Qiata
Before you start
Which languages are supported by Qiata?
Qiata currently supports German, English, French and Simplified Chinese.
Do I need a static IP address?
Yes, a static IP is required to ensure the consistency of external file downloads. If the Qiata File Transfer Appliance is not intended for sharing with external users, it can be used without static IP.
How safe is the service?
Each transfer is made via HTTP using SSL or HTTPS. External users can only access the service through a unique link sent to them. They do not access the service directly. Internal users can be assigned to specific IP areas to prevent access from the Internet. The files on the system are "hashed" to make direct identification impossible. Transfers can also be provided with an individual password for the access of individual users.
What is an appliance?
The appliance is a hardware that has been specially designed for the particular application. It is not necessary to administer the entire operating system like with a PC or a server. The administrator only has to manage the appliance specific functions. It is used without a monitor and is usually administered with a serial console or via the network using a browser. If the system should fail or need to be reset, there is no need to reboot the entire operating system or application. Thanks to simple recovery using Secure Disaster Recovery (SDC), resetting to factory settings is very easy.
The beginnings
What is SDR?
SDR (Secure Disaster Recovery), SECUDOS 'unique USB stick recovery technology, reduces the number of appliance returns by half due to an apparent defect, enables software upgrades and downgrades, automatically generates a hardware test log file and detects SECUDOS hardware automatically. An SDR allows the Qiata FTA to be reset to factory settings.
How can I access or configure the File Transfer Service?
The configuration and the file transfer service is available by any browser from the user computer. This can be accomplished either locally or remotely as long as there is access to the network. To administer the system, it is not necessary to learn a mysterious programming language.
Which ports does Qiata need for communication?
- Required ports
- Administrative Ports
- Optional Ports
Qiata FTA WebUI: Port 443 TCP -> external
DOMOS WebUI: Port 10000 TCP -> internal
- SSH: Port 22 TCP -> internal - Smart Delivery: 9000 UDP -> internal/external - MailClient Integration: 25 TCP -> internal
I received two licenses with my delivery. Where's the difference?
- FTA (.xml)
- DOMOS (.lic)
The FTA license is the .xml file which is responsible for the applicability of the software. In addition to this, the expiration dates and features of the software are controlled here - if this license expires, the message "This installation is not yet licensed" appears on the interface. The license must be imported in the ftadmin area (black interface) and can be reached via the user "ftadmin".
The DOMOS license is the .lic file. This license is used to receive updates from our repository. If this license has expired or is not intended for the device, it is not possible to receive updates. Thus, the software always remains on the same level. This license should be installed in the DOMOS interface and can be reached at the address https://FQDN:10000.
Install Qiata
Can I adapt the interface to my company?
Yes, this is possible. When logged in as administrator, you can configure the interface with your own logo and much more.
How many user accounts can I set up on the File Transfer Appliance?
You can set up as many users as you need. The storage space on the appliance limits the space allocated to each user.
Administration
What backup variants are available?
With full backup there are two ways to create them (Add Backup Job):
- No backup directory selected
- A backup directory is configured
If the "Backup Directory" field is left empty when creating the job, a full backup will be created each time the job is executed. That means, if you have configured a backup every day, DOMOS will create a folder for each day (ex: 10.04.2015_backup, 11.04.2015_backup). Each of these backups can be used as a restore.
If an extra backup directory has been defined (eg: A folder "Backup" has been created) there is always only one backup. Each newly created backup only adds the files that are really new. In our example, this would be a folder "Backup" in which only the latest version is saved every day. This backup can also be used for restoring, but always contains only the latest version.
How can I allocate more disk space to my V-FTA?
Shut down the VM and adjust the size of the hard drive with the tool for your VM.
Then restart the VM and log in via SSH. Use su -
to log in as root and execute the following program:
/opt/secudos/DomosConf/bin/DomosVMDiskResizer
The system reboots and then uses the extended hard disk space of the FTA.
Where can I find my Qiata license serial number?
There are basically two types of license serial numbers.
- Hardware serial number
- Software serial number (Qiata license number)
The Hardware Serial Number is a number created by our system that starts by default with LR and can be found on the bottom of your appliance. The hardware serial number is required for an RMA and should be kept ready for a support call.
The software serial number is provided with your Qiata license and can be viewed in your Qiata FTA-UI. To view your serial number please log into your Qiata FTA-UI as "ftadmin". In the following table you will find under the item ID your software / license number
How can a user delete files from the system?
A user can not remove files from the Qiata. If a user transfers or files are removed they are not removed from the system but only from the respective user interface. Only the system's archiver (as Company Administrator under "System" -> "Archive" or "New Archive") can completely remove files from the system.
Migration
I want to virtualize my hardware
- Hardware to virtual
- Virtual to hardware
Log into https://my.qiata.com:10000 with the user "admin" on your DOMOS interface. Go to the menu item "Backup / Restore" -> "Config Backup" and start a configuration backup. Save the offered configuration.dat on a suitable storage medium.
After a successful backup start the new system and insert the configuration.dat. Then the data backup.
Please contact our Sales TEAM to get a new license.
Log into https://my.qiata.com:10000 with the user "admin" on your DOMOS interface. Go to the menu item "Backup / Restore" -> "Config Backup" and start a configuration backup. Save the offered configuration.dat on your SDR stick.
Now install the new system via SDR Stick. Then you start the data backup.
Please contact our Sales TEAM to get a new license.
Typical issues
When I try to upload a 20GB file I get an error message or the loading bar stops.
In the ftadmin area under Restrictions the Upload size has to be adjusted.
I can no longer create users! I thought the Qiata is without limitation?
Please log in as ftadmin. In the Organization tab under the paragraph "Restriction" there is the item "Maximum number of users" the default value is set to 100 here. Please increase the value here and you can create "User" again.
The DOMOS update from DOMOS5.5 has the error that NTP can not be updated. How can this be remedied?
With DOMOS5.4, NTP was removed from DOMOS, but ntpdate is still updated. Therefore, this dependency error occurs. To avoid the bug, you have to execute the following command as user root on the DOMOS console:
rpm -e ntp
Afterwards, the system update can be carried out as usual via the DOMOS WebUI.
PDF files are falsely declared as viruses
The current patterns of the virus scanner "ClamAV" have the problem that they wrongly declare all PDF files as virus "Win.Exploit.CVE_2019_0903-6966169-0". This is a hoax and currently only exists in the latest patterns (daily.cld 25460) of the virus scanner. Other file types are not affected. To work around the problem temporarily, log in to the system as user root via SSH and run the following command:
echo "Win.Exploit.CVE_2019_0903-6966169-0" >> /var/clamav/sig_whitelist.ign2
As a result, the virus is included in the whitelist of the scanner and "skipped". The PDF files can be sent as usual. To undo the adjustments, you can either reset the virus definitions via DOMOS CC (FQDN: 10000), or manually remove the file from the system
rm /var/clamav/sig_whitelist.ign2
When using the Outlook Add-In, the e-mail does not close after completion
Issue:
Since February 17, 2025, Microsoft has disabled Microsoft Exchange (Legacy) Tokens for all Microsoft 365 tenants. Qiata has used these tokens in the Outlook Add-In to store and move the email after sending a transfer. Due to this deactivation, this functionality is no longer working.
Impact:
The transfer itself is still processed and sent correctly by Qiata. There are no issues on our side regarding the sending process. However, the created email remains open after the upload is complete and is not automatically moved to the Sent Items folder.
Solution / Workaround:
- Users can manually close the email after the upload has reached 100%.
- If required, the draft can be saved, but this is optional.
- Alternatively, administrators can reactivate the Legacy Exchange Online token to restore the original functionality. Instructions on how to do this can be found in the official Microsoft article: Microsoft Documentation.
We are actively working on a long-term solution to this issue.
Why is my Qiata upload or download page not displayed correctly?
If your upload or download page isn't displayed correctly (e.g., layout issues, buttons not working, or incorrect formatting), it is usually caused by an unsupported version of Bootstrap.
How can I fix this problem?
There are two ways to resolve the issue:
a) Manually update the Bootstrap version
Manually update the Bootstrap version used in your templates to the currently supported version (Bootstrap 5.3.3). Insert or update the following lines in your HTML template:
<link rel="stylesheet" href="/qiata/3rd/bootstrap-5.3.3/css/bootstrap.min.css" crossorigin="anonymous">
<script src="/qiata/3rd/bootstrap-5.3.3/js/bootstrap.min.js" crossorigin="anonymous"></script>
b) Reset the template
Alternatively, you can reset the template for the affected page (Transfer download page or upload page) to the default settings. This will automatically load the current and supported Bootstrap version.
Once you’ve updated the Bootstrap version or reset the template, your page should display and function correctly again.
Important Information for Qiata 3.0
Which templates are reset?
When updating to Qiata version 3.0, templates must be reset to guarantee technical operation. The following files and templates are affected:
Pages
- Upload Page (upload_plain.html)
- Reset Password Page (reset_password.html)
- Pincode-Seite (pincode.html)
- Newsletter Download Page (download_newsletter.html)
- Login Page (login.html)
- UI-Header(header.html)
- Forgot Password Page (forgot_password.html)
- UI-Footer (footer.html)
- Errorpage (error_page.html)
- Transfer Download Page (download_plain.html)
- Automatic Sign-Up Page (auto_signup.html)
CSS Files
- Main Styling (style.css)
- Login Styling (login.css)
XML API Changes (Breaking Changes)
Starting with the Qiata 3.0 release, we will gradually disable support for the current login method in the XML API. For upcoming applications that use the XML API, only the new standard (OAuth 2 with Open ID Connect 1) should be used. If you have any questions regarding the changes, please feel free to contact us directly at: support@secudos.de
Accessibility via external FQDN
With version 3.0, accessibility from the internal system to the external FQDN is inevitably required. The Qiata must be able to access the OpenID service via its own FQDN (e.g. https://demo.secudos.com/.well-known/openid-configuration
). If necessary, please adjust the host entries in DOMOS, or guarantee accessibility via the firewall.
Here is an example: Your system is running internally with the IP address: 192.168.1.1
, the External IP is: 63.62.61.60
, the FQDN is: files.domain.com
. The system must now be able to resolve the FQDN files.domain.com from Internal. You can test this, for example, by starting a ping (Network -> Ping) to files.domain.com
on the console or in DOMOS. If the FQDN is not resolvable, please create a new host entry in DOMOS.
To do this, first log in to the DOMOS WebUI:
- Navigate to the Network -> Hosts item
- Click on Add a new host address
- Then enter the IP address and the FQDN
In our example, we enter here:
192.168.1.1
as the IP address andfiles.domain.com
as the FQDN. - Then click on Activate Settings to apply the configuration
Important information for Qiata 4.0
Changeover Old UI / New UI
As of version 4.0, the new UI is set as the new standard. So calling the main address (FQDN, e.g. demo.secudos.com
) leads (after correct authentication) to the new WebUI. If required, you can change this logic and make the old WebUI the default again.
To change the default, please log in to the system via SSH or Console as user root.
Remember that when logging in via SSH, you must first log in as user admin. Then you can switch to the user root via su -
.
Open the configuration file of the organization (company.xml) with an editor, e.g. via:
vi /var/lib/fta/company/default/cfg/company.xml
Navigate to the web area. The area should look like this:
<web>
<loginurl>/v2/login</loginurl>
<linkurl>/v2/login?link=</linkurl>
<securetransport>true</securetransport>
<maxpost>50000000</maxpost>
<defaultoldui>false</defaultoldui>
</web>
Here the defaultoldui
parameter is the one that takes control. If this entry is not present, please add it inside the web
section. The parameter can cause two different changes:
true
- If the value is set to true, the old UI will be set as default.false
- If the value is set to false, the new UI will be set as default (This value is set as default)
After the change, restart the main process (ftad) once via:
systemctl restart ftad
Alternatively, you can also restart the system once. After restarting the process/system, the new setting will apply.
Why do I get the message This client only allows internal users
when I try to log in as administrator?
With the new Version 4.0, the Qiata includes two different login inputs, each containing different destinations.
Login destination A (NEW)
A) The new standard login way (open with FQDN, e.g.: demo.secudos.com
) is only intended for users. In addition, there is the restriction here that no TEAMTransfer area is available for users. This login leads to the new WebUI.
Login destination B (OLD)
B) The second login path can be accessed via FQDN/sc
(e.g demo.secudos.com/sc
) or via the button on the login page.
This is the former login. This login in leads to the old WebUI. Here administrators and TEAMTransfer users can log in.
If you are logged in as a user, you can use the Old UI or New UI button to jump to the other area.
Where can I find TEAMTransfer in the new WebUI?
Currently the TEAMTransfer module can only be used in the old WebUI. Users can either use the login via FQDN/sc
(old login) by default, or click on the Old UI button in the new UI. This will take you directly to the old area and you can access TEAMTransfers or create new ones as usual.
Which templates are reset?
When updating to Qiata version 4.0, templates should be customized/reset to guarantee technical operation in the future. With the new methodology, by changing the following colors, you can automatically brand all customizable parts of Qiata and the SDC (Secure Desktop Client) to your desired color. This saves you from having to change all the individual HTML pages and CSS files. Resetting the files is not mandatory.
* {
--ct1-themecolor: #2f8ecd;
--ct1-themecolor-alt: #2775a9;
--ct1-topbar: #2f8ecd;
--ct1-sidebar-top: #2f8ecd;
--ct1-logincolor: linear-gradient(to bottom, #79aed5E6 0%, #000000B3 100%);
}
The above colors do not affect the email templates. Here it is still necessary to change the inline stylings within the respective files.
The following files and templates are affected:
HTML-pages
- Login Page (login.html)
- Upload Page (upload_plain.html)
- Download (download_plain.html)
- Reset Password Page (reset_password.html)
- Forgot Password Page (forgot_password.html)
- Pincode Page (pincode.html)
- Error Page (error_page.html)
The changes within the HTML pages simply add a new CSS file to the HTML pages listed above. If you don't want to reset the entire HTML pages, you can simply add the following line to the HTML pages:
<head>
...
...
<link href="/qiata/css/uitheme.css" rel="stylesheet">
...
...
</head>
Please make sure that the new CSS reference is inside the <head>
.
CSS files
- Main Styling (style.css)
- Login Styling (login.css)
In the above CSS files, the SECUDOS blue tone (#2f8ecd
) has been replaced with a variable (--ct1-themecolor
). This variable in turn is referenced in the new CSS file UI-Theme Styling (uitheme.css). So make sure after the change or reset,
that you enter the desired colors (if not already done) in the UITheme Styling (uitheme.css).
The inclusion of the variable in the CSS files should always be declared as follows. Here are a few examples:
a,
a:focus,
a:hover {
color: var(--ct1-themecolor, #2f8ecd);
}
.masthead {
background-color: var(--ct1-themecolor, #2f8ecd);
...
}
.form {
...
background: var(--ct1-logincolor, linear-gradient( to bottom, #79aed5E6 0%, #000000B3 100% ));
}
In these examples, the variable is brought to life via var
and then set. The value after the comma (In the examples #2f8ecd
) is a fallback color if the primary one could not be set.
Changes to Azure-AD connectivity
For a smooth operation of the Azure-AD connection, an additional redirection URI must be entered. In addition to the current one, please add the address https://FQDN/v2/webui
, as described in the documentation, to your app.