Solarwinds: Serv-U File Server
Solarwinds: Serv-U File Server
Solarwinds: Serv-U File Server
Version: 15.1.5
The SOLARWINDS and SOLARWINDS & Design marks are the exclusive property of
SolarWinds Worldwide, LLC and its affiliates, are registered with the U.S. Patent and
Trademark Office, and may be registered or pending registration in other countries.
All other SolarWinds trademarks, service marks, and logos may be common law
marks, registered or pending registration in the United States or in other countries.
All other trademarks mentioned herein are used for identification purposes only and
may be or are trademarks or registered trademarks of their respective companies.
2
Table of Contents
Get started 8
System requirements 8
Hardware requirements 8
Client requirements 10
Server concepts 10
Upgrade Serv-U 16
Create domains 16
Notes 27
File Sharing 29
View All 30
3
Serv-U Web Client 32
Uploading files 33
Downloading files 34
Renaming files 34
Deleting files 34
I want to make sure nothing is kept on the server longer than X days 38
I want to make File Sharing the only interface my end users see 40
Serv-U Gateway 42
Firewall Guide 42
4
Introduction to the Serv-U File Server
Serv-U File Server is a multi-protocol file server capable of sending and receiving files
from other networked computers through various means. Administrators create
accounts for users that allow access to specific files and folders on the server's hard
drive or any other available network resource. These access permissions define
where and how the users can access the available resources. Serv-U's multi-protocol
support means that users can employ whatever access method is available to them
when connecting to your server. In addition, Serv-U supports both IPv4 and IPv6 for
next-generation networks. Serv-U File Server supports the following protocols:
In addition to Serv-U's support for a large collection of the most popular FTP clients,
you can use your favorite web browser or SSH client to connect and transfer files to
and from Serv-U. Server administrators looking to provide a full-featured FTP client to
users who may not have an FTP client license of their own can even license FTP
Voyager JV. FTP Voyager JV is a Java-enabled FTP client delivered to the user after
logging in to their Serv-U account.
5
Introduction to the Serv-U File Server
Using the Serv-U File Server, you can perform the following actions:
6
Introduction to the Serv-U File Server
l Create custom limits and rules at a granular level to control resource usage on
the server.
l Connect securely using SSL/TLS or SSH2.
l Use third party digital certificates to guarantee the identity of the server to
clients.
l Host multiple domains on the same IP address and port.
l Use multiple sources of authentication on the same domain (local user
database, NT/SAM, ODBC).
l Automatically build the tables necessary for ODBC authentication.
You can test Serv-U MFT Server in a non-production environment for a limited period
of time. After the evaluation period expires, a commercial license or maintenance
renewal provides you with free software updates and technical support through
email, phone, or both, depending on your edition, for the duration of the associated
maintenance plan.
7
Get started
System requirements
Hardware requirements
The hardware requirements are modest, but Serv-U can take advantage of multi-core
processors and multiple processor architectures.
The following table lists the requirements in the case of modest traffic: up to 500
configured users and 25 simultaneous transfers.
RAM 2 GB+
The following table lists the requirements in the case of high traffic: up to 10,000
configured users and 250 simultaneous transfers.
8
Get started
RAM 4 GB+
l MS SQL 2014
Database server l MS SQL 2012, 2012 SP1
(optional) l MySQL 5.7
l PostgreSQL: 9.5
9
Client requirements
Client requirements
The default web browser on many mobile devices can be used to transfer files, work
with files and folders, or run the web-based Management Console of Serv-U.
The following major browsers are supported with the basic web client, for file
management and for web administration purposes:
Java Runtime Environment (JRE) 7 and 8 are supported for Web Client Pro and FTP
Voyager JV.
Notes:
l To be able to use Web Client Pro and FTP Voyager JV, Java must be installed and
enabled in the browser.
l Web Client Pro does not work on Linux in Google Chrome version later than 35
due to an incompatibility between Chrome and the Java browser plug-in.
l Apple users must have at least Mac OS X 10.6 installed.
Server concepts
Serv-U File Server makes use of several concepts that help you understand how to
configure and administer your file server as a single, hierarchical unit. Serv-U File
Server contains four related levels of configuration: the server, the domain, the
group, and the user. Only the group level is optional. The other levels are mandatory
parts of the file server.
10
Get started
Server
The server is the basic unit of Serv-U File Server and the highest level of
configuration available. The server represents the file server as a whole and
governs the behavior of all domains, groups, and users. Serv-U File Server
contains a set of default options that can be overridden on a per-setting basis.
The server is at the top level of the hierarchy of configuring Serv-U. Domains,
groups, and users inherit their default settings from the server. Inherited
settings can be overridden at each of these lower levels. However, some
settings are exclusive to the server, such as the PASV port range.
Domain
A server can contain one or more domains. A domain is the interface through
which users connect to the file server and access a specific user account. The
settings of a domain are inherited from the server. A domain also defines the
collection of settings that all of its groups and user accounts inherit. If a server
setting is overridden at the domain level, all the groups and user accounts that
belong to the domain inherit the domain value as their default value.
Group
User
The user is at the bottom of the hierarchy. It can inherit its default settings
from multiple groups (if it is a member of more than one group) or from its
parent domain (if it is not a member of a group, or the group does not define a
default setting). A user account identifies a physical connection to the file
server and defines the access rights and limitations of that connection. Settings
overridden at the user level cannot be overridden elsewhere and are always
applied to connections authenticated with that user account.
11
Quick start guide
User collection
Contrary to groups, a user collection does not offer any level of configuration to
the user accounts they contain. Instead, a user collection offers a way to
organize users into containers for easy viewing and administration. For
example, collections can be created to organize user accounts based on group
membership. User collections must be maintained manually when user
accounts change group membership.
12
Get started
If you are installing Serv-U for the first time, follow the instructions on the installation
screens to choose the installation directory and to configure desktop shortcuts for
quickly accessing the server.
1. Run the installation file from the download folder, and follow the prompts.
2. Select the language of the installation.
13
Install Serv-U File Server
14
Get started
7. Click Install.
15
Upgrade Serv-U
Upgrade Serv-U
Before upgrading, create a backup of the original installation folder, your database,
and your configuration data.
Windows 7
C:\ProgramData\RhinoSoft\Serv-U
Windows 8
The location is hidden by default.
Windows Server 2008
Windows XP
C:\Program Files\RhinoSoft\Serv-U
Windows Server 2003
Linux /usr/local/Serv-U
If you experience issues with the Serv-U Management Console after upgrading,
clear your browser cache.
Create domains
When the Serv-U Management Console finishes loading, you are prompted to create
a new domain if no domains exist.
Serv-U domains are collections of users and groups that share common settings,
such as transfer rate limitations, service listeners, and directory access rules. In most
cases, all of your users and settings will exist in the same domain, and there is no
need to create separate domains.
Having users sharing the same domain does not mean that all users have
access to the same files. Each user in Serv-U has unique permissions to the
directories you define, and does not have access to any files or folders unless
you explicitly grant them access.
Click Yes to start the domain creation wizard. You can run this wizard any time by
clicking + (New Domain) at the top of the Serv-U Management Console.
16
Get started
2. Type a unique name and an optional description for the new domain.
The domain name is not visible to any of its users, and it does not affect
the way the domain is accessed. The name makes the identification and
management of the domain easier for administrators. The name must
be unique.
3. To make the domain temporarily unavailable to users while you are configuring
it, clear the Enable domain check box, and click Next.
17
Create domains
4. Select File Transfer Domain, File Sharing Domain, or both, and click Next.
l If you are setting up a File Transfer Domain only, perform the following
steps:
a. On the Protocols page, select the protocols and port numbers the
domain should use to provide access to its users, and click Next.
18
Get started
19
Create domains
20
Get started
l If you are setting up a File Sharing Domain only, perform the following
steps:
a. On the File Sharing page, specify the domain URL, the file sharing
repository, and whether to use a secure URL.
21
Create domains
22
Get started
l If you are setting up a File Transer and File Sharing Domain, perform the
following steps:
a. On the File Sharing page, specify the domain URL, the file sharing
repository, and whether you want to use a secure URL.
b. Click Configure SMTP to set up an SMTP server, which is necessary
for sending email notifications and for events that use email
actions.
c. Click Next.
d. On the Protocols page, select the protocols and port numbers the
domain should use to provide access to its users, and click Next.
You can run this wizard at any time by navigating to the Users menu under Global or
Domain, and then clicking Wizard on the Users page.
23
Create user accounts
First, provide a login ID for the account. The login ID must be unique for the domain.
Other domains on your server can have an account with the same login ID.
24
Get started
You can also specify a name and email address for the user account. The email
address is used by Serv-U to send email notifications and recovered passwords to the
user account. Click Next to continue.
After specifying a unique login ID, you must also specify a password for the account.
You can leave this field blank, but that allows anyone who knows the login ID to
access your domain. Click Next to continue.
25
Create user accounts
The third step is to specify a home directory for the account. The home directory is
the location on the hard drive of the server, or on an accessible network resource
that the user account is placed in after a successful login. It is the location you want
the user account to use when sending and receiving files on the server. Type the
location or click Browse to select a location on the hard drive. If users are locked in
their home directory, they cannot access files or folders above the directory structure
of their home directory. Additionally, the actual location of their home directory is
masked and displayed as "/". Click Next to proceed to the last step.
The last step is to grant access rights to the user account. Access rights are granted
on a per-directory basis. However, access rights can be inherited by all subdirectories
contained in an accessible directory. The default access is Read Only, which means
that the user can list files and folders in their home directory and can download
them. However, they cannot upload files, create new directories, delete files or
folders, or rename files or folders. If Full Access is selected, the user can do all of
these things. After the user is created, you can configure the access rights in more
detail by editing the user, and selecting the Directory Access page.
After selecting the directory access rights, click Finish to create the user account.
26
Get started
Serv-U File Server is now accessible and ready for sharing. You can create more
accounts just like this one to share with friends, family, or colleagues. Each user can
have a different home directory. This way you can share different files with different
people.
Notes
l End users who do not have home folders cannot log in to Serv-U. Full
permissions make it easy to test all functions from your FTP client or browser.
You may want to enforce stricter permissions after testing.
l When you connect from your browser to the HTTPS interface of Serv-U on port
443, you may be warned about an invalid certificate. This is normal when you
connect to a server using a temporary certificate. You can ignore the certificate
error and continue. Production deployments typically use a commercial web
certificate from a trusted certificate authority.
l Secure file sharing must be enabled on Serv-U before you can try it. Select the
option under Domain Limits & Sittings > File Sharing to enable it.
l When you connect from your browser to the HTTPS interface of Serv-U on port
443, or to the FTPS interface of Serv-U on ports 21 or 990 for the first time, you
may be asked to trust the SSH fingerprint of the remote server. This is expected
behavior when connecting to any SFTP or SSH server.
l You must configure an SMTP server to test email notifications.
27
Serv-U Management Console navigation
l You can set a default client or disable unused clients before allowing users to
access the system. There are four options when users first log in: Web Client,
Web Client Pro, File Sharing, and FTP Voyager JV.
Click the name of the server or a domain to expand the list of configuration options
available for the server or for the particular domain, and then select one of the
options.
Domain administrators only have access to configuring settings and options for their
particular domain, and do not have access to the server-level categories that are
displayed to system administrators.
To return to the global dashboard, click the Serv-U Management Console icon in the
top-left corner.
When opening a category from the Management Console, all related sub-category
pages are displayed in tabs on the same page. This allows for quick navigation
between related configuration options.
To use FTP Voyager JV, you must install the Java Runtime Environment.
28
Serv-U quick tour
File Sharing
Serv-U Server allows IT departments to provide secure file transfer and file sharing
services with an easy-to-use interface. File sharing allows users to send or receive
files from guests.
29
Serv-U quick tour
View All
The dashboard also allows you to see a summary of all the files sent or requested.
Click View All Requested or View All Sent to display an overview of files sent/received,
dates, recipients and when they expire.
30
Using File Sharing
To send files:
Note: You can upload up to 20 files in one file share. The file size you can upload
depends on the browser you use.
The user will receive a link, via email, that grants them access to upload files. For
added security, there are options to set the page link expiration and add file
constraints and restrictions.
31
Serv-U quick tour
The Web Client interface is presented as a standard web page containing a list of the
files and directories available from the current remote path, and links that perform
various file transfer related actions. All functionality of the Web Client is available
from this single page to keep interactions quick and easy to perform. The Web Client
can be accessed from mobile devices and is optimized for use in a variety of display
resolutions.
Once logged in, users will be able to view all the files and folders they can normally
see, and will be able to perform any action that they could through FTP, including
uploading, downloading, and to drag/drop files, play media, or render slideshows and
thumbnails of images.
32
Using the Web Client
Uploading files
If your user account has permission to upload new files, you can upload a single file
at a time to the server using this button. Click Upload to open a new window from
which you can browse your system for the file you want to upload. Once you have
selected the appropriate file, click Upload to begin the transfer.
When the upload has started, a progress dialog is displayed that is regularly updated
with live information, including the current transfer rate, how much data has been
sent, how much data remains to be sent, and the estimated time until completion of
the transfer. While a file is being uploaded, no other action can be taken including
changing the current directory or transferring another file. The upload can be
terminated at any time by clicking Cancel. Canceled file transfers cannot be resumed
and must be started over.
After the upload has completed, the progress dialog disappears and the directory
listing is refreshed to show the new file.
33
Serv-U quick tour
Downloading files
To begin a file download, select the file you want to download, and then click
Download. This option is also available by right-clicking on the file you want to
download. The browser prompts you for a location on your system to save the file.
Some browsers may also offer the option to open the file instead of saving it to a
permanent location. While a file is being downloaded, the Web Client is free to
perform other actions.
Renaming files
To rename a file, select the file you want to rename in the directory listing, and then
click this option available under More Actions. This option is also available by right-
clicking on the file you want to rename. The current name is displayed in a new
dialog. Change this name to the new name, and then click OK. If your user account
does not have the ability to rename files or there is a conflict with the new file name,
an error message is displayed.
Deleting files
A file can be deleted by selecting the file from the listing, and then clicking Delete.
This option is also available by right-clicking on the file you want to delete. If your
user account does not have the ability to delete files, an error message is displayed.
Files are permanently deleted on the server. This action cannot be undone.
34
How do I point Serv-U to my existing email server to send notifications?
l Account Name: The account name associated with authentication for the SMTP
server.
l Password: The password for the account.
35
Serv-U quick tour
Before proceeding with Active Directory configuration in Serv-U, ensure the following
requirements have been fulfilled:
36
How do I apply an SSL certificate so that all transfers use HTTPS?
Note: By default, when users log in to Serv-U, they are logged into their Home Folder
as defined in Active Directory and have all applicable NTFS permissions applied to
their FTP account. This way, no permissions or settings are required in Serv-U.
Navigate to Domain Details > Listeners, and ensure that an FTPS or HTTPS listener is
entered. If it is not, click Add and add the appropriate listener.
37
Serv-U quick tour
6. If you have Serv-U MFT Server the CA (Certificate Authority) Certificate Path
allows you to specify a .pem file for the Intermediate Certificate if required by
your CA.
7. Click Save, and make sure your FTPS and/or HTTPS listener(s) are configured.
Note: If you have received a signed certificate from a verified certificate
authority, instead of creating a certificate you can specify the .crt certificate file
path and the .key private key file path by using the Browse buttons on this
page.
If your FTP Client can connect with a regular session, but not with SSL
enabled then we recommend checking if there is any NAT enabled
device between the FTP Client and Serv-U. The NAT translation is not
able to understand the encrypted data being sent between the client
and server and thus corrupts the data connection. Currently the only
workaround is to disable the NAT functionality or move Serv-U or the FTP
Client in front of the NAT enabled device.
I want to make sure nothing is kept on the server longer than X days
In the Management Console under Server Limits and Settings > File Sharing you can
define how many days to keep files on the server.
38
I want to make sure nothing is kept on the server longer than X days
You can also leverage the Automated File Management feature. This feature enables
you to automatically remove or archive files from the file server which you received
through traditional file transfer protocols. These rules can be configured at the
server and domain level, and they apply recursively to all files within the folder for
which they are configured, and not only to those that have been uploaded through
Serv-U. Serv-U regularly and individually checks all the files in the directory for their
age, and executes the specified action on the files that meet the age criteria you
specify.
39
Serv-U quick tour
2. Type the path to the file or folder in the Directory Path field, or click Browse to
navigate to the file or folder.
3. Select the action you want to perform on the file:
a. If you want to delete the file after it expires, select Delete file(s) after
specified time.
b. If you want to move the file after it expires, select Move file(s) after
specified time, and then specify the folder where you want to move the
file in the Destination Directory Path field.
4. Specify the number of days after the file creation date when the action should
be executed.
5. Click Save.
I want to make File Sharing the only interface my end users see
To disable the interfaces you do not want your users to access, perform the following
steps:
5. Click Save.
40
I want to point Serv-U to an existing Windows share so I don't have to keep file shares
The following instructions describe how to switch these services from LocalSystem to
another Windows user so Serv-U can access remote shares when required.
The best option is to configure Serv-U/FTP Voyager Scheduler to run under a user
account that has network privileges to the UNC path. In an Active Directory
environment, this user may be a member of the Domain Admins group. In a Windows
Workgroup, this will be a user who exists on both the local machine and the remote
network resource, with the same user name and password on both machines.
To change the user account under which a service runs, follow the steps below:
1. Navigate to the Control Panel > Administrative Tools > Services menu.
2. Right click either the Serv-U File Server or FTP Voyager Scheduler, and then
select Properties.
3. Open the Log on tab.
4. Select This account.
5. Browse to the correct user account in your domain. In Windows Active
Directory, the user account will be in the form of
[email protected], and in a workgroup this will be in the form of
SERVERNAME\username.
6. When the correct user is displayed, click OK to save the settings.
41
Serv-U quick tour
7. If running in a workgroup, again ensure that the same account exists remotely
on the network server.
8. Restart the service by right clicking on it in the Services window, and then
selecting Restart.
If you encounter an error when starting the service, most likely you are encountering
a user account issue, which will need to be diagnosed within the properties of the
Serv-U File Server / FTP Voyager Scheduler service. The best way to avoid this is to use
the Check Name option to make sure that your entry is correct.
Note: Windows System Services cannot recognize mapped network drives by letter.
Any network location specified must be placed in UNC format (\\server\share).
Serv-U Gateway
Serv-U Gateway is an optional reverse-proxy component that safely terminates file
transfer connections in the DMZ to avoid inbound connections or storing data in the
DMZ. For more information see the Serv-U Gateway page and the Distributed
Architecture Guide.
Firewall Guide
Serv-U configuration supports FTP, FTPS, (SSL/TLS), SFTP (SSH), HTTP and HTTPS
connection from the internet directly into Serv-U. For more information see the Serv-
U Firewall Guide.
42