Access Keys:
Skip to content (Access Key - 0)
Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version. Compare with Current  |   View Page History
<< Previous Version 54 Next >>

FileMaker Server Installation and Configuration

NOTE: IS&T recommends that IS&T Managed Servers be used for hosting FileMaker databases.
Only experienced server administrators should attempt to do so, particularly where databases with sensitive data and/or mission critical functions will be housed. The following web page offers MIT-specific configuration recommendations to help mitigate against security risks in the FileMaker hosting environment. In a changing computing landscape these recommendations in no way offer a guaranteed maintenance or risk-free hosting environment.

Note: The information on this page is accurate for FileMaker Server 16. Certain settings and features may differ for prior versions.

IS&T recommends that IS&T-managed servers be used whenever possible for hosting FileMaker databases at MIT. When using managed hosting, IS&T will handle the installation and configuration of FileMaker Server for you. If you elect to run your own hosting environment, have secured it properly, and have experience with FileMaker Server, the instructions here are provided for your reference. Be sure to take note of the shortlist of recommended security settings below.

On this page:

Shortlist of Recommended Security Settings

This list includes essential security-related settings, but does not cover all necessary FileMaker Server settings. For a full checklist of best practices, refer to Best Practices for FileMaker Hosting at MIT.

  • Enable SSL encryption
  • Obtain and install a supported custom SSL certificate. For more information and instructions, see FileMaker Server SSL Certificates
  • Enable option to host password-protected databases only
  • Enable option to list only the databases each user is authorized to access
  • Do not enable web publishing (WebDirect, custom web publishing, or FileMaker Data API) unless you have reason to
  • If using web publishing, take active steps to prevent sensitive data from being exposed to the web
  • Do not enable ODBC/JDBC access unless you have reason to

Please follow all recommended MIT FileMaker Security Guidelines when setting up your server. In addition, please consult the FileMaker Inc. Security Guidelines for additional considerations for server setup.

If you are uncertain of the process for setting up your server with the MIT recommendations, below is a step-by-step guide for configuring your server with our recommended essential settings.

Before You Begin

This probably goes without saying, but before you begin you must provision a virtual or physical machine that meets the current minimum specs for FileMaker Server. As stated above, IS&T strongly recommends use of its managed servers.

To work with FileMaker Server, certain ports must be open and/or available on your server machine in order for FMS to communicate with various types of clients. Port settings should be handled before installing FileMaker Server. For the recommended port settings for FileMaker Server at MIT, see FileMaker Server Port Settings at MIT.

Obtaining FileMaker Server

To obtain FileMaker Server software, visit the FileMaker listings on the IS&T software grid and select FileMaker Server 15 to request the application and license key. When your request has been filled you will receive an email with appropriate links to the software and license key.

Note: FileMaker Server is available to MIT staff and faculty and is only licensed for use on campus.
Note: MIT's volume license for FileMaker Server does not allow for use of WebDirect. For more information, see WebDirect and FileMaker Go Licensing at MIT.

Installing and Deploying FileMaker Server

Follow standard procedures for initiating the installation process on your server machine. There are a few gotchas of note:

  • On Windows, the installer should be extracted to and run from the C:\ root directory.
  • When prompted to enter your license information, you must enter the organization name exactly as follows: Massachusetts Institute of Tech
  • After installing the software, you may be prompted to register it with FileMaker. Please do not register - the software was already registered via MIT volume site licensing.

Once installation is complete, FileMaker Server will automatically launch the Deployment Assistant. Follow the steps outlined below to configure appropriately.

  1. In the Setup screen, enter a User Name and Password for accessing the Admin Console, then click Next. The user name and password can be changed later through the Admin Console.
    Warning: For security reasons, do not use your Kerberos credentials.

    Deployment Assistant Setup screen

  2. In the Identification screen, enter a Server Name, Server Description, and Administrator Contact Information for your server, then click Next. This information will be visible to the users of the database at the Open Remote File dialog and at the Admin Console Start page.

    Deployment Assistant Identification screen

  3. In the Technologies screen, under the ODBC/JDBC heading, unless you plan to allow connections via ODBC so that your hosted solutions may be used as ODBC data sources, select "No, do not enable ODBC/JDBC." You may also opt to enable or disable this feature at a later time as necessary; to do so, in the Admin Console, choose Server > Edit Deployment.

    Deployment Assistant Technologies screen

  4. Still in the Technologies screen, under the Web Publishing heading, unless you plan to allow web connections to your files (via WebDirect or custom web publishing), select "No, do not enable web publishing." You may also opt to enable or disable this feature at a later time as necessary; to do so, in the Admin Console, choose Server > Edit Deployment.
    Note: FileMaker Server requires a web server in all deployments; the web server hosts the web-based Admin Console application and handles certain data transfer tasks. Turning web services on, which the installation process does for you, is not the same thing as enabling FileMaker web publishing.
    Important: If you choose to utilize this feature, only non-sensitive data should be published to the web. Certain situations may call for a two-server setup if you have both sensitive and non-sensitive data that you need to host. Please consult the MIT FileMaker Security Guidelines.
  5. Click Next to proceed to the Summary screen.

    Deployment Assistant Summary screen

  6. Click Next to finally run the FileMaker Server deployment using your desired settings.

    Deployment Assistant Progress screen

  7. Click Finish to exit the Deployment Assistant and continue to the Admin Console.
    Note: On the Admin Console > Status pane, you will only see the sections for Web Server, Web Publishing Engine, and ODBC/JDBC if you elected to enable Web Publishing and ODBC/JDBC (respectively) in the Deployment Assistant. You may revisit these settings in the Admin Console by choosing Server > Edit Deployment. If you do make changes to these settings, you will need to stop and restart FileMaker Server for them to take effect.

    Admin Console Summary screen - top
    Admin Console Summary screen - bottom

Accessing the Admin Console

Once FileMaker Server has been installed and deployed, the Admin Console may be accessed by pointing a browser to https://<hostname>.mit.edu:16000.

In addition to the User Name and Password set for accessing the Admin Console, you may allow access via an external server group. This may be defined on the Admin Console > General Settings pane > Admin Console tab > External Group section. You may also limit access to the Admin Console by IP address; this is done on the same tab.

Configure Recommended Security Settings

  1. In the Admin Console, navigate to the Database Server pane > Security tab.

  2. If you intend to use external authentication as a means to access any of the databases hosted on your server, set Client Authentication to "FileMaker and external server accounts;" otherwise set to "FileMaker accounts only."

    Note: Use of external authentication with FileMaker has many advantages, but carries its own set of considerations and challenges. In the MIT environment, external authentication may utilize Moira groups to define database users and roles and allow for Kerberos authentication. For this feature to work, the server must be added to MIT's WIN domain. Further, it is strongly recommended that a unique, dedicated Moira group is created for each FileMaker solution/privilege set combination, and that these Moira groups are used for no other purpose (such as an office email list). For more information, see FileMaker Authentication.

  3. Enable SSL encryption for communication between FM Server and FM clients. Under SSL Connections, check the box for "Use SSL for database connections." Under Progressive Downloading, check the box for "Use SSL for progressive downloading. Then click Save.



  4. After SSL encryption has been enabled, you must stop and restart FileMaker Server in order for it to take effect.

  5. Important: SSL encryption can be regarded as truly secure (as indicated by the green lock icon displayed in FM clients) only when a custom SSL certificate is obtained and installed; see below for more info.

  6. Enable the option to "Host password-protected databases only." This will preclude the unintentional hosting of files without passwords.

    Note: By default, newly created FileMaker files have a full-access Admin user account with no password set, and are set to auto-login with this account. As best practice, the Admin account should either be assigned a secure password, or disabled (provided another full-access account exists or is created).

Custom SSL Certificates

SSL allows for the encryption of data passed between FileMaker Server and FileMaker clients, as well as the Admin Console. A critical component of this function is the SSL certificate residing on the server. The FileMaker Server application ships with a self-signed SSL certificate that does not verify the server name. This default certificate is intended only for test purposes, and a custom SSL certificate is required for production use. See FileMaker Server SSL Certificates for instructions on requesting and installing custom SSL certificates for use with FileMaker Server.

Other Tasks

For more instructions on how to upload your databases and create scheduled tasks to back them up, see Chapter 5 of the FileMaker Server 15 Getting Started Guide (PDF).

Important: FileMaker Server's backup feature creates a local copy of your databases, stored on the host machine. You should still use another mechanism, such as TSM, to back up those saved files to another secure location, in case of system failure.

Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Last Modified:

page-info: unable to locate page


Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Feedback
This product/service is:
Easy to use
Average
Difficult to use
This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki