Local Filesystem
A Local Filesystem is a type of Endpoint that represents a file storage location on the local system that serves as either a Source Endpoint or Destination Endpoint in Pipeline configurations.
UDMG uses this Endpoint to bridge the abstract server Endpoint configurations and the physical filesystem structure. It provides granular control over where files are stored. By separating the storage configuration from other Endpoint components, the system enables consistent file handling across multiple Pipelines while maintaining centralized control over storage parameters.
Before You Begin
Root File Path
The Root File Path is the Endpoint's base directory on the UDMG host. Its effective location is determined by the security.domain_chroot argument set in the Configuration File. For details, see Folder Management.
The Root File Path essentially serves as the foundational directory from which all Pipelines' Relative Paths are calculated during file operations that use this Endpoint.
In other words, this is the base folder where the system "lands" for file operations, and if nothing more specific is given, this is where the file is stored. The server file system is shared across all Domains, so setting the correct Root File Path for each Endpoint is critical.
For the Local Filesystem Endpoint, the Root File Path establishes the storage hierarchy for all transferred files and provides the critical reference point for enforcing permissions across the file system structure. Proper Root File Path configuration is essential for optimal performance and correct file system segregation.
Key aspects:
- Ensure the specified location has adequate storage capacity.
- The path should be on a reliable and performant storage system.
- There is no upfront validation of the path (format or existence).
- If the path doesn't exist, the system attempts to create the directory at runtime, and runtime errors will occur if the directory creation or access fails.
Temporary Path
The Temporary Path designates the staging area where files are temporarily stored during the transfer process before being moved to their final destination within the Root File Path structure.
UDMG resolves the Temporary Path according to the security.domain_chroot argument set in the Configuration File. For more context on this, see Folder Management.
The Temporary Path serves as an essential intermediate storage location. It provides a secure holding area during in-progress file transfers, prevents incomplete or corrupted files from appearing in the destination directory, and enables proper validation, scanning, and processing before final delivery.
Important Things To Note
- For best performance, the Temporary Path should be on the same filesystem as the Root File Path.
- Avoid using the same path or a subdirectory of the Root File Path.
- Depending on your Scan Results Handling configuration, files flagged as infected—or files that fail scanning—may remain in the Temporary Path directory. See also Storage Monitoring.
- UDMG does not validate the path up front; at runtime, it attempts to create the directory if it does not exist. Operations fail if the directory cannot be created or accessed (for example, due to permissions).
- Temporary files are written with a unique name in the format
<UUID>-<original-filename>, which adds 37 characters to the original filename. Ensure the resulting name stays within your filesystem's maximum filename length (commonly 255 characters).
ICAP Scanning - Inbound
The Internet Content Adaptation Protocol (ICAP) scanning feature provides security scanning for all inbound file transfers, operating exclusively at the receiving end. When enabled on a Local Filesystem Endpoint, incoming files are automatically routed through the configured ICAP server for threat detection before the transfer is finalized. This process helps prevent malware from propagating through your file transfer infrastructure.
For more information, refer to ICAP.
Adding an Endpoint
To add an Endpoint, follow these steps:
- From the Sidebar, select Configuration > Endpoints.
- Click the Add Endpoint button.
- Select the Local Filesystem as the Endpoint Type.
- Complete the Name and Description details for the new Endpoint.
- Enter the Root File Path and Temporary Path.
- Choose whether to enable ICAP scanning and allow every inbound file transfer to be scanned (at the receiving end).
- Choose whether the Endpoint should be enabled effective immediately.
- Note: The Endpoint must be added to a Pipeline for the Endpoint to be serviceable.
- Click Add.
Field Descriptions
The following table describes the fields that are configured for the Endpoint:
| Name | Description | Specifications | Required |
|---|---|---|---|
| Endpoint Type | The type of Endpoint indicates the type of file transfer. Select: Local Filesystem. | Cannot be modified after creation. | Yes |
| Name | The name of the Endpoint. |
| Yes |
| Description | The description of the Endpoint. | No | |
| Root File Path | Endpoint's base directory on the UDMG host. For more information, see Root File Path. danger Modifying this path after initial setup impacts the associated Pipelines. For more context, see Folder Management. |
| Yes |
| Temporary Path | Directory where files are staged before they are moved to their final destination, and the transfer is completed. For more information, see Temporary Path. danger Modifying this path after initial setup impacts associated Pipelines. For more context, see Folder Management. | Can start with / (e.g., /temp). | Yes |
| ICAP Scanning - Inbound | Endpoint's ICAP status. If enabled/true, every inbound file transfer is scanned (at the receiving end). To check the status of the ICAP Server, click UDMG Status from the Sidebar. For more information, see ICAP Scanning. | Defaulted to Disabled. | Yes |
| Enable Endpoint | When enabled, the Endpoint is active and can participate in file transfers. For more information, see Enabling and Disabling an Endpoint. |
Defaulted to Enabled. | Yes |
Editing an Endpoint
Configuration changes are pushed to all referenced Configuration Items after saving, but the changes are not active until the Account disconnects/reconnects to its client.
To edit an Endpoint, follow these steps:
- From the Sidebar, select Configuration > Endpoints.
- Click the Name field of the Endpoint you want to edit.
- Click the Edit button above the Endpoint details.
- Edit details for the Endpoint, using the Field Descriptions table as a guide.
- Click Update.
The Root File Path and Temporary Path are editable, but modifying the paths after initial setup can cause harmful disruptions.
Managing an Endpoint
Viewing Endpoint Details
To view the details of an Endpoint, follow these steps:
- From the Sidebar, select Configuration > Endpoints.
- Click the Name of the Endpoint you want to view.
- Additionally, click the Pipelines tab to see all the Pipelines the Endpoint is associated with.
Endpoint Metadata
Endpoint details include all parameters given in the Field Descriptions table above, plus the following read-only metadata:
| Name | Description |
|---|---|
| UUID | Universally Unique Identifier of this Endpoint. |
| Version | Version number of the configuration. Every change increases the number. |
| Enabled | Endpoint's Enabled status. If enabled, field is set to True. |
| Created | Date and time this Endpoint was created. |
| Updated | Date and time this Endpoint was last updated. |
| Root File Path Free and Total | The free and total space available for the Root File Path in GB. If the path has not been created (after the first file transfer is processed), then the availability is displayed as |
| Temporary File Path Free and Total | The free and total space available for the Temporary Path in GB. If the path has not been created (after the first file transfer is processed), then the availability is displayed as |
| Test Status | Status of the "Validate" Endpoint configuration test. Options:
|
Validating the Configuration
The Endpoint configuration can be validated to confirm whether the Local Filesystem's directory exists. The test does not confirm whether the directory is usable or accessible. After clicking the Validate button, one of the following messages appears:
- Pass: 'Endpoint has passed the test.'
- If validation passes, then the file path exists.
- Error/Fail: 'Endpoint test has failed. The stat [Root Path]: no such file or directory.'
- If validation fails and a file has not been transferred, the path is potentially available. The failed status can result from several factors, such as the path not yet existing (since paths are created during the first successful transfer) or insufficient file system permissions.
- Validate the permissions under the OS.
Storage Monitoring
Real-time storage monitoring for the Endpoint's file paths is provided to help you proactively manage storage resources and prevent transfer failures due to space limitations. On the Details page, you can view comprehensive disk space metrics for both file paths:
- Root File Path: free and total space (GB)
- Temporary Path: free and total space (GB)
Enabling and Disabling an Endpoint
Local Filesystem Endpoints can be Enabled or Disabled to control their active status and ability to participate in file transfers.
- Enabled (default): The Endpoint is active and can participate in file transfers.
- Disabled: The Endpoint is inactive and cannot participate in file transfers.
The status is set during initial creation and changed following these steps:
- From the Sidebar, select Configuration > Endpoints.
- Click the Name of the Endpoint you want to enable or disable.
- Click Edit.
- Move the Enable Endpoint toggle.
- Click Update.
Changes to the Endpoint's Enabled status are not active until the Account reconnects.
Enabling and Disabling ICAP
Local Filesystem Endpoints allow ICAP Scanning on every inbound file transfer (at the receiving end). The feature is set during initial creation and then can be updated as needed.
- Enabled/True: Every inbound file transfer is scanned. The ICAP Server must be set up and active for the scanning to commence.
- Disabled/False: Inbound file transfers are not scanned.
To enable or disable ICAP Scanning on an Endpoint, follow these steps:
- From the Sidebar, select Configuration > Endpoints.
- Click the Name of the Endpoint you want to enable/disable.
- Click Edit.
- If the Endpoint's ICAP Scanning - Inbound field is currently enabled/true, you can disable the feature by moving the toggle to the left.
- Click Update.
Deleting an Endpoint
To delete an Endpoint, follow these steps:
- From the Sidebar, select Configuration > Endpoints.
- Click the Name of the Endpoint you want to delete.
- Click the Delete button above the Endpoint details.
- You will be asked to confirm the deletion. Click Delete.
UDMG prevents the deletion of a Configuration Item if it is currently referenced by another Configuration Item (i.e., Pipeline). The Configuration Item must be edited or the reference removed before you can delete the Endpoint. Deletion cannot be undone.