Skip to main content

Qiata

Before you start

Which languages are supported by Qiata?

Qiata currently supports German, English, French and Simplified Chinese.

Do I need a static IP address?

Yes, a static IP is required to ensure the consistency of external file downloads. If the Qiata File Transfer Appliance is not intended for sharing with external users, it can be used without static IP.

How safe is the service?

Each transfer is made via HTTP using SSL or HTTPS. External users can only access the service through a unique link sent to them. They do not access the service directly. Internal users can be assigned to specific IP areas to prevent access from the Internet. The files on the system are "hashed" to make direct identification impossible. Transfers can also be provided with an individual password for the access of individual users.

What is an appliance?

The appliance is a hardware that has been specially designed for the particular application. It is not necessary to administer the entire operating system like with a PC or a server. The administrator only has to manage the appliance specific functions. It is used without a monitor and is usually administered with a serial console or via the network using a browser. If the system should fail or need to be reset, there is no need to reboot the entire operating system or application. Thanks to simple recovery using Secure Disaster Recovery (SDC), resetting to factory settings is very easy.


The beginnings

What is SDR?

SDR (Secure Disaster Recovery), SECUDOS 'unique USB stick recovery technology, reduces the number of appliance returns by half due to an apparent defect, enables software upgrades and downgrades, automatically generates a hardware test log file and detects SECUDOS hardware automatically. An SDR allows the Qiata FTA to be reset to factory settings.

How can I access or configure the File Transfer Service?

The configuration and the file transfer service is available by any browser from the user computer. This can be accomplished either locally or remotely as long as there is access to the network. To administer the system, it is not necessary to learn a mysterious programming language.

Which ports does Qiata need for communication?

Qiata FTA WebUI: Port 443 TCP -> external

I received two licenses with my delivery. Where's the difference?

The FTA license is the .xml file which is responsible for the applicability of the software. In addition to this, the expiration dates and features of the software are controlled here - if this license expires, the message "This installation is not yet licensed" appears on the interface. The license must be imported in the ftadmin area (black interface) and can be reached via the user "ftadmin".

Install Qiata

Can I adapt the interface to my company?

Yes, this is possible. When logged in as administrator, you can configure the interface with your own logo and much more.

How many user accounts can I set up on the File Transfer Appliance?

You can set up as many users as you need. The storage space on the appliance limits the space allocated to each user.


Administration

What backup variants are available?

With full backup there are two ways to create them (Add Backup Job):

If the "Backup Directory" field is left empty when creating the job, a full backup will be created each time the job is executed. That means, if you have configured a backup every day, DOMOS will create a folder for each day (ex: 10.04.2015_backup, 11.04.2015_backup). Each of these backups can be used as a restore.

How can I allocate more disk space to my V-FTA?

Shut down the VM and adjust the size of the hard drive with the tool for your VM.

Then restart the VM and log in via SSH. Use su - to log in as root and execute the following program:

/opt/secudos/DomosConf/bin/DomosVMDiskResizer

The system reboots and then uses the extended hard disk space of the FTA.

Where can I find my Qiata license serial number?

There are basically two types of license serial numbers.

The Hardware Serial Number is a number created by our system that starts by default with LR and can be found on the bottom of your appliance. The hardware serial number is required for an RMA and should be kept ready for a support call.

How can a user delete files from the system?

A user can not remove files from the Qiata. If a user transfers or files are removed they are not removed from the system but only from the respective user interface. Only the system's archiver (as Company Administrator under "System" -> "Archive" or "New Archive") can completely remove files from the system.


Migration

I want to virtualize my hardware

Log into https://my.qiata.com:10000 with the user "admin" on your DOMOS interface. Go to the menu item "Backup / Restore" -> "Config Backup" and start a configuration backup. Save the offered configuration.dat on a suitable storage medium.

After a successful backup start the new system and insert the configuration.dat. Then the data backup.

Please contact our Sales TEAM to get a new license.


Typical issues

When I try to upload a 20GB file I get an error message or the loading bar stops.

In the ftadmin area under Restrictions the Upload size has to be adjusted.

I can no longer create users! I thought the Qiata is without limitation?

Please log in as ftadmin. In the Organization tab under the paragraph "Restriction" there is the item "Maximum number of users" the default value is set to 100 here. Please increase the value here and you can create "User" again.

The DOMOS update from DOMOS5.5 has the error that NTP can not be updated. How can this be remedied?

With DOMOS5.4, NTP was removed from DOMOS, but ntpdate is still updated. Therefore, this dependency error occurs. To avoid the bug, you have to execute the following command as user root on the DOMOS console:

rpm -e ntp

Afterwards, the system update can be carried out as usual via the DOMOS WebUI.

PDF files are falsely declared as viruses

The current patterns of the virus scanner "ClamAV" have the problem that they wrongly declare all PDF files as virus "Win.Exploit.CVE_2019_0903-6966169-0". This is a hoax and currently only exists in the latest patterns (daily.cld 25460) of the virus scanner. Other file types are not affected. To work around the problem temporarily, log in to the system as user root via SSH and run the following command:

echo "Win.Exploit.CVE_2019_0903-6966169-0" >> /var/clamav/sig_whitelist.ign2

As a result, the virus is included in the whitelist of the scanner and "skipped". The PDF files can be sent as usual. To undo the adjustments, you can either reset the virus definitions via DOMOS CC (FQDN: 10000), or manually remove the file from the system

rm /var/clamav/sig_whitelist.ign2

Removing Java in version 3.x

Why is Java removed?

In version 3.0 a new login concept (OpenID Connect) is released, which is no longer compatible with the current Java integration. Many added values that the Java integration used to bring, are now either done by the browser itself, or can be taken over by our Secure Desktop Client (SDC). In addition, the deactivation of the npapi interface within the browsers has deprived many users of the possibility to use the Java integration.

Which areas of Qiata are affected by the removal of Java?

This is mainly about the upload and download of files and/or folders. Affected are for example: The new tab (upload of files and folders), the download page and the upload page. Furthermore, Java will no longer be available in TEAMTransfer (e.g. to download folders).

Will the Qiata lose transfers already created with the update?

No. All transfers (whether created with or without Java) remain available as usual.

What changes for the company?

Basically nothing at first. The activation of the feature within Qiata is omitted for administrators. Java maintenance on the clients is no longer necessary (for Qiata).

What changes for users?

The user no longer has the possibility to upload or download files/folders via the integrated Java functionality, or via the Java Manager.

How can I send large files without Java?

Many current browsers have relaxed the "old" upload limit of 2GB. So it is often possible to upload large files directly via the standard upload. More detailed information about the upload limits of the browser, you can usually get from the manufacturer of the browser directly.

How can I send entire folder structures?

Sending folders, multiple files and much more is easy and secure with our Secure Desktop Client (SDC). The SDC is available for Windows and macOS and can be found free of charge for customers in the download area.

Is there anything else I need to be aware of as an administrator?

Additional settings are not necessary on the part of the administrator. As of version 3.0, all functions are removed from the WebUI and are no longer available to both the administrator and the user.

Important Information for Qiata 3.0

Which templates are reset?

When updating to Qiata version 3.0, templates must be reset to guarantee technical operation. The following files and templates are affected:

Pages

  • Upload Page (upload_plain.html)
  • Reset Password Page (reset_password.html)
  • Pincode-Seite (pincode.html)
  • Newsletter Download Page (download_newsletter.html)
  • Login Page (login.html)
  • UI-Header(header.html)
  • Forgot Password Page (forgot_password.html)
  • UI-Footer (footer.html)
  • Errorpage (error_page.html)
  • Transfer Download Page (download_plain.html)
  • Automatic Sign-Up Page (auto_signup.html)

CSS Files

  • Main Styling (style.css)
  • Login Styling (login.css)

XML API Changes (Breaking Changes)

Starting with the Qiata 3.0 release, we will gradually disable support for the current login method in the XML API. For upcoming applications that use the XML API, only the new standard (OAuth 2 with Open ID Connect 1) should be used. If you have any questions regarding the changes, please feel free to contact us directly at: support@secudos.de

Accessibility via external FQDN

With version 3.0, accessibility from the internal system to the external FQDN is inevitably required. The Qiata must be able to access the OpenID service via its own FQDN (e.g. https://demo.secudos.com/.well-known/openid-configuration). If necessary, please adjust the host entries in DOMOS, or guarantee accessibility via the firewall.

Here is an example: Your system is running internally with the IP address: 192.168.1.1, the External IP is: 63.62.61.60, the FQDN is: files.domain.com. The system must now be able to resolve the FQDN files.domain.com from Internal. You can test this, for example, by starting a ping (Network -> Ping) to files.domain.com on the console or in DOMOS. If the FQDN is not resolvable, please create a new host entry in DOMOS.

To do this, first log in to the DOMOS WebUI:

  • Navigate to the Network -> Hosts item
  • Click on Add a new host address
  • Then enter the IP address and the FQDN In our example, we enter here: 192.168.1.1 as the IP address and files.domain.com as the FQDN.
  • Then click on Activate Settings to apply the configuration

Important information for Qiata 4.0

Changeover Old UI / New UI

As of version 4.0, the new UI is set as the new standard. So calling the main address (FQDN, e.g. demo.secudos.com) leads (after correct authentication) to the new WebUI. If required, you can change this logic and make the old WebUI the default again.

To change the default, please log in to the system via SSH or Console as user root.

Info

Remember that when logging in via SSH, you must first log in as user admin. Then you can switch to the user root via su -.

Open the configuration file of the organization (company.xml) with an editor, e.g. via:

vi /var/lib/fta/company/default/cfg/company.xml

Navigate to the web area. The area should look like this:

<web>
<loginurl>/v2/login</loginurl>
<linkurl>/v2/login?link=</linkurl>
<securetransport>true</securetransport>
<maxpost>50000000</maxpost>
<defaultoldui>false</defaultoldui>
</web>

Here the defaultoldui parameter is the one that takes control. If this entry is not present, please add it inside the web section. The parameter can cause two different changes:

  • true - If the value is set to true, the old UI will be set as default.
  • false - If the value is set to false, the new UI will be set as default (This value is set as default)

After the change, restart the main process (ftad) once via:

systemctl restart ftad

Alternatively, you can also restart the system once. After restarting the process/system, the new setting will apply.

Why do I get the message This client only allows internal users when I try to log in as administrator?

With the new Version 4.0, the Qiata includes two different login inputs, each containing different destinations.

Login destination A (NEW)

A) The new standard login way (open with FQDN, e.g.: demo.secudos.com) is only intended for users. In addition, there is the restriction here that no TEAMTransfer area is available for users. This login leads to the new WebUI.

Login destination B (OLD)

B) The second login path can be accessed via FQDN/sc (e.g demo.secudos.com/sc) or via the button on the login page.

Old UI Button Login

This is the former login. This login in leads to the old WebUI. Here administrators and TEAMTransfer users can log in.

tip

If you are logged in as a user, you can use the Old UI or New UI button to jump to the other area.

Where can I find TEAMTransfer in the new WebUI?

Currently the TEAMTransfer module can only be used in the old WebUI. Users can either use the login via FQDN/sc (old login) by default, or click on the Old UI button in the new UI. This will take you directly to the old area and you can access TEAMTransfers or create new ones as usual.

Old UI Button

Which templates are reset?

When updating to Qiata version 4.0, templates should be customized/reset to guarantee technical operation in the future. With the new methodology, by changing the following colors, you can automatically brand all customizable parts of Qiata and the SDC (Secure Desktop Client) to your desired color. This saves you from having to change all the individual HTML pages and CSS files. Resetting the files is not mandatory.

* {
--ct1-themecolor: #2f8ecd;
--ct1-themecolor-alt: #2775a9;
--ct1-topbar: #2f8ecd;
--ct1-sidebar-top: #2f8ecd;
--ct1-logincolor: linear-gradient(to bottom, #79aed5E6 0%, #000000B3 100%);
}

danger

The above colors do not affect the email templates. Here it is still necessary to change the inline stylings within the respective files.

The following files and templates are affected:

HTML-pages

  • Login Page (login.html)
  • Upload Page (upload_plain.html)
  • Download (download_plain.html)
  • Reset Password Page (reset_password.html)
  • Forgot Password Page (forgot_password.html)
  • Pincode Page (pincode.html)
  • Error Page (error_page.html)
tip

The changes within the HTML pages simply add a new CSS file to the HTML pages listed above. If you don't want to reset the entire HTML pages, you can simply add the following line to the HTML pages:

<head>
...
...
<link href="/qiata/css/uitheme.css" rel="stylesheet">
...
...
</head>

Please make sure that the new CSS reference is inside the <head>.

CSS files

  • Main Styling (style.css)
  • Login Styling (login.css)
danger

In the above CSS files, the SECUDOS blue tone (#2f8ecd) has been replaced with a variable (--ct1-themecolor). This variable in turn is referenced in the new CSS file UI-Theme Styling (uitheme.css). So make sure after the change or reset, that you enter the desired colors (if not already done) in the UITheme Styling (uitheme.css).

The inclusion of the variable in the CSS files should always be declared as follows. Here are a few examples:

a,
a:focus,
a:hover {
color: var(--ct1-themecolor, #2f8ecd);
}

.masthead {
background-color: var(--ct1-themecolor, #2f8ecd);
...
}

.form {
...
background: var(--ct1-logincolor, linear-gradient( to bottom, #79aed5E6 0%, #000000B3 100% ));
}
Note

In these examples, the variable is brought to life via var and then set. The value after the comma (In the examples #2f8ecd) is a fallback color if the primary one could not be set.

Changes to Azure-AD connectivity

For a smooth operation of the Azure-AD connection, an additional redirection URI must be entered. In addition to the current one, please add the address https://FQDN/v2/webui, as described in the documentation, to your app.