Building a private cloud, of sorts, with Own Cloud
Getting cloudy has always been a mixed proposition in the IT world. Your users want the convenience of using a variety of devices and having their work accessible on all of those devices from wherever they are, whereas you still have to worry about data security, lost computers, federal regulation and the control that is necessary to ensure your organization's information technology resiliency. Add the fact that most cloud services like OneDrive, Google Drive or Dropbox -- let's face it, the ones that your users want -- are consumer-oriented services that lack the ability to be managed and controlled centrally, and you have a face-off for the ages.
OwnCloud purports to solve these problems with the notion of a private cloud, but not in the sense that a private cloud is simply a data center you own and control that has elements of automation including self-service delivery, redundancy and easy spin-ups and spin-downs of various offerings and services. Rather, OwnCloud is more like a Dropbox that is not under Dropbox's control or a Google Drive where Google is not reading all of the data; it is a service you, as either the administrator for a larger organization or you as the end user, control, where you can decide which items you want shared with others, which devices you can access that data on and what apps you want to access that data.
For the free community edition that operates under open-source licensing rules, you have two choices: Host the code yourself on hardware that you own, all the while retaining complete control over the files and folders you manage with the service, or find a hosting partner that will run the OwnCloud platform for you, with the implication that you then must store at least some of your data at that partner.
OwnCloud makes available a list of these providers. All have different methods of pricing what they offer, how much storage comes with their various plans and so forth. The OwnCloud project does not appear to endorse or have an emphasized partnership with any of these providers.
In this piece, I want to dig into the technical details of the OwnCloud offering and highlight some of its plusses and minuses. Let's take a look.
OwnCloud security Arguably the strongest reason for adopting your own off-device storage and synchronization program is the ability to secure the contents of your users' files and folders.
OwnCloud relies on encryption to do most of the heavy lifting to protect the data under its control. OwnCloud uses Transport Layer Security (TLS) to protect data as it is in transit from device to server and vice versa, and then a separate encryption app to encrypt and decrypt the data. The encryption app uses a long, random key protected by the password for each user's account to encrypt user data.However, the decryption and encryption always take place on the server, leaving you as the administrator with control over what is stored within your OwnCloud deployment since you can control the encryption on the server. Also, if encryption were performed on each user device, the server would not have the key available to decrypt files and allow a Web interface to function.
What is especially interesting about the OwnCloud encryption app is that it can work with Dropbox, Google Docs, external servers accessed through the WebDav HTTP protocol extension and more. This adds a layer of security to these other services and lets you informally extend the amount of storage that is available to you and your users while still providing a measure of protection during their use.
With memorable Dropbox security failures like the "everyone can read all of everyone else's data" incident of a few years ago and recent password integrity issues, this can be comforting to all manner of users. The main feature OwnCloud provides here is its seamless encryption.
The free community edition also includes support for integrating identities with LDAP directories and in particular Active Directory, so users can take advantage of their existing user accounts when using the service.
Synchronization and collaboration featuresPerhaps the most useful user-oriented feature of OwnCloud is the ability to synchronize data stored under the software's purview to a tablet, a phone or a central server through the use of a Web interface and the user's laptop or desktop computer. OwnCloud comes with clients for both the iOS and Android platforms (there is no Windows Phone support), although you have to pay extra for those unless you are using the paid enterprise edition of OwnCloud, in which case the mobile clients come included in your subscription.
In addition, in the community edition, users can edit their documents through a Web interface and they also get a nice photo gallery and photo-sharing capability. There is also calendar support, though for any shop on Microsoft Exchange or other groupware, it is difficult to see how the OwnCloud calendar really adds much value on top of that existing investment.
As far as collaboration goes, you can share files with users of other OwnCloud installations, and you can also set up alerts so that your users know when others have accessed the files that they have shared. It also includes support for versioning, so in case of a mistake, users can roll back files they have changed to earlier versions.
Installing Own Cloud
You can research a lot about setting up the OwnCloud service, but it is best to just accept one fact from the beginning: OwnCloud really prefers installing itself on Linux distributions, primarily because it relies on both PHP and MySQL for its core functioning, and neither is really built for running well and trouble-free on the Windows Server platform.
Installing on Linux
To install on Ubuntu Linux or its variants, you can get all of the prerequisites in place by entering the following three commands in the shell:
apt-get install apache2 mysql-server libapache2-mod-php5
apt-get install php5-gd php5-json php5-mysql php5-curl
apt-get install php5-intl php5-mcrypt php5-imagick
Next, from the installation page, click the blue "Archive File for server owners" button in the "Install OwnCloud Server" section, and then click Download Unix to download the package to your server system. You will get a file with a .tar.bz extension, which represents the core module of OwnCloud.
Now, just pop out the archive file with the following command:
tar -xjf owncloud-x.y.z.tar.bz2
Next, copy these files to the document root directory of your Web server. For Apache on Ubuntu, this is usually the /var/www directory. Here is a command that will do the heavy lifting:
cp -r owncloud /path/to/webserver/document-root
Make sure the Web user account on your system owns the Owncloud directory. On Ubuntu systems, this is the www-data user. On other Linux systems, this might be the apache account or the webuser account.
Your PHP configuration file will tell you the right user account for your system. The chown command shown below will assign the right ownership to these subdirectories:
chown -R www-data:www-data /var/www/owncloud
Now, enable SSL in Apache. On Ubuntu, again four simple commands will take care of this for you, even when using the default self-signed certificate you get in the base Apache package:
service apache2 reload
Then you can run the installation wizard by navigating to https://servername/owncloud. Since you are using a self-signed certificate, you might have to accept whatever warning your Web browser throws up. Then simply follow the wizard.
For more detailed information on installing OwnCloud on a variety of Linux distribution variants, visit the OwnCloud online documentation
Installing on Windows Server 2008 or higher
The set up on Windows looks different. Here's the process in a nutshell.
- From the Start menu, choose Control Panel, Programs and, then under Programs and Features, Turn Windows Features On and Off.
- Server Manager appears. Click Roles, then click Add Roles, and then add the Web server role. Make sure CGI support is enabled, FTP support is disabled and WebDAV publishing is disabled. (OwnCloud needs to own WebDAV at the application level, so disabling Windows WebDAV here will prevent conflicts.)
- When the Add Roles Wizard is finished, reboot your server and then install PHP by going to the PHP for Windows download page and grabbing the PHP 5.3 “VC9 Non Thread Safe” version installer (near the bottom of the page) in either 32-bit or 64-bit editions.
- Once the download finishes, run the installer, read the license agreement, agree, select an install directory and select IIS FastCGI as the install server.
- Choose the defaults in the remainder of the wizard and then finish it out.
- Next up, we need to install MySQL, so head over to http://dev.mysql.com/downloads/ . then download the MySQL Community Server edition and run the installer in the Typical Installation configuration.
- Once the installation completes, choose to launch the MySQL Instance Configuration Wizard, choose a standard configuration, click to install MySQL as a Windows service and enable the Launch the MySQL Server Automatically button.
- Configure a user account on the next page and then click Execute and Finish once the wizard is done trundling.
- Next, install OwnCloud itself by downloading the blue “Archive File for server owners” package from http://owncloud.org/download. Unzip the .tar.bz file by using WinRAR or some other utility that supports the format, since Windows does not natively know how to read it, then copy the files to C:\inetpub\wwwroot, the Windows Website default directory.
- Then simply follow the installation wizard, as explained in the next section.
- The installation wizard
Even after tediously getting the OwnCloud code on your system, you are still not done. You now have to correctly set up the environment. The wizard, however, makes this a little easier than the initial setup steps.
Create an administrator account, including a username and password.
Under advanced options, you can choose a different data directory on the server storage for the service, and also you can set up either SQLite or MySQL for the service's database needs. Note you will need to install SQLite if you want to use it prior to launching the installation wizard.
Then click Finish Setup, and OwnCloud will set up its environment.
For shops with a lot of Linux expertise, OwnCloud makes a lot of sense. It was built to live on those platforms. It uses PHP and MySQL extensively. As an open-source product, it relies a lot on community support and expertise to handle feature requests and issues.
For smaller shops without much built-in IT knowledge, you can run OwnCloud on most Web hosting platforms that run a few bucks a month, so it could be a good way to get a ton of functionality for a very low price, with some security built in, too. OwnCloud is a great fit for tiny businesses with hosting plans and large businesses with the necessary expertise to run OwnCloud servers in a good security posture.
For Windows organizations, however, it becomes a much murkier picture. Using a package that was built for Linux on Windows is always a daunting task. PHP and MySQL on Windows probably do not get enough testing (as compared to native Windows apps); you would have to do a lot to convince me otherwise. Patching and updating for both new features and security holes are much tougher propositions; you generally need a third-party engine to perform this sort of maintenance, since Windows Server Update Services generally ignores PHP and MySQL.
There is a paid support offering for businesses in OwnCloud Enterprise, which aims to solve many of these shortcomings. It also supports authentication integration using SAML -- a common standard -- and provides logging and backup systems and support for Microsoft SQL Server. There's also a product that allows admins to connect OwnCloud to Windows network drives, and manage and secure files in that way. The software supports network drives hosted on Windows Server 2008, 2012, Windows 7 or 8, as well as Linux-based Samba (emulating Windows). But this setup requires the paid Enterprise edition of OwnCloud running on a Linux server.
For Windows shops, I would not recommend the community edition of OwnCloud and would head either to the enterprise edition -- which involves paying some money, and paying even more for 24 x 7 support -- or go to another service entirely.