Author Archives: Martin Horan

Updates to Log History

Posted on by

As of December 12, 2012, the following updates have been made to the Log History system. As a reminder, the log_history workspace contains detailed logs of all activity on your site. These logs are contain a complete history of all activity since the site was first provisioned, whereas detail reports on the Reports tab only go back up to 90 days.

Updates now in effect:

The log_history workspace and the log files within that workspace do not count against your site’s disk quota.
The log_history workspace and log files can not be deleted.
The log_history workspace can be assigned to be accessible to any user you choose, with site administrators automatically having access. Note that the only actual permissions are only download and list.

Enhanced Password Options

Posted on by

In conjuction with the new ability to Allow Users Control Panel Access, we have added some Password Options, found on the Users tab. There are three Basic Password Options, that were explained in another blog post and are included with all current hosting plans (Group, Secure, Business & Enterprise).

The following Enhanced Password Options (circled in orange on the screenshot) are available to customers on the Enterprise plan. Please consult FTP Today Sales if you are interested in upgrading to the Enterprise plan to acquire these features.

  1.  Require Strong Passwords- When checked any new or changed passwords for users must meet strong password rules. Those rules will default to 8,1,1,1,0 per the rules below, but you may then edit those rules to suit your own strong password needs:
    1. Minimum length for passwords – Default = 8.
    2. Minimum number of upper case – Default = 1.
    3. Minimum number of lowercase – Default = 1.
    4. Minimum number of numerals – Default = 1.
    5. Minimum number of symbols – Default = 0
    6. Prohibit username within password- This will prevent a user from choosing a password that equals or contains their username. We recommend you enable this.
    7. Non re-usable password history (days) – Default 0. This is the number of days that the same password cannot be re-used.
  2. Password expiration (days) – Default 0. The number of days since the last change that a password will expire.
  3. Password expiration warning (days) – Default 0. The number of days prior to password expiration that the user will receive a warning via email.
  4. Require initial password change - When checked, you will not have to assign passwords when users are created. Instead, the system will send the user an email requiring them to log in and change their password. The account will be inaccessible via FTP, FTPS, SFTP, etc. until their password is changed. Like the Basic function of forgotten passwords, the link a new user is sent via email will expire based on the Time limit for password reset.

Again, these enhanced passwords features are only available to Enterprise accounts. Please contact if an upgrade is needed.

Basic Password Options

Posted on by

In conjuction with the new ability to Allow Users Control Panel Access, we have added some Password Options, found on the Users tab.

When enabling any of these features, it is a prerequisite to enable the Allow Users Control Panel Access setting on the User Options screen. If not, once you enable any of these Basic Password Options, user-level control panel access will be enabled for you automatically.

There are three Basic Password Options:
Basic Password Options

  1. Allow users to edit their passwords – As it states, this will allow users to edit or change their password once logged in to the control panel.
  2. Allow forgotten password resets by email – If this box is checked, there will be a forgotten password link on the control panel login screen. When someone clicks that link, they will receive an email and will have a certain amount of time (see below) to follow a temporary link, from which they can enter a new password. The user must have a valid email address in their user record for this to function.
  3. Time limit for password reset (minutes) – This is the number of minutes that a temporary link in a forgotten password email will be active. The default is 30 minutes, but you can set this time limit yourself.

Customers on Legacy plans will not have access to Password Options. This feature is only available to customers on our current plans (Group, Secure, Business or Enterprise).You may also notice in the screenshot above that there are two additional items on the password options screen that are greyed out. These Enhaced Password Options are only available on Enterprise plans. Please consult FTP Today Sales if you are interested in upgrading your plan to acquire these features.

Revised User Options

Posted on by

We have updated the features of User Options, which is found on the Users tab. Even though all of these settings are not new, we will review all three of them.

  1. Always create a Private Workspace for a new user – Checking this box will make it so the system automatically creates a private workspace for a new user. The workspace will always have the same name as the username. This is very convenient if the majority of your file transfers are one-on-one and you mostly just need one private folder per user.
  2. Open Access Settings after adding User – This used to appear in the Add User box, requiring you to check the box for every new user created, assuming you wanted to assign the user’s workspaces and permissions immediately after creating their login account. Now you can check this box once as a default setting, so that whenever you click OK while adding a new user, it will automatically open the User Access screen next.
  3. Allow users control panel access – You can now allow (if checked) or disallow (if unchecked) control panel access to end users. While many of you never gave end users the URL, that URL did indeed exist and a few of you were using it. The URL is https://yourhostname.ftptoday.com/users/ (which redirects to /siteadmin/). You can now prevent (if unchecked) users from being able to log in even if they know the URL. Of course, if allowed, you will still have to provide the URL to them, as they should not be able to find it on their own.

Note – all a normal user can see and do in the control panel is manage their Real Name, Email Address and (optionally) their Password. Site Administrators and Department Managers will have additional functionality, of course.

Important Information:
We have also recently rolled out several new functions relating to users managing their own passwords, including forgotten passwords, expired passwords and temporary first-time passwords. Enabling those features will auto-enable the Allow users control panel access setting. If you plan to manage all your users’ passwords for them, you can leave this unchecked or disabled.

 

Departments – Sub FTP Site Administration

Posted on by

ManageNow, with Manage Departments and User and Workspace edits, you can effectively create multiple “sub FTP sites” within your FTP Today site. This is an extremely powerful and unique feature in our industry.

Department ManagerThere is also a new class of
sub-site administrator called a Department Manager.

A Department Manager can log in to Site Admin and can add, edit or delete both Users and Workspaces, but only within their Department. Their visibility in the control panel will be completely limited to one Department. Any Reports or other screens accessible to a Department Manager will be content-filtered to include only departmental data.

Users and Workspaces can belong to one Department (for management by a Department Manager), however Users can also be assigned access to other Workspaces outside the Department (by a full Site Administrator).

Workspaces and Users in existance before this feature was rolled out are, as before, not members of any Department. There is no requirement to assign a Department, but you can do so via User-Edit or Workspace-Edit.

From an FTP client perspective, Users will still only see their assigned Workspaces and can still have limited permissions within each Workspace. A Department Manager will be given full rights to every Workspace in the Department.

Know Your FTP Service Provider — Beware the Public Cloud!

Posted on by

With the advent of the cloud, anyone with a little experience in applications like FTP can open up shop as an FTP hosting provider. This puts a heavy burden on you to know your FTP provider as intimately as, if not more intimately than you would know your own IT security staff if you were hosting your own FTP server in-house.

What Does “The Cloud” Mean?

To some, “I am using the cloud” may just mean “I am outsourcing this application.” But, the word “cloud” is not a synonym for “outsourcing”. A cloud is a platform for building servers virtually instead of physically. This platform allows someone to instantly provision a virtual CPU, virtual memory and virtual storage as a virtual server. They can then install an operating system (e.g. Linux or Windows) just as if they were building and configuring a physical server. Applications like an FTP server and web server go on top of that.

There are three types of clouds — public, private and hybrid clouds.

  1. Public cloud: In Public cloud the computing infrastructure is hosted by a vendor (such as Amazon) at the vendor’s premises. An FTP service provider using a public cloud has no visibility or control over where the computing infrastructure is hosted. This public computing infrastructure is shared between many organizations and individuals.
  2. Private cloud: The computing infrastructure is dedicated to a particular FTP service provider and is not shared with other organizations. Private clouds are significantly more expensive and more secure when compared to public clouds.
  3. Hybrid cloud: This is the combined use of on-premise private clouds with off-premise public or private clouds.

Organizations should host critical applications on private clouds and applications with relatively less security concerns on the public cloud.

Public vs Private

So, you’ve decided that the hassles of building, managing and securing an in-house FTP server are not for you and you have decided to outsource to an FTP hosting specialist. The biggest mistake you can make in choosing an FTP hosting company for your secure file transfer is to choose a provider that uses a public cloud.

Why? Because, if they utilize a public cloud, they do not own, nor do they manage any infrastructure. As it says above, the FTP host has no visibility or control over where the computing infrastructure is hosted. This type of FTP host has even signed off on terms of service from their cloud platform provider (e.g. Amazon) that absolves the cloud platform provider of any and all responsibility in the event of any downtime, security breach or other failure.

A public cloud based FTP provider may make their public-cloud partnership into a selling point because of “infinite scalability” or the fact that the data is replicated automatically to storage systems all over the world for “99.999999999% file durability”. But, you should know better than to fall for these marketing ploys.

This is your data! You should know at all times where your data is and you should also be guaranteed that it is secure.

See this CRN article: Researchers Uncover ‘Massive Security Flaws’ In Amazon Cloud

CONCLUSION

Your FTP site is a mission-critical business application. Not only should it use secure Internet protocols (SSL), but you should also make sure your data is safe and isolated. You should know where your data is physically kept and should be assured that no copies are kept elsewhere in the name of “redundancy”.

Choose an FTP service provider that owns and manages their own private cloud. They have all the benefits of instantly provisioning new FTP servers and push-button scalability, but none of the potential down sides in using public infrastructures.

To Share or Not to Share

Posted on by

Did you know that you can allow multiple users access to the same files?

Many FTP Today customers have used our service since long before we ever released our own software in March 2010. Our old system was only capable of letting each user access one folder. That works fine if all you want is private FTP folders.

With our current system, you can still restrict a user to one private workspace (FTP folder) if you want, but you can also allow any user access to as many other workspaces as you want (both private FTP and shared FTP folders).

Each user can also have unique permissions for each workspace (upload, download, delete, list). So, sharing folders is not only easy, but also very controllable. Here are a couple of examples:

Example 1
You might want someone on your staff to manage multiple FTP workspaces and share files, while at the same time you might want your customer logins to be limited to one workspace each. Maybe you also want your customers limited to download-only, one staff member limited to upload-only, and yet another staff member to control the deletion of files.

Example 2
You might want each customer or end user to have access to two folders, one only for uploads and one only for downloads. To do this, firstcreate two workspaces per user. You then make the <FTP Site Root> their Starting Workspace (a.k.a. Home Directory) so they see both workspaces upon login and can navigate to either one. Don’t worry, just because they start in Root, they will not see any other workspaces. You can then further limit their Upload and Download settings on each workspace accordingly.

There is almost no limit to how many combinations of access and permissions can be fulfilled by proper set up of your FTP Today account.

FTP Today Lowers Renewals Rates for Large Accounts

Posted on by 
Cincinnati, Ohio U.S.A.

Today, FTP Today reduced 2012 monthly and annual renewal rates for 46 of its large subscriber accounts. Total price reductions for these accounts for 2012 exceeded $57,000 per year.

Several months ago we introduced new plans and pricing. Some of our long-time customers were going to be paying more based on their 2011 renewal rate when compared to to our new Enterprise hosting plan pricing,” said Martin Horan, Managing Partner. “While these accounts were under comtractual agreements based on higher pricing, we did not think it was fair to these customers to auto-renew them at those prices.”

Price reductions for those FTP Today customers affected were as high as $285/month for one monthly subscriber, and as high as $4548/year for one annual subscriber. “We are glad to be able to give something back to customers that have supported FTP Today for many years.” said Mr. Horan.

The average price reduction for the affected FTP Today customers was $1244.85 per year. In addition to the price breaks for 2012, many of these customers now enjoy as much as 20 times the storage capacity that they had with their ‘legacy’ FTP hosting plan.

For more information contact FTP Today toll free at 1-877-FTPTODAY (1-877-387-8632) or internationally at +1.513.645.0387.

About FTP Today
FTP Today is based in Cincinnati, Ohio and is the industry leader in the secure FTP site hosting market. The company has held that stature since launching its first service offering in 2001 by specializing in private and secure file transfers to a variety of industries including medical, graphical, architectural and engineering, to name a few. FTP Today’s customers range from SOHO to Fortune 100.

iPad / iPhone iOS Web App released

Posted on by

It is now easy to add FTP Today Site Admin to your iOS device.

  1. Browse to your FTP Today Site Admin URL in Safari on your iOS device.
    iOS Login Screen
  2. Tap the Action button then tap Add to Home Screen.
    Add to Home Screen
  3. Tap the Add button. This puts the FTP Today SA icon on your home screen.
    FTP Today SAFTP Today SA
  4. You can then launch Site Admin directly from the FTP Today SA icon on your iPad or iPhone’s Home Screen. FTP Today SA launches in full screen web app mode.
    iOS Site Admin
Please note that this is not a native iPhone App; it is a web app.
A web app uses the Safari browser. This web app is therefore
not sensitive to the screen size of an iPhone. 

We are planning on developing a true iPhone App in 2012 that
will be custom designed for the mobile phone screen size.