Local Filesystem
A Local Filesystem Endpoint represents a file storage location on the local system that serves as either a Source or Destination in Pipeline configurations. UDMG uses this Endpoint to bridge the abstract server Endpoint configurations and the physical filesystem structure. It provides granular control over where files are stored. By separating the storage configuration from other Endpoint components, the system enables consistent file handling across multiple Pipelines while maintaining centralized control over storage parameters.
Before You Begin
Root File Path
The Root File Path is the root directory relative to UDMG's home directory, as defined in the Configuration File as workDirectoryPath. The path which essentially serves as the foundational base directory from which all Relative Paths are calculated during file operations that use this Endpoint. This is the base folder where the system "lands" for file operations, and if nothing more specific is given, this is where the file is stored. The server file system is shared across all Domains, so setting the correct Root File Path for each Endpoint is critical.
For the Local Filesystem Endpoint, it establishes the storage hierarchy for all transferred files and provides the critical reference point for enforcing permissions across the file system structure. Proper Root File Path configuration is essential for optimal performance and correct file system segregation.
Key aspects:
- Ensure the specified location has adequate storage capacity.
- The path should be on a reliable and performant storage system.
- There is no upfront path validation (format or directory exists).
- The system attempts to create the directory at runtime if it doesn't exist, and runtime errors will occur if the directory creation or access fails.
- After initial Endpoint creation, you can validate that the directory exists to ensure there are no runtime issues. See Validating the Configuration.
Each Endpoint must have a unique Root Path to ensure proper Domain isolation. Modifying this path after initial setup impacts the associated Pipelines.
Paths should be entered following these guidelines:
- Avoid system-critical paths like:
/(root directory)/var/log(system logs)/etc/(system configuration)
- Recommended format:
/dataor similar isolated directory.
- Consider creating a dedicated partition with appropriate sizing or use a ZFS, BTRFS, or LVM filesystem.
Temporary Path
The Temporary Path designates the staging area where files are temporarily stored during the transfer process before being moved to their final destination within the Root File Path structure. It serves as an essential intermediate storage location that provides a secure holding area during in-progress file transfers, prevents incomplete or corrupted files from appearing in the destination directory, enables proper validation, scanning, and processing before final delivery. Things to note:
- The path should reside on the same filesystem as the Root File Path for efficient file operations.
- Infected or failed files identified during ICAP scanning reside in the Temporary Path unless the Configuration File has been updated to require corrupted/infected files to be deleted.
- There is no upfront path validation (format or directory exists).
- The system attempts to create the directory at runtime if it doesn't exist, and runtime errors occur if the directory creation or access fails.
Modifying this path after initial setup impacts associated Pipelines.
Paths should be entered following the guidance below:
- Avoid using the same path or subfolder of the Root File Path.
- Recommended format:
/tmpor similar isolated directory. - Consider creating a dedicated partition with appropriate sizing or use a ZFS, BTRFS, or LVM filesystem.
ICAP Scanning
The Internet Content Adaptation Protocol (ICAP) scanning feature provides security scanning for all inbound file transfers, operating exclusively at the receiving end. When enabled on a Local Filesystem Endpoint, incoming files are automatically routed through the configured ICAP server for threat detection before the transfer is finalized. This process helps prevent malware from propagating through your file transfer infrastructure.
For more information, refer to ICAP for more information.
Adding an Endpoint
To add an Endpoint, follow these steps:
- From the Sidebar, select Configuration > Endpoints
- Click the Add Endpoint button.
- Select the Local Filesystem as the Endpoint Type.
- Complete the Name and Description details for the new Endpoint.
- Enter the Root File Path and Temporary Path.
- Choose whether to enable ICAP scanning and allow every inbound file transfer to be scanned (at the receiving end).
- Choose whether the Endpoint should be enabled effective immediately.
- Note: The Endpoint still must be added to a Pipeline for the Endpoint to be serviceable.
- Click Add.
Field Descriptions
The following table describes the fields that are configured for the Endpoint:
| Name | Description | Specifications | Required |
|---|---|---|---|
| Name | The name of the Endpoint. | Must be unique and match the standard naming pattern. | Yes |
| Description | The description of the Endpoint. | No | |
| Type | The type of Endpoint indicates the type of file transfer. Select: Local Filesystem. | The type Cannot be modified after creation. | Yes |
| Root File Path | The Root File Path is the root directory relative to UDMG's home directory (defined in the Configuration File as workDirectoryPath). |
| Yes |
| Temporary Path | The Temporary Path is where files are staged before they are moved to their final destination, and the transfer is completed. | Can start with / (e.g. /tmp, /temp). | Yes |
| ICAP Scanning - Inbound | Endpoint's ICAP status. If enabled/true, every inbound file transfer is scanned (at the receiving end). To check the status of the ICAP Server, click UDMG Status from the Sidebar. | Defaulted to Disabled/False. | Yes |
| Enable Endpoint | Endpoint's enabled status. See Enabling and Disabling Endpoints. | Defaulted to Enabled. | Yes |
Editing an Endpoint
Configuration changes are pushed to all referenced Configuration Items after saving, but the changes are not active until the Account disconnects/reconnects to its client. To edit an Endpoint, follow these steps:
- From the Sidebar, select Configuration > Endpoint.
- Click the Endpoint Name you want to edit.
- Click the Edit button above the Endpoint details.
- Edit details for the Endpoint, using the Field Descriptions table as a guide.
- Click Update.
The Root File Path and Temporary Paths are editable, but modifying the paths after initial setup can cause harmful disruptions.
Managing an Endpoint
Viewing Endpoint Details
To view the details of an Endpoint, follow these steps:
- From the Sidebar, select Configuration > Endpoint.
- Click the Endpoint Name you want to view.
Endpoint details include all parameters given in the Field Descriptions table above, plus the following read-only metadata:
Endpoint Metadata
| Name | Description |
|---|---|
| UUID | Universally Unique Identifier of this Endpoint. |
| Version | Version number of the configuration. Every change increases the number. |
| Enabled | Endpoint's Enabled status. If enabled, field is set to True. |
| Created | Date and time this Endpoint was created. |
| Updated | Date and time this Endpoint was last updated. |
| Root File Path Free and Total | The free and total space available for the Root File Path in GB. |
| Temporary File Path Free and Total | The free and total space available for the Temporary Path in GB. |
| Test Status | Status of the “Validate” Endpoint configuration test. Options:
|
Validating the Configuration
The Endpoint configuration can be validated to confirm if the Local Filesystems' directory exists. The test does not confirm if the directory is usable or accessible. After clicking the Validate button, one of the following messages appears:
- Pass: 'Endpoint has passed the test.'
- If validation passes, then the file path exists.
- Error/Fail: 'Endpoint test has failed. The stat [Root Path]: no such file or directory.'
- If validation fails and a file has not been transferred, the path is potentially available. The failed status can result from several factors, such as the path not yet existing (since paths are created during the first successful transfer) or insufficient file system permissions.
- Validate the permissions under the OS.
Storage Monitoring
Real-time storage monitoring for the Endpoint's file paths is provided to help you proactively manage storage resources and prevent transfer failures due to space limitations. On the Details page, you can view comprehensive disk space metrics for both file paths:
- Root File Path: free and total space (GB)
- Temporary Path: free and total space (GB)
Enabling and Disabling Endpoints
Local Filesystem Endpoints can be Enabled or Disabled to control their active status and ability to participate in file transfers. The status is set during initial creation and changed following the above Endpoints.
- Enabled (default): The Endpoint is active and can participate in file transfers.
- Disabled: The Endpoint is inactive and cannot participate in file transfers.
To enable or disable an Endpoint, follow these steps:
- From the Sidebar, select Configuration > Endpoints.
- Click the Endpoint Name of the Endpoint you want to enable/disable.
- Click Edit.
- If the Endpoint is currently enabled, you can disable the Endpoint by moving the toggle to the left.
- Click Update.
Changes to the Endpoint's Enabled/Disabled status are not active until the Account reconnects.
Enabling and Disabling ICAP
Local Filesystem Endpoints allow ICAP Scanning on every inbound file transfer (at the receiving end). The feature is set during initial creation and then can be updated as needed.
- Enabled/True: Every inbound file transfer is scanned. The ICAP Server must be set up and active for the scanning to commence.
- Disabled/False: Every inbound file transfer is not scanned.
To enable or disable ICAP Scanning on an Endpoint, follow these steps:
- From the Sidebar, select Configuration > Endpoints.
- Click the Endpoint Name of the Endpoint you want to enable/disable.
- Click Edit.
- If the Endpoint's ICAP Scanning - Inbound field is currently enabled/true, you can disable the feature by moving the toggle to the left.
- Click Update.
Deleting an Endpoint
To delete an Endpoint, follow these steps:
- From the Sidebar, select Configuration > Endpoints.
- Click the Endpoint Name of the Endpoint you want to delete.
- Click the Delete button above the Endpoint details.
- You will be asked to confirm the deletion. Click Delete.
UDMG prevents the deletion of a Configuration Item if it is currently referenced by another Configuration Item (i.e., Pipeline). The Configuration Item must be edited or the reference removed before you can delete the Endpoint. Deletion cannot be undone.