Setting up a file server with logical folders

When file servers and logical folders are set up in the application, you can use them to specify locations for uploading or downloading files and documents. File servers and logical folder specifications can be used in either of these cases:

  • Cloud applications, where the file servers are predefined as Amazon Web Service Simple Storage Services (AWS S3) “buckets” by the Cloud team. Use of SFTP servers or web servers for logical folders is also allowed in the Cloud.
  • On-premises applications, where a shared UNC path, FTP/SFTP, or AWS S3 services can be used for logical folders.

Prerequisites:

  • You must be a system administrator for this application, with permission to access the appropriate forms.
  • Decide where your file servers should reside (cloud, FTP/SFTP server, web server, or shared on-premises server), and know the file path and login information, if on-premises.
  • You cannot read or write to a shared file server in a partial trust environment.
  • Decide what logical folders you need to create. Some logical folders are predefined by the application. Others might depend on your company’s needs, for example, HR documents.
  • Determine which logical folders should reside on which file server, if you have a choice of file servers.
  • Decide which users should have access to which logical folders.

To set up a file server with logical folders:

  1. For an on-premises application, define each file server on the File Servers form.
    For a cloud application, the file servers might be predefined by the cloud team. You can define your own file server in this environment by using the default AWS bucket with a root path, or with the Additional Properties section (see below). You can also set up a local web server as a file server.
    1. Specify this information:
      Active
      Select this field if the file server is currently active and available for use.
      Server Name
      Specify a name that describes the server, for example FTP_EDI, fileserver1, or EDI_bucket.
      Server Type
      Select one of these options:
      • FTP - Use this option for either cloud or on-premises applications.

        When you select this option, the FTP tab is automatically selected.

      • Shared Path - Use this option only for on-premises applications.
      • AWS S3 - Use this option only for cloud applications.

        When you select this option, the AWS S3 tab is automatically selected.

      • SFTP - Use this option only for either cloud or on-premises applications.

        When you select this option, the SFTP tab is automatically selected, and the label of the Domain field changes to Host Name.

      • Mongoose Web Service - Use this option only for cloud applications.
      • Infor Document Management - Use this option if you are using Infor Document Management as your file server for either cloud or on-premises operations.

        When you select this option, the Infor Document Management tab is automatically selected.

    2. If you select a server type of FTP, specify this information:
      Domain
      Specify the domain for user logins.
      Shared/FTP Path
      Specify the root path where files are stored on the server. Use this format: FTP_Server/folder/
      User ID
      Specify the user ID to access the FTP site.
      Password
      Specify the user password to access the FTP site.
      Remote Server Name
      Optionally, specify the DNS name or IP address of the server.
      Enable SSL
      Select this check box to enable SSL.
      Use Passive
      Select this check box to enable Passive FTP.
    3. If you select a server type of Shared Path, specify this information:
      Domain
      Specify the domain for user logins.
      Shared/FTP Path
      Specify the root path where files are stored on the server. Use this format: \\server\share\
      User ID
      Specify the user ID to access the shared server.
      Password
      Specify the user password to access the shared server.
      Remote Server Name
      Specify the DNS name or IP address of the server.
      Use IDO Request Service Always
      Select this check box to use the IDO request service at all times.
    4. If you select a server type of AWS S3, specify this information:
      Bucket Name/Set as Default Bucket
      Specify an AWS bucket name or select Set as Default Bucket to set this field to Default.
      Root Path
      Specify a sub path to use after the bucket path. This allows you to create different file servers under the same bucket name.

      For example: Server1 has a Root Path of /Benefits/

      The full path is infor-awsbucket-prd-csbi/PRIVATE/csbi/903/tenant1/site1/Benefits/

      Server2 has a Root Path of /CustomerOrders/

      The full path is infor-awsbucket-prd-csbi/PRIVATE/csbi/903/tenant1/site1/CustomerOrders/

      User ID
      Specify the user ID to access the AWS bucket.
      Password
      Specify the user password to access the AWS bucket.
      Remote Server Name
      Specify the DNS name or IP address of the server.
      Use IDO Request Service Always
      Select this check box to use the IDO request service at all times.
      Server Side Encryption Method
      Specify the encryption method. This option is disabled if the Set As Default Bucket is selected.
      • None - select this option if no encryption method is used.
      • AES256 - select this option to use Advanced Encryption Standard 256 encryption method.
      • AWSKMS - select this option to use Key Management or KMS encryption method.
      Server Side Encryption Key
      Specify the key used for the AWS S3 file encryption. This option is optional and is disabled if the Set As Default Bucket is selected.
      External Bucket Name
      Specify the bucket name to be used. This option is disabled if the Set As Default Bucket is selected.
      AWS Access Key
      Specify the AWS access key.
      AWS Secret
      Specify the AWS secret access key.
      AWS Session
      Specify the AWS session token.
      Use Pre-Signed URL To Upload
      Select this check box to use the pre-signed URL to upload. This key is optional.
      Use Pre-Signed URL To Download
      Select this check box to use the pre-signed URL to download. This key is optional.
    5. If you select a server type of SFTP, specify this information:
      Host Name
      Specify the host name for user logins (for example, sftp.cilrebo.com:22).
      Root Path
      Specify a sub path to use after the bucket path. This allows you to create different file servers under the same bucket name.

      For example: Server1 has a Root Path of /Benefits/

      The full path is infor-awsbucket-prd-csbi/PRIVATE/csbi/903/tenant1/site1/Benefits/

      Server2 has a Root Path of /CustomerOrders/

      The full path is infor-awsbucket-prd-csbi/PRIVATE/csbi/903/tenant1/site1/CustomerOrders/

      User ID
      Specify the user ID to access the SFTP site.
      Password
      Specify the user password to access the SFTP site.
      Remote Server Name
      Optionally, specify the DNS name or IP address of the server.
      Authentication
      Select the authentication to use:
      • Basic: Requires only the User ID and Password
      • Use Private/Public Key: Requires only the Key value
      • Use Both Password and Key: Requires both the Password and Key value
      SSH/OpenSSH Key File Path
      This field contains the path to access the key file.
      Encrypted SSH/OpenSSH Key
      This field contains encrypted key value when you click the Save Key button.
      Pass Phrase / Key Password
      Specify a password to open or read the key file path or content. This value is encrypted when you click the Save button.
      Load Key
      Click this button to load the key content from the file.

      This button is disabled when you select Basic authentication.

      Clear Key
      Click this button to clear the content or file path.

      This button is disabled when you select Basic authentication.

      Save Key
      Click this button to encrypt the content or the file path.

      This button is disabled when you select Basic authentication.

    6. If you select a server type of Mongoose Web Service, specify this information:
      Domain
      Specify the domain for user logins.
      URL
      Specify the URL for the Mongoose web service, for example: https://servicename:port/ca
      User ID
      Specify the user ID to access the web server.
      Password
      Specify the user password to access the web server.
      Remote Server Name
      Specify the DNS name or IP address of the server.
      Use IDO Request Service Always
      Select this check box to use the IDO request service at all times.
    7. If you select a server type of Infor Document Management, specify this information:
      Domain
      Specify the domain for user logins.
      URL
      Specify the URL for the IDM service, for example: https://servicename:port/ca
      User ID
      Specify the user ID to access the IDM server.
      Password
      Specify the user password to access the IDM server.
      IDM Document ID
      Specify the document ID of the document type that you created in IDM.
      Authentication
      Select the authentication to use:
      • Basic: Uses the domain account
      • OAuth1: Uses the consumer key as user name and secret key as password
      Note:  Although other authentication methods are listed, only Basic and OAuth1 are currently supported.
      Map IDM Entity with Logical Folder
      Select this check box to use multiple document types for any single file server.
      Delete All Before Overwrite
      Select this check box to remove all versions of the same document before you overwrite or update any existing document in IDM that have the same key.
      Use Tenant
      Select this check box to use the Tenant ID with IDM connection.
      Print Server
      Select this check box to set the file server as print server for IDM Enterprise Print.
      Validate Printer
      Click this button to validate the file server for IDM Enterprise Print.
      Use Authentication Service
      Select this check box to attach an authentication service, instead of loading OAuth keys or specifying a consumer key and shared secret.
      Note: This field is enabled for OAuth1 authentication only.
      Service Name
      Select the service name, as specified in Configuration Manager.
      Set Single IDM User Name/ID
      Specify one IDM user name or ID to be shared across the application to access IDM.
      Note: 
      • If you keep this field blank, the Workstation Domain/ID that is specified in the Users form will be used.
      • This field is disabled when you select Basic authentication.
      Use Single IDM User
      Enable the use of a single IDM user name or ID to be shared across the application to access IDM.
      • For All Users - When selected, the Set Single IDM User Name/ID value is used for all users.
      • As Default - When selected, the Set Single IDM User Name/ID value is used for users who do not have IDM accounts.
      Configure IDM
      Click this button to open a new form where you can create and maintain IDM document types.
      Load OAuth Keys
      Click this button to load the OAuth JSON key file that contains the consumer key and secret key.

      This button is disabled when you select Basic authentication.

      Clear OAuth Keys
      Click this button to clear the previously loaded OAuth JSON key file.

      This button is disabled when you select Basic authentication.

    8. Optionally, click Additional Properties to open the JSON Key Value Pairs form where you can set key-value pairs.
    9. Click Validate to verify the server login information.
    10. Click Activate. The file server is now available for selection on other forms.
  2. On the File Server Logical Folders form, specify this information to create logical folders in a file server:
    Active
    Select this field to immediately activate a new file server without restarting the IDO Runtime. File servers are automatically activated when the first login occurs in the application. The file server is available for use in other forms when Active is selected.
    Logical Folder Name
    Specify a name for the logical folder.
    Server Name
    Select the file server where you want the logical folder to reside.
    Folder Template
    Specify a substitutable folder path.

    These substitutable variables can be used for any template:

    • USERGROUP() is replaced by the authorization group name.
    • LOGICALNAME() is replaced by the logical folder name.
    • USERNAME() is replaced by the session user name.

    If this template is form-specific, you can use P() and V() values.

    Folder Access Depth
    Specify the level to which subfolders can be specified under this folder. This should be a value based on the folder path. For example:
    \depth1
    \depth1\depth2
    \depth1\depth2\depth3
    Note: For performance reasons, this value is set to 3. This cannot be overridden by the logical folder's folder depth. The logical folder's folder depth is also used to check the access depth of the user. If you want to increase the directory depth, you can do by passing the recursive depth in the form script. But note that this can lead to huge performance issues.
    Attached Document Type
    Specify the IDM document ID for any logical folder the Mongoose file server created for IDM.

    See Example: Setting Up Templates for Logical Folders.

  3. Set up the user groups that can access certain logical folders:
    1. On the Groups form, set up a group and add users to it.
    2. Click Group Authorizations,
    3. In the Object Authorizations for Group form, for the selected group, select File Server as the Object Type.
    4. In the Object Name field, select a logical folder whose access should be restricted to this group.
    5. Set these access privileges to Granted: Delete, Edit and Read.
  4. For on-premises applications, set up physical folders on the server machine to match the logical folder structure, and set up sharing on those folders as appropriate.
After the file servers and logical folders are defined, you can select them on parameters forms and on the Documents and Attached Documents forms. Then users can access the files from the File Maintenance form as shown in this diagram:

SelectFiles-LogicalFolders

You can also use the file server as back up in case the local file system gets shut down or pulled out from the application site. You must set up this report server location in Configuration Manager and any report generated is also copied to this file server. See the Configuration Manager help topic "New/Edit Application - Advanced tab".