Difference between revisions of "Media Library Setup"

From EHS Help
Jump to: navigation, search
m
(added example INI file)
 
(11 intermediate revisions by the same user not shown)
Line 11: Line 11:
 
''This is the default configuration''
 
''This is the default configuration''
  
* No specific set up is required after the installation and setup of AquilaServer and the Aquila database.
+
* No specific set up is required after the intial installation and setup of AquilaServer and the Aquila database.
 +
* Encryption of media items is not performed when storing the media item inside of the database.
 +
 
 +
* If switching back to Database Storage from the File System Storage method, find the MediaStorage setting in the AquilaServer.ini file and make the following alteration:
 +
*: <pre>MediaStorage=0</pre>
 +
* '''DO NOT REMOVE''' the LibraryPath setting; there may be files still stored there that will need to be found by AquilaServer.
 +
* Save the INI file and then restart the AquilaServer service. (net stop AquilaServer/net start AquilaServer from an admin level command line window)
  
 
==File System Storage==
 
==File System Storage==
  
 
* To enable File System Storage:
 
* To enable File System Storage:
 +
  
 
# Ideally ensure that no users are connected to AquilaServer: although the downtime will be limited to the time it takes to restart the AquilaServer service.
 
# Ideally ensure that no users are connected to AquilaServer: although the downtime will be limited to the time it takes to restart the AquilaServer service.
Line 21: Line 28:
 
# Add the following two lines to the ''[Settings]'' section:
 
# Add the following two lines to the ''[Settings]'' section:
 
#:    <pre>MediaStorage=1</pre>
 
#:    <pre>MediaStorage=1</pre>
#:    <pre>LibraryPath=''%drive:\path-to-your-media-library-root\%''</pre>
+
#:    <pre>LibraryPath=%drive:\path-to-your-media-library-root\%</pre>
 +
#:    <pre>EncryptMedia=1 or 0</pre>
 
# Save the AquilaServer.ini file
 
# Save the AquilaServer.ini file
 
# Restart the AquilaServer service (net stop AquilaServer/net start AquilaServer)
 
# Restart the AquilaServer service (net stop AquilaServer/net start AquilaServer)
  
 +
 +
'''Notes'''
 
* Replace ''%drive:\path-to-your-media-library-root\%'' with your own path.
 
* Replace ''%drive:\path-to-your-media-library-root\%'' with your own path.
 +
* Set EncryptMedia to 1 to enable file encryption, and 0 to disable file encryption. If this setting is omitted, the default is no encryption.
 
* We recommend the LibraryPath is a dedicated local volume attached to the server in which AquilaServer is running.
 
* We recommend the LibraryPath is a dedicated local volume attached to the server in which AquilaServer is running.
 
** The LibraryPath setting ''can'' be a network drive & use UNC file naming (i.e. \\MachineName\Path) if necessary, but we cannot guarantee performance or 100% availability in such configurations
 
** The LibraryPath setting ''can'' be a network drive & use UNC file naming (i.e. \\MachineName\Path) if necessary, but we cannot guarantee performance or 100% availability in such configurations
Line 37: Line 48:
 
* Files stored on disk in the media library are set to hidden & read-only when created.
 
* Files stored on disk in the media library are set to hidden & read-only when created.
 
* Files are checked on each access for evidence of tampering & the end user warned accordingly.
 
* Files are checked on each access for evidence of tampering & the end user warned accordingly.
* Files stored on disk are not encrypted by AquilaServer
+
* Files stored on disk are optionally encrypted by AquilaServer (see above). However, we also recommend customers look at encryption options in Windows itself.
* If encryption is required, customers should look at Operating System level or whole disk encryption options in Windows itself.
+
* The transmission of files (as with all AquilaServer traffic) is AES-256 encrypted before transmission.
 
* Customers are advised to ensure that the disk or folder in which the media library resides is not part of a network share.
 
* Customers are advised to ensure that the disk or folder in which the media library resides is not part of a network share.
 
* Customers are advised to use NTFS permissions to reduce the access to the media library contents, except for administrators and the AquilaServer process.
 
* Customers are advised to use NTFS permissions to reduce the access to the media library contents, except for administrators and the AquilaServer process.
 
* Security of the media library is the responsibility of the customer & should be implemented in accordance with local security policy for other files.
 
* Security of the media library is the responsibility of the customer & should be implemented in accordance with local security policy for other files.
 +
 +
==Example AquilaServer.INI File==
 +
 +
[Settings]
 +
ConnectionType=MSSQL
 +
ConnectionString=AnyDAC?AuxDriver=MSSSQL;Server=LocalHost;Database=IBID;UserID=ibiduser;Password=anypassword;
 +
MediaStorage=1
 +
LibraryPath=D:\Data\Aquila\Library\
 +
EncryptMedia=1
 +
 +
''Note that there may be other settings in the INI file''

Latest revision as of 08:14, 1 May 2018

Overview

  • AquilaCRS supports the storage of media items; i.e. images, video and audio. The storage method is either
    • Database Storage: media file contents are stored in binary fields inside a dedicated media data table.
    • File System Storage: media file contents are stored in a automatically managed folders in a specified media library path on a disk accessible from the AquilaServer product.
  • It is possible to switch storage methods after initial setup and even after the database has been populated with data. However, it is strongly recommended to select a storage strategy from the outset.
  • Media storage methods are transparent to the end user, and the alternative configuration methods require no alteration to client software.

Database Storage

This is the default configuration

  • No specific set up is required after the intial installation and setup of AquilaServer and the Aquila database.
  • Encryption of media items is not performed when storing the media item inside of the database.
  • If switching back to Database Storage from the File System Storage method, find the MediaStorage setting in the AquilaServer.ini file and make the following alteration:
    MediaStorage=0
  • DO NOT REMOVE the LibraryPath setting; there may be files still stored there that will need to be found by AquilaServer.
  • Save the INI file and then restart the AquilaServer service. (net stop AquilaServer/net start AquilaServer from an admin level command line window)

File System Storage

  • To enable File System Storage:


  1. Ideally ensure that no users are connected to AquilaServer: although the downtime will be limited to the time it takes to restart the AquilaServer service.
  2. Open the AquilaServer.ini file (located in the AquilaServer program folder, under the Program Files (x86)\Evolution Healthcare Systems Limited\ folder
  3. Add the following two lines to the [Settings] section:
    MediaStorage=1
    LibraryPath=%drive:\path-to-your-media-library-root\%
    EncryptMedia=1 or 0
  4. Save the AquilaServer.ini file
  5. Restart the AquilaServer service (net stop AquilaServer/net start AquilaServer)


Notes

  • Replace %drive:\path-to-your-media-library-root\% with your own path.
  • Set EncryptMedia to 1 to enable file encryption, and 0 to disable file encryption. If this setting is omitted, the default is no encryption.
  • We recommend the LibraryPath is a dedicated local volume attached to the server in which AquilaServer is running.
    • The LibraryPath setting can be a network drive & use UNC file naming (i.e. \\MachineName\Path) if necessary, but we cannot guarantee performance or 100% availability in such configurations

Backups

  • As with database storage, backing up of the on disk media library is the responsibility of the customer.

Encryption & Security

  • Files stored on disk in the media library are set to hidden & read-only when created.
  • Files are checked on each access for evidence of tampering & the end user warned accordingly.
  • Files stored on disk are optionally encrypted by AquilaServer (see above). However, we also recommend customers look at encryption options in Windows itself.
  • The transmission of files (as with all AquilaServer traffic) is AES-256 encrypted before transmission.
  • Customers are advised to ensure that the disk or folder in which the media library resides is not part of a network share.
  • Customers are advised to use NTFS permissions to reduce the access to the media library contents, except for administrators and the AquilaServer process.
  • Security of the media library is the responsibility of the customer & should be implemented in accordance with local security policy for other files.

Example AquilaServer.INI File

[Settings]
ConnectionType=MSSQL
ConnectionString=AnyDAC?AuxDriver=MSSSQL;Server=LocalHost;Database=IBID;UserID=ibiduser;Password=anypassword;
MediaStorage=1
LibraryPath=D:\Data\Aquila\Library\
EncryptMedia=1

Note that there may be other settings in the INI file