Jump to content
Sign in to follow this  
DWF

FM Server Database on DMG

Recommended Posts

I am running FM Server 9 on OS X 10.4. I need to specify an additional database folder that is located on a mounted DMG. I get 'invalid path', which I assume has to do with the fact that it's on a DMG (the path is correct and permissions seem fine). Anyone have experience with this? Anyone know how to make FMS recognize a path that is on a DMG?

Thanks!

Share this post


Link to post
Share on other sites

Not sure FMS can handle demountable media - in fact I'm sure I read something on these lines a while ago.

Share this post


Link to post
Share on other sites

Thanks. I have seen some discussion of that before, too. But it seems like there must be a way to use a DMG. Afterall, a physical drive is de-mountable, too.

Share this post


Link to post
Share on other sites

I do not believe this will work. And there are arguments as to why it shouldn't be done perhaps as well.

You can specify an alternate location, but that location must be on a drive or partition on the Server itself.

Steven

Share this post


Link to post
Share on other sites

Thanks. The DMG is on an internal drive. But I Guess once the DMG is mounted, FMS doesn't care and treats it as external media.?

FYI: Why I need to use DMG.... My clients include groups at US government agencies, which are all now adopting FIPS security standards that specifically require data be stored on encrypted drives/partitions (so data are inaccessible if drives are stolen/lost, etc.). Unfortunately OS X doesn't have built-in partition encryption and the couple of third-party options for this have lots of problems. So, the de-facto method for encrypting drives on OS X has become encrypted DMG on unencrypted drives. There's really no acceptable alternative I know of (but I'm open to suggestions).

Hense my need to make figure out how to make FMS work with DMG.

Share this post


Link to post
Share on other sites

FileMaker Server runs as a background service/daemon without any users logged into the server. Thus such drives won't mount or work when there are no users connected.

Thgis is an interesting issue however, and I will investigate it some more.

Steven

Share this post


Link to post
Share on other sites

A follow-up ...

I've experimented with every DMG format and permission scheme I can think of and am concluding (though still hoping to be proven wrong) that it's just not possible for FMS <= 9 to serve databases from a DMG. Maybe FMS 10 can (?).

What this means is that FileMaker can not be securely deployed on an OS X server. Why? One of the most basic tenets of a secure server is that disks/partitions/directories with data files be encrypted so they are unreadable if they are removed from the box or the system software is reinstalled (ie: loss or theft). On OS X, the de-facto method of meeting this requirement is with encrypted DMG (third-party encryption software has so far proven to be instable, and now most secure OS X servers use encrypted DMG to secure data files).

I hope the folks at FileMaker are aware of how big this shortcoming is. Two years ago, no one encrypted disks. Then the Veterans Administration started losing computers and now everyone with any sensitive data (medical, financial, etc) has to do it.

For now, I've had to create an insecure space on my secure server in which to put the FM databases.

-

Share this post


Link to post
Share on other sites

I do not believe there is any change in FileMaker Server 10 with this.

I will review this some more and will also review it with them.

Steven

Share this post


Link to post
Share on other sites

Another followup...

TrueCrypt (well-respected open-source encryption software) recently became available for OS X. I set up a hard drive partition encrypted using TrueCrypt and, voila, FMS treats the mounted volume as a physical volume, recognizing database and backup directories on the TureCrypt volume as "valid."

TrueCrypt actually creates a DMG on the physical partition, just like the vanilla encrypted DMG I was trying FMS with. And just like a regular DMG, a TrueCrypt volume does not mount at startup and can be unmounted easily (even when something is running on it). But there's something about a TrueCrypt DMG that makes FileMaker think it is a physical drive.

TrueCrypt is a recent arrival to OS X and thus a bit risky for production servers (but it's been around a long time on Linux/Unix and Windows). So far, it looks like the best option for getting FMS to host databases on a secure OS X drive.

Share this post


Link to post
Share on other sites

Good information. Thank you for posting. See my January 23rd post. I have not forgotten about this.

Steven

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

By using this site, you agree to our Terms of Use.