|NOTE: IS&T recommends that IS&T Managed Servers be used for hosting FileMaker databases. |
Only experienced server administrators should attempt to do so, particularly where databases with sensitive data and/or mission critical functions will be housed. The following web page offers MIT-specific configuration recommendations to help mitigate against security risks in the FileMaker hosting environment. In a changing computing landscape these recommendations in no way offer a guaranteed maintenance or risk-free hosting environment.
The following is a list of best practices for hosting FileMaker databases at MIT if you are not intending to use an IS&T managed FileMaker server (recommended), and includes information on server machine setup, FileMaker Server configuration, and FileMaker database settings. If you are using an IS&T hosted FileMaker server, you will not need to concern yourself with the instructions given here as these tasks will be taken care of for you based on your server needs. For an overview of FileMaker at MIT, including instructions for installing FileMaker Server and more general notes on security, please see FileMaker at MIT. Considering the costs of hardware and ongoing maintenance needs related to any server, an IS&T managed server is very likely the most cost effective option available to DLCs. To find out more about IS&T managed FileMaker servers, please contact firstname.lastname@example.org before purchasing hardware and preferably before engaging in any new FileMaker development project.
Note: The information on this page is accurate for FileMaker 16. Certain features and settings may either not apply to or differ from prior versions.
Because securing and maintaining server hardware and FileMaker server software is not a trivial matter, our recommendation is to use IS&T-managed servers whenever possible. If using a non-IS&T hosted server, your server should be server-class physical or virtual machine. If not residing in the MIT data center, server hardware should be kept in a lockable inner office or server closet that is only accessible by authorized personnel; UPS is highly recommended.
Use a server-class Windows or Mac OS.
Configure server machine to always be on (never asleep or hibernating)
See FileMaker Server Port Settings at MIT for the port settings required by FileMaker Server.
Set up TSM account and exclude the Databases directory:
Win: C:\Program Files\FileMaker\FileMaker Server\Data\Databases
Mac: /Library/FileMaker Server/Data/Databases
Any non-FileMaker process that accesses the live hosted files runs a risk of file corruption. The FileMaker Server\Data\Backups folder may be safely backed up by TSM or your back-up application.
Anti-virus software should be completely disabled, or at least set to exclude the live hosted files from scanning (see “Backup and recovery” above).
Turn off Indexing Service (Windows) or Spotlight (Mac). Indexing reduces performance.
Web services will need to be turned on, even if FileMaker web publishing is not enabled, in order for server administrators to access the FileMaker Server Admin Console.
If the server is deployed on the MIT WIN domain, be mindful of group policies around TSM, antivirus, and other services. Adjustments to these services may need to be made at the group level as changes made locally can be overwritten by the group policy.
Before running OS updates, FMS updates, or rebooting the server for any reason, all database files should be closed and then FileMaker Server should be stopped. Once FileMaker Server has been stopped, the machine can be safely rebooted.
FileMaker Server settings are configured using the Admin Console. To launch the Admin Console, point a browser to https://<hostname>.mit.edu:16000. The items that follow assume you are logged into the Admin Console.
Restrict Admin Console access, done in the General Settings pane > Admin Console tab. Set a username/password (can be set at installation). To allow access to members of a server group, check off Use external group and enter the group name. You may also restrict access by IP address.
Unless using FileMaker to publish databases or data to the web (via WebDirect, the FileMaker Data API, or custom web publishing), do not enable Web Publishing. Server menu > Edit Deployment > Web Publishing section > check off No, do not enable web publishing.
Note: If using web publishing with solutions that contain sensitive data, extreme care should be taken with the implementation of user accounts and privilege sets such that the sensitive data is never exposed to the web. Further, as a rule, FileMaker should never be used at MIT to store protected data such as social security or credit card numbers.
Enable this to receive error notifications via email if desired. General Settings pane > Email Notifications tab. Under SMTP Information, enter the appropriate From and Reply-To information. SMTP Server Address = outgoing.mit.edu, port = 25, SMTP Authentication = None. Under Notification Settings, check off "Send email notifications to" and enter an address. Generally, enable for "Errors only". Including Warnings can generate lots of unnecessary notifications.
Enable FMS auto-start on system startup/reboot. In the General Settings pane > Auto Start tab, check off Automatically start Database Server and Automatically open databases that are in the database folders. If web publishing is enabled (you should have good reason to do this), check off Automatically start Web Publishing Engine.
Unless using FileMaker as an ODBC data source, do not enable ODBC access. General Settings pane > ODBC/JDBC, uncheck Enable ODBC/JDBC. FileMaker databases may still access external ODBC data sources.
Set a maximum idle time for FileMaker clients. Database Server pane > FileMaker Clients tab; check off Set maximum idle time allowed for FileMaker clients (minutes) and enter a value. 240 (4 hours) is a reasonable default setting.
To improve performance, increase the memory available to FileMaker Server. Database Server pane > Databases tab. Set the RAM Reserved for Database Cache (MB) to half of the maximum allowed cache size.
Enabling external authentication will allow databases to utilize Moira groups for defining database users and groups, and allow users to access databases using their Kerberos credentials. Database Server pane > Security tab > set Client Authentication to FileMaker and external server accounts. See FileMaker Authentication for more info.
Limit the display of files available on the server to only those users are authorized to see. Database Server pane > Security tab > “List only the databases each user is authorized to access” radio button.
Turn on SSL encryption. Database Server pane > Security tab > Secure connections to FileMaker Server checkbox, and Use HSTS for web clients checkbox. You must stop and restart FileMaker Server for changes to these settings to take effect.
Important: You should also request and install a custom SSL certificate. See FileMaker Server SSL Certificates.
Database Server pane > Logging tab. Increase the Log Size; 100 MB is a good starting point. Check off Access, Usage statistics, Client statistics, and Top call statistics.
Configure FMS to run backups at least once daily. This is done via the Schedules pane. Backup files are written to the FileMaker Server\Data\Backups folder.
If the server hosting environment permits, implement Kerberos authentication for all MIT-based, non-full access users. This involves careful planning and multiple steps. For more information, see Configuring FileMaker Databases For Kerberos Authentication.
All database solutions require at least one internally authenticated, full access user account. By default, new databases are given a full access account named 'Admin' with NO password, and are set to auto-login with this account. Before hosting a database, the Admin user account should either be given a strong password, or disabled and a new full access account created.
Strong passwords should be used for all internal FileMaker accounts, whether full access or not.
The application should have at least two privilege sets, or role levels. Users who are not developing or supporting the system should not be assigned the [Full Access] privilege set.
PII data (SSN, credit card numbers) should never be stored in FileMaker at MIT. Sensitive data should not be web-enabled.
Under File > File Options, on the Open/Close tab, ensure that Login using: is unchecked and that no file credentials are entered.
With the database open in FileMaker Pro: under the Sharing menu, select FileMaker Network, then check off Don’t display in Open Remote dialog. This must be done before file is hosted with FMS.
By default, ODBC and WebDirect access are not enabled in new files. For existing solutions, verify settings in FMP client. For WebDirect: Choose File > Sharing > Configure for WebDirect, and set to No Users. For ODBC: Choose File > Sharing > Enable ODBC/JDBC, and set Enable for ODBC/JDBC to Off.