, then clicking on the Onehub Software Package panel, choosing a file, and clicking “Update”. Status of the upload will be displayed as code is installed to the virtual appliance. The code file can be obtained by contacting Onehub.

Onehub Enterprise

© Copyright 2012 Onehub ! Page 7 of 18

5. Verify and Launch Onehub Enterprise

After the package has successfully been uploaded and installed you will automatically be brought to the ‘Dashboard’ tab. Wait approximately 30-60 seconds to give services a chance to start and then verify that all services are marked as started (and ‘green’). If there are any services that are not started (red), click on their ‘START’ button.

After verifying that all services have started, click the “Launch” button in the upper right hand corner. You will be taken to the Onehub Enterprise login screen:

Onehub Enterprise

© Copyright 2012 Onehub ! Page 8 of 18

6. Applying the license

A license is not required during the beta period. After the beta period has expired, a license file can be uploaded from the code page by clicking the “Onehub License File” panel, choosing a supplied license file, and clicking “Update”.

7. Log in to Onehub Enterprise as Administrator

At the Onehub Enterprise login screen, log in as an Administrator with the following default credentials:

Email: admin@onehub.local

Password: enterpriseImmediately change the Onehub Administrator password by clicking on the Onehub Admin drop down menu, and choosing Password.

Onehub Enterprise

© Copyright 2012 Onehub ! Page 9 of 18

Fill out the form on this page to update the password.

Administration

Accessing the Admin Page

To log in as the administrator, use the following credentials:

Email: admin@onehub.localPassword: (same as password setup during installation step 7)

After logging in as a Onehub Administrator you will see a tab titled “Admin” available to you. Click on this to access the admin page where you can add accounts and administrate other functions of the Onehub service.

Onehub Enterprise

© Copyright 2012 Onehub ! Page 10 of 18

Creating Accounts

Within Onehub Enterprise, accounts can be created for separate teams or departments. This allows them to have their own workspaces and users. Workspaces can still be shared with users of other accounts.

To create a new account, select the “Accounts” section on the admin page. From here you can click the “Create Account” button to setup a new account in the system. Fill out the required information including the user who will be designated as the owner of the account and click “Create”.

Troubleshooting

Verify Service Operation

The Dashboard page provides a convenient way to determine the status of various subsystems which comprise Onehub Enterprise. Under normal operation, all services should be “Green”; in the event of anomalous system operation, in cooperation with Onehub Support, each subsystem can be stopped and restarted.

Frequently Asked Questions

Q: I FORGOT MY PASSWORD.

Click on the forgot my password link on the sign in page. To ensure that you receive the forgot password email, verify that your email server settings are correct from the Settings page.

Onehub Enterprise

© Copyright 2012 Onehub ! Page 11 of 18

Configuring LDAP User AuthenticationOnehub Enterprise can be configured to authenticate users through an LDAP server. To configure this feature, sign in as a Onehub Admin user, go to the Admin tab, then choose the LDAP menu item.

Adding an LDAP Configuration

Click on ‘Add an LDAP Configuration’

An “LDAP Configuration” specifies an email domain name for which authentication has been delegated. For example, supplying “acme.com” as the email domain would cause all users that have email addresses ending in “acme.com” to be validated using LDAP.

Onehub Enterprise

© Copyright 2012 Onehub ! Page 12 of 18

For the ‘kind’, specify ldap-ad for Active Directory LDAP.

For the ‘Email Domain’ field, enter the value that will match the email addresses for your organization, and for ‘Domain’ use the Windows-style domain name.

For the query base, use the default, or edit as necessary for your configuration.

The LDAP host can be specified, or by clicking “Find LDAP server via DNS”, the LDAP Host value will be used as the DNS server to initiate a search for the LDAP server. Port should be set to 636 for LDAPS, and auth_method simple_tls. These values will encrypt communications between Onehub Enterprise and the LDAP server.

For ‘LDAP Attribute for Email Address’, leave this field blank to use the UserPrincipleName attribute result from the LDAP query, or provide the name of the field that has been defined in your LDAP schema for email addresses. This field should be left blank if email addresses are the same as the UserPrincipleName.

Onehub Enterprise

© Copyright 2012 Onehub ! Page 13 of 18

Some email systems (e.g. Microsoft Exchange) store user email aliases in the LDAP proxyAddresses attribute. If “Use proxyAddresses for email aliases” is checked, each time an LDAP user logs in, any pending invitations for that user’s email addresses (those found in the proxyAddresses attribute) will be presented to that user. For example, if Andrew.Will@onehub.com also has an email alias of awill@onehub.com, invitations addressed to either email address will be presented when Andrew logs in via LDAP.

Example: Acme corp uses the “CORP” domain, and their users have logins like “CORP\JaneUser” and “CORP\JoeUser”. The email addresses for users are kept in the ‘mail’ attribute (which was added by Acme Corp’s IT department).Email Domain would be set to “corp.acme.com”, Domain would be “CORP”, and the “LDAP Attribute for email address” would be “mail”. A typical user in the Acme Corp “CORP” domain would log in as CORP\JoeUser. Their email addresses might be something like “joe.user@acme.com.”

Users that have been configured to be authenticated via LDAP will be unable to change their passwords using Onehub Enterprise (the passwords are kept in the LDAP system); they will also be unable to change or add email addresses from their Onehub settings.

Onehub Enterprise

© Copyright 2012 Onehub ! Page 14 of 18

Upgrading

Upgrading the Virtual Appliance

To upgrade to a newer version of the Virtual Appliance, follow these steps:

1. Using the settings url (http://<hostname>/setup/settings), log in and note all appliance configuration values.

2. Shutdown your appliance (using the Virtual Machine console display)3. Power off the Virtual Machine (if it did not do so automatically)4. Back up your virtual machine folder 5. Locate and note the exact filename of the file in the virtual appliances folder ending in

“disk2.vmdk”. This is the “Data Volume.”For example:Volume in drive C is Acer

Volume Serial Number is 3A1D-2804

Directory of C:\Users\onehub\Documents\Virtual Machines

\enterprise_383d2d00_1344905374_upgrade_2

08/20/2012 04:07 PM 2,542,141,440 enterprise_383d2d00_1344905374_upgrade_2-

disk1.vmdk

08/20/2012 03:54 PM 17,235,968 enterprise_383d2d00_1344905374_upgrade_2-

disk2.vmdk

2 File(s) 2,559,377,408 bytes

0 Dir(s) 889,025,167,360 bytes free

The Data Volume filename in this case would be enterprise_383d2d00_1344905374_upgrade_2-disk2.vmdk. This is the virtual disk containing database and files.

6. Back up the file containing the “Data Volume.”7. Import the new virtual appliance image file BUT DO NOT POWER IT ON.8. Move or copy the “Data Volume” file to the folder containing the newly imported virtual

machine9. Using the management tools of virtual machine environment:

Onehub Enterprise

© Copyright 2012 Onehub ! Page 15 of 18

• Remove hard disk drive 2 from the old virtual machine• Add a new hard disk to the newly imported virtual machine, using the existing “Data

Volume” file that you’ve moved into this virtual machine directory (step 8), keeping the existing format.

• Ensure that the disk is available on the new virtual machine as IDE 0:110. Power on the new virtual machine11. Configure the new Enterprise virtual appliance (using the web-based configuration located

at http://<hostname>/setup) using the same settings as the old virtual machine with particular care to keep the Onehub Administrator passwords identical.

12. Install any new code release13. Launch the application

Expanding the size of the Data Volume

Onehub Enterprise ships with a default data volume size of 80 GB. As data requirements change, this size may need to be increased.

To determine the amount of storage being used, log in as the administrator, then click on the status display in the upper right hand corner of the screen to display the amount of disk, memory, and CPU being used. If the amount of disk storage used is over 85%, it’s probably a good idea to add additional disk storage capacity.

The amount of used/free storage is also shown in the Admin page, and will display a red bar when free disk space is low.

Onehub Enterprise

© Copyright 2012 Onehub ! Page 16 of 18

While the mechanism for expanding disk volumes is dependent upon the Virtual Environment in which Onehub Enterprise is used, the concept is similar for all: Expand the Virtual Disk file containing the Data Volume, then inform the guest operating system that the volume has expanded.

For VMware, the relevant knowledge base articles include:http://kb.vmware.com/kb/1004047 (Increasing the size of a virtual disk)and http://kb.vmware.com/kb/1004071 (Increasing the size of a disk partition)

Onehub Enterprise uses Ubuntu with LVM -- the Onehub Enterprise data volume is part of the Logical Volume named “data”. The article at http://kb.vmware.com/kb/1006371 details how a newly created and added disk can be added to a logical volume group. The mechanism is similar to add a new partition on an newly-resized virtual disk.

Onehub Enterprise

© Copyright 2012 Onehub ! Page 17 of 18

Additional Information

Ports used by Onehub Enterprise

Port Direction Purpose

80 incoming Initial HTTP connection to the server; redirects immediately to port 443

443 incoming Web traffic

21 incoming FTP control connection

53451-56450 incoming FTP data ports

22 incoming SSH

25 outgoing SMTP

636 outgoing Secure LDAP (if LDAP configured)

53 outgoing DNS Queries (TCP and UDP)

Onehub Enterprise

© Copyright 2012 Onehub ! Page 18 of 18