FAQ

From ProVide DocWiki
Jump to: navigation, search

Frequently asked questions (FAQ) about ProVide.

Contents

There is a big variety of (F|TF|HT|SF)TP(S) servers on the market, why use ProVide?

ProVide combines stability, performance and ease of use in a no-fuzz straightforward way. Want to manage an array of (F|TF|HT|SF)TP(S)-servers from a single location? Need load balancing and virtual user directories? Need scripting facilities to manage both the server and its interaction with other software and business systems; while at the same time maintaining per user security and access rights?

ProVide is THE solution! And what's more? ProVide is connected to an active online forum resource and has been developed for many years in dialog with our users. Lately this means the inclusion of full IPv6 support as well as a built-in HTTPS-server for easy access. It is currently in use by small, large and global enterprises, online-payment providers as well as in many universities worldwide.

ProVide is a fast and powerful yet simple to use (F|TF|HT|SF)TP(S)-server with lots of fascinating and practical features:

Can I test it online?

Sure!

Just log on to https://secure.vastgotadata.se/ for the Web interface using "demo" as the username and password.

You can also test other protocols. Use FTP, FTPS, or SFTP to connect to secure.vastgotadata.se, with "demo" as the username and password. Please note that the account "demo" is readonly.

How many licenses do I need?

Licenses for ProVide are purchased as yearly subscriptions and activated on the date of purchase. In general we recommend you base the number of licenses on how many users are accessing the server. The number of licenses you need depend on your usage situation and licences are allocated in a lease based fashion.

ProVide allocates licences in three different ways.

1. Share and receive links, allocate one CAL each for one hour after a user connects. Share and receive links can be created by individual users for sharing and receiving files without the need to contact an administrator.

2. Collaboration links, allocate one CAL each for a month after a user connects. Collaborate links are mainly used to allow your end users to collaborate with internal/external consultants on files and folders for a limited amount of time, without the need to contact an administrator.

3. User accounts such as AD-integrated users, IoT users, virtual users, and users designated in ProVide connecting via HTTPS/FTP/FTPS/SFTP or via APIs, allocate one CAL for a month upon connection. If you need persistent users a designated user account is the way to go.

Please observe that direct logins via user accounts, each allocating a single CAL for a month, is the only way to connect from multiple IPs with just one CAL. Concurrent connections by a designated user require one CAL for each concurrent connection but after the user has disconnected only one user CAL stays allocated. Other ways of logging in to the server (using links – share, receive, or collaborate) is something that is outside of regular accounts. These links are often sent to people outside the organization and will allocate further CALs based on number of simultaneous access and source IP address.

Please note that if some users connect via SFTP/FTPS these would only require MEDI-licenses and that ProVide server accepts mixing MEDI and MAXI licenses. So depending on how you use ProVide the number of CALS you need will vary. We recommend that you “make a little room” so that you do not plan to “hit the roof” every few months.

A brief example.

- If you for instance need to support 20 simultaneous (accessed within the same hour) share/receive-links you’ll need 20 MAXI CALs. - And if you at the same time need to have 10 different users connected within a timeframe of 1 month you’ll need 10 more MAXI CALs. - And if you have 5 external partners using a collaboration links you’ll need 5 more MAXI CALs provided they connect from the same source IP. … summing up to a total of 35 MAXI CALs in the described scenario.

What operating systems (OS) are supported?

ProVide supports the following plattforms:

  • Windows Server 2016 (64-bit)
  • Windows 10 (32-bit and 64-bit)
  • Windows 2012 R2 Server (64-bit)
  • Windows 8.1 (32-bit and 64-bit)
  • Windows 2012 Server (64-bit)
  • Windows 8 (32-bit and 64-bit)
  • Windows RT (via .NET edition)
  • Windows 2008 R2 Server (64-bit)
  • Windows 7 (32-bit and 64-bit)
  • Windows 7 (32-bit and 64-bit)
  • Windows 2008 Server (32-bit and 64-bit)

ProVide seems to meet my demands, how do I get started?

Download and install the program:

  • Download
  • When installation is complete use the webbased administration interface to configure your server.
    • A good start is to configure basic settings of the server first and then move on to configuring the accounts. Remember to use groups to simplify management of several users which have a similar setup.

Installing ProVide on a system without Internet access

  • Download the ProVide installer as you normally would on a computer with internet access
  • Start the ProVide installer and let it download completely.
  • Once the actual installation window opens, quit the installer using the X.
  • You will receive a dialog asking you if you want to keep the locally downloaded files
  • Choose yes
  • The folder will be located in your regular download-folder.
  • Copy the ProVide folder to the server and run the "Install" executable
  • Continue as you normally would with the installation.

Using the Freeware version of ProVide

You can start using the freeware version of ProVide immediately after installation, the freeware version is limited to 5 MINI CALs.

Is anonymous access possible in ProVide?

To use anonymous access you must specifically tell the server to allow anything as password for a particular account. Simply add an ordinary user account with the username "anonymous" and uncheck the box "Require password". Any other special configurations are done in the same way as with every other user account.

What is so special about Administrator accounts?

Administrator accounts have administrative privileges, which means it may be used to manage the server with the administration interface (normally only system administrators have this privilege).

How do i specify the root directory?

See "How do I construct the home directory for users?" and " "New Folder" and "Add Resource", what's the difference?"

How do I construct the home directory for users?

You may see the "Home Directory" as a file tree, with the root on top. Simply add folders to the tree in order to build the users file tree (as seen when the user connects to your server). Directories and files from resources will be added into the file tree as requested.

"New Folder" and "Add Resource", what's the difference?

"New Folder" will create a virtual folder on the users' file tree, allowing you to build the home directory as you like. "Add Resource" will add directories and files at the location where it is placed in the file tree.

I have installed the server as a system service but I cannot add any network paths as resources, what should I do??

When a system service is installed the default in Windows is to run that program as "LocalSystem" account. What you need to do is to change the user that the program is running as in order to give the program access to e.g. network paths (a good choice is to use "Administrator" for the ProVide service).

  1. Right-click on "My Computer"
  2. Select "Manage"
  3. Double-click on "Services and Applications"
  4. Click on "Services
  5. Find "ProVide" in the right pane and double-click on it
  6. On the tab "Log On" you specify which account the program should run

Does ProVide work with imported .pfx certificate?

Yes, ProVide does work with imported .pfx certificates. Note that you have to set the private key to be exportable when originally exporting the certificate.

Why should I add more than one resource to a users' Folder?

If you have data in several folders on your harddrives that actually should be seen as one folder, you may create a virtual file system by adding more resources to the same folder. This will be seen as one big folder for the users connecting to your server.

Examples:

You have some pictures stored in one location and another set of pictures stored in another location, then you may add those two locations as "Resources" to a particular "Folder" and then it will seem as all files and subdirectories are in the same folder (for users connecting to your server).
Another useful way of using this feature is for instance by adding an upload resource to some folders, that way users may upload files to, what they see, some folders. However, the files are actually sent to a particular upload folder on the location you specified. When specifying upload folders, it may be usefull to add more than one resource since then the files being uploaded to that folder will physically end up on the resource with the most available space (it will seem as you have a huge upload folder).

I am unable to remove some resources and folders, why?

If the resources or folders are in bold face it means they are inherited from a group in which the user is a member. You cannot remove resources or folders which a user inherits from a group membership.

My server is behind a firewall, what should I do?

First of all you need to configure your firewall to accept incoming connections to the server. Then, if you know your external IP-adress you must enter that in Server configuration. If you do not have a static, real IP-adress you may specify a dns-name for lookup every time your IP-adress is needed (e.g. "myserver.no-ip.com" could be used as an IP-adress).

What is Spy User and how do I use it?

With this feature you have the ability to observe a particular user's activity on your server. "Spy User" opens a new window which logs all activity of the specified user.

Do I need to manually update the ProVide software or can it auto-update?

If automatic updates is selected the programs will check for a new version each time they are started. Further, the programs check for new updates every day at midnight.If a new update is available it is automatically downloaded.

Updates are installed automatically when there are no users connected to the server.

Alright, this is too simple... I want some challenge!

Ok, then maybe you want to experiment with the various tokens that may be used when specifying access rights for users. There are many tokens available that will be replaced by their respective value where ever they are found in paths.

These are just a small sample of tokens available:

Token Value
%USERNAME% The current user trying to access the resource (e.g. james)
%YYYY% The current year in 4-digit format (e.g. 2003)
%MM% The current month in 2-digit format (e.g. 06)
%DD% The current day in 2-digit format (e.g. 29)

Using these tokens you may specify directories where access rights depend on e.g. who is accessing the resource or when. E.g. You may only want to allow uploads in a directory with the current date. Then add a folder to the home directory with e.g. "%YYYY%-%MM%-%DD%". Then any resources accessrights under this one will only apply during the current date.

Depending on your licence you get access to more advanced tools e.g. events can be configured to execute scripts, giving you the power to do anything you can imagine.

What about the license/subscription?

You can use this product or this service for the duration of your subscription. The duration of the subscription, the billing period, and the price per subscription period for each product will be displayed during the order process. Limited subscriptions will end automatically. Unlimited subscriptions may be terminated by either party at any time.

If you select payment by credit or debit card, or via direct debit, you agree to have the unit price per subscription period automatically charged to your card and/or bank account immediately prior to the start of the next billing period. If you select another payment type, you agree to make periodic payments.

After buying a subscription either from ShareIt or via an invoice order, you will receive a license via e-mail. The license unlocks the appropriate CALs, functionality and features, and grant you update rights for the duration of the license period. In case of a limited subscription; after the license period has ended, you will need to purchase a subscription extension. Only the base license and the latest’s extension needs to be activated, not the expired extensions between.

Should any changes to the license model of existing licenses be introduced; no functionality, number of accounts or connections will be lost since this is automatically detected based on when you purchased the original license.

The team developing ProVide take security very seriously. ProVide access update servers only if you select it, and does not send or request additional information from online sources.

Where do I get the trial version?

We maintain a single code base with the option to unlock functionality and CALs using licenses. The trial period is currently 30 days and during that time all the capabilities are at your disposal. Download evaluation of ProVide; our premiere (F|TF|HT|SF)TP(S)-server package from the ProVide download page.

I want to change my ProVide license, what do I do?

Please note that you can combine different CAL levels as you wish; for instance 5 MAXI CALs and 10 MEDI CALs will enable you to connect 15 SFTP sessions, or 10 SFTP along side with 5 Share/Receive/Collaborate-connections, etc... Also, if future needs increase you can simply purchase the additionally required CALs and import these into ProVide; all CALs will stack up and added licenses will be dynamically incorporated at runtime without any downtime.

Is ProVide available in my own language?

ProVide is a truly multilingual ftpserver that offers full Unicode support meaning it will support file and folder names in most languages including e.g. Chinese (PRC and Taiwan) for clients. The administration program used for configuration supports a variety of languages, including, English, Spanish, Portuguese, Norwegian (Bokmål), Swedish, German, Danish, Hungarian, French, Italian and Russian.

Can I get in touch with the developers in case of a problem or if I have a suggestion?

YES! We develop ProVide in close collaboration with our user base and are more than happy to be able to help. A lot of problems can be solved via e-mail, for contact information click here.

Debug logging

To enable Debug logging you need to edit the file settings.ini. It is located in the folder where ProVide is installed.

  1. Stop the ProVide-service
  2. Edit [Enable debug logging] in settings.ini and change "False" to "True".
  3. Save the file
  4. Start the ProVide-service

I need help with software configuration and firewall settings

For advanced support, firewall configuration and scripting as well as for support on ProVide put in context to other software and systems we offer specialist coupons. All support is offered via secure remote (desktop) connection using Teamviewer. This software allows for encrypted and password-protected support where you, the customer, may monitor everything we do on-screen. After buying a specialist coupon we are notified via ShareIt after which we send you connection details and agree on a suitable time to help you. Dont hesitate, we can help!

How can i reset settings to default?

If you want to reset a setting to default, the easiest way is to stop the service then edit settings.ini and remove the lines for the setting. ProVide will restore the default value once the service is started again.

Will it run on my hardware/software?

YES! Unless you employ a truly archaic system (pre windows 2000), it will work on all windows platforms both 32 and 64 bit as well as both AMD and Intel.

Is ProVide really that secure?

In short, YES! Our secure server is equipped with a number of anti-hammer methods, impersonation (threads run with the permissions of a specific user), extensive logging and not to mention support for both FTPS (TLS/SSL) as well as SFTP (v3-v6) and support for a wide range of encryption algorithms as well as self signed or purchased certificates: It is secure! We also have several research labs, government organisations, Fortune 500 companies, defence contractors as well as payment transaction firms using ProVide. And of course with more than 3 Million downloads a few others to!

Perfect score at Qualys SSL Labs official test

After implementing the following in ProVide it is now possible to configure the server to achieve a perfect score at Qualys SSL Labs official test.

  • Implemented support for HTTP Strict Transport Security.
  • Implemented support to individually enable/disable SSL/TLS protocols (SSL v2, SSL v3, TLS v1, TLS v1.1, TLS v1.2).
  • Implemented support for forward secrecy with most browsers.
  • Improved support for completely loading chain certificates including intermediate.
  • Improved support for individually enable/disable SSL/TLS ciphers.
  • Improved support for renegotiation (allow secure, disable client-initiated).

SSL-labs A+.png


Requirements

  • Latest version of ProVide
  • Purchased certificate with at least 4096 bit key using SHA256 encryption (not SHA1)
  • For instructions on how to achieve high security, visit this page Achieving high security

Has it been thoroughly tested?

Each new version is first alpha tested using a heavily structured test scenario employing several hundred test cases. After each and every test has passed it is released into an "unstable" branch and sent out for testing in our user community. After a few iterations back and fourth, usually within a month or so we make a public release.

Is ProVide affected by the old libssh bug discovered in 2018?

ProVide Server does not use libssh and is thereby NOT in any way affected by the recently discovered bug in libssh version 0.6 released in 2014 (CVE-2018-10933). CVE-2018-10933, on applicable systems, allowed access to a server running libssh version 0.6 released in 2014 by presenting the message SSH2_MSG_USERAUTH_SUCCESS instead of SSH2_MSG_USERAUTH_REQUEST.

As we are NOT using libssh this does NOT affect ProVide Server; however we do stress the importance of using updated software, firmware and applying relevant security patches regardless of the system being used.

For more details regarding this please read here.

Is it possible to contribute or to affect development priorities?

Comments and suggestions regarding new functionality are always welcome. Furthermore we regularly offer our users the ability to vote on new functionality on the web page. If your company needs a specific function or feature in order to proceed please contact us! We focus on customer needs when it comes to future development.

I am a "regular" user, is this something for me?

Absolutely. If, for instance you have problems sharing photos from your digital camera with your friends? ProVide is the way to go. ProVide is easy to administer and runs directly on your server, desktop or laptop computer.

Furthermore ProVide is the perfect windows platform for securely sharing and distributing sensitive information or large files over the internet to Mac, PC or mobile systems such as Android and iOS based tablets and smartphone units. This works either using web browser sharing using the built in secure web server or via regular FTP, FTPS or SFTP, and is easy to set up and even simpler to use on both the sending and recieving end.

Do you want to try the ProVide Web interface? Logon to https://secure.vastgotadata.se/ using "demo" as the username and password.

I am a "large enterprise administrator" in need of advanced features and easy administration, is this something for me?

Absolutely. ProVide allows for advanced enterprise level features such as HTTPS, SFTP, TFTP as well as advanced scripting, AD integration and virtual users, simultaneously. Sometimes we are astounded with interesting and unique solutions that our users come up with. On more than one occasion, together with the customer, we discovered that the raw performance and customizability that ProVide offered is much more than we ever anticipated. Still it allows for simple, efficient and comprehensible management.

Alright, I'm convinced, where can I get it?

Get it here! Free 30 day evaluation! No reconfiguration or reinstall required.

Would you like to help out with the development of ProVide?

How do I achieve high security?

It is possible to configure the server to achieve a perfect score at Qualys SSL Labs official test.

How do I customize ProVide?

It is possible to change the logo and URL for HTTPS.

Third party clients

Some third party clients may require special settings in order to connect to the server properly, one example of this is CoreFTP, where the default "SFTP" setting is not actually SSH File Transfer Protocol, but instead FTP over SSH which is traditional FTP over an SSH tunnel.

To correct this, you go into the Advanced settings for CoreFTP and then under SSH you need to enable "Use Putty-compatible SFTP". This will then allow you to connect properly.

How do i upgrade zFTPServer to ProVide

ProVide has replaced zFTPServer, and its not possible to upgrade to ProVide from zFTPServer through the administration tool or Web GUI.

To upgrade to ProVide use the following steps. (Make sure you have an active license)

1. Make a copy of your existing zFTPServer folder, just to be extra safe.

2. Download ProVide from provideserver.com

3. Run the setup and click yes that you want to upgrade.

4. If you do not create any admin account, you will use the one you had in zFTPServer. If you do not make any change to the certificate during setup, it will use the one you had in zFTP.

5. Uninstall zFTPServer, then you are ready to continue use ProVide just as zFTPServer (Web GUI version)