FreshRSS

πŸ”’
❌ About FreshRSS
There are new available articles, click to refresh the page.
Yesterday β€” October 17th 2019Nextcloud Planet

Unsung heroes of the Nextcloud community: Janis KΓΆhr

Remember the OCR app for Nextcloud, we always tweet about? Here is an interview with Janis Köhr, the developer behind it.

Meet Janis

Janis lives in Stuttgart, Germany and is currently working as a software engineer. Programming is not only a hobby for him, but it is also his profession.

“I identify as a frontend development enthusiast, but work as a full-stack developer where I have a Java focus on the backend side and a modern single page application focus on the front end side.”

Besides programming, football is Janis’ favourite hobby, which is the reason why, from time to time, he is not as active as he wants to be in programming.

How it all started

As a hobby!
At some point Janis wanted to quit all ‘hungry for data’ providers and set up his own NAS. After he did a research he found out that Nextcloud was exactly what he was looking for.

His initial idea was to get rid of all paper (invoices, certificates, etc) in the home office and keep the scanned versions stored in Nextcloud. But there was a small but annoying detail, that was missing! Even though every document was sorted and named pretty good, he couldn’t really search for specific content over all the files. The scans resulted in PDF documents but they only included images and no searchable text layer. So he had the idea to invest some time on developing the OCR app, which basically stands for Optical Character Recognition.

“From the last version (v4) on I changed the fundamental approach of it to be full client-sided which has the big benefit that no additional server component needs to be installed or available. Another big benefit for me is the significant reduction of maintenance and support time that is needed now. In fact I set the project on hold last year after I recognized that I wouldn’t be able to invest that amount of time in the old approach. Since I came up with the new version I am pretty sure, this will change and a lot of potential for bugs was already eliminated.”

The future of OCR

Janis likes to develop new features when he needs new functionalities on the software he uses. For now OCR complete these needs and he hopes that other people might propose new ideas based on their needs to develop the app even further. Do you have any ideas?

Challenging aspects

Janis is a Java focused Software Engineer and his main personal challenge is PHP!

” It might be because I am not that familiar with php anymore.”

When he first started to develop his own app, Janis would have liked to know more things about the App Framework and the operating principles of Nextcloud.

” There are so many ways to add a certain feature in a Nextcloud app and for me it feels like the existing apps use all of them. So what would be very helpful would be a documentation for the app framework that is more detailed in what certain parts are and what they do, or better: what an app can or should use it for.”

Luckily for the new app developers now we have a whole new page with the needed information to help them get started!

Nextcloud and Open Source

It is amazing how many people work together to make Nextcloud even better for their needs!

Janis always reports bugs once he finds them, but contributing regularly is a bit difficult to manage. That’s why he is active in contributing to several open source projects depending on his free time.

For him, it is fun to work on a good solution for a certain problem he might find and in open source it feels good to have other people’s feedback and help as well!

Develop your own Nextcloud app

Would you like to develop your own Nextcloud app but don’t know where to start? We recently launched our new Developer Program and a better documentation for new app developers to get started!

Before yesterdayNextcloud Planet

French universities and research organizations get access to Nextcloud

logo of RENATER - a blue stylized image of France with the text 'RENATER' on the rightFor some time now, the French national research and education network (NREN) RENATER is testing Nextcloud. Together with our team they have deployed it in testing for over 40 organizations already.

Those organizations who would like to provide this to their employees and students will be able to use the service from RENATER. You can read our press release announcement here.

While Nextcloud has of course signed hundreds of customers this year, including the French Ministry of Interior, RENATER is special because their Nextcloud Global Scale deployment would be the first in the world to connect a single on-premises cloud instance to the identity providers (IDP’s) of hundreds of organizations.

Our mission at RENATER is enabling seamless collaboration between over a thousand research and education institutions in France in order to protect the security and confidentiality of data. We study and experiment deeply Nextcloud Global Scale for its highly scalability capacities and its reliability that fit the needs of our project.

— Alexandre Salvat, Drive Project Manager – Pôle Projets Transverses et Innovation (P2TI)

Global Scale and identity providers

Let’s step back for a second, what are Global Scale and how does it fit with identity providers?

Global Scale

In late 2016, Nextcloud recognized that, to deliver the most scalable solution in the file sync and share world, work was needed on the ‘top end’ of the scale. Nextcloud runs on Raspberry Pi devices up to large clusters at universities and companies. The largest Nextcloud cluster node has 250.000 users on a single instance – but this customer already has far more users, delivering file sync and collaboration to tens of millions of users across several continents today! This single installation, thus, is part of a larger architecture we devised for the multi-million-user scale: Global Scale.

limits to scalability: database, storage, data center!

Global Scale removes the major limitations a Nextcloud instance has at large scale: database and storage. As a PHP application, Nextcloud handles each ‘request’ to the server as an independent process, scaling essentially without limitations: if you need to handle twice the number of users logging in simultaneously, you just double your processing power by adding, for example, a second server. Double again? Go to four, ten, how many you need.

However, each of these Nextcloud application servers will have to talk to the same database and storage, and that is where the problems begin. At large scale, these become expensive, as scaling databases and storage isn’t anywhere near as easy as scaling Nextcloud. At even larger scale, even a data center can become a limitation: the connection to the internet backbone can only handle so much, after all!

Global Scale solves these issues in an elegant way by distributing users and data over separate, independent Nextcloud nodes. These are then ‘wired together’ with a number of mediating services, to facilitate authentication, sharing and more. The benefits go beyond scalability: it can also allow you to keep data closer to users to improve performance or keep data in specific countries to comply with local regulations.

Watch this youtube video to get a graphical overview of how Global Scale works.

As said, the largest of such nodes in action currently has 250.000 users, but of course the organization which has deployed this has many more nodes! After all, they have to deliver Nextcloud to customers in more than a dozen countries spread over several continents. Each country can run its own node, keeping data local and secure, yet users can log in from one portal, irrespective of where their data is and can share with everyone.

Identity providers (IDP’s) and something new!

Large organizations use ‘identity providers’ to handle authentication for the many services they provide. Using a technology like SAML they can ensure that a single user can log in once and then access all their services, including Nextcloud. Universities and government organizations often use these and it simplifies their user management a lot.

RENATER wants to provide a solution to the hundreds of organizations in France to which it currently already serves various other IT solutions. These organizations all handle their own accounts for their researchers and students. If RENATER would set up their own user management, users would have to log in twice, or RENATER would have to synchronize the users from the individual organizations into its central user management, something not only difficult and prone to errors, but also always outdated.

Would it not be better if Nextcloud could just use the identity providers from all these organizations directly? Well, yes, it would! But there are many hundreds of them, and nobody has ever tried to provide a single, large self-hosted content collaboration and file storage solution that connects the hundreds of separate organizations into a single service.

Until now.

In collaboration with RENATER, we have improved Global Scale to be able to handle this, and more! No process of syncing and centrally managing users will be required. Universities and research organizations will stay fully in control over their user management, while RENATER would be able to administer the Nextcloud instance independently of the user management.

We are proud to be advancing technological barriers together with RENATER, enabling cross-organizational collaboration and productivity for so many organizations in France. This is another case where our Global Scale architecture provides unique benefits to customers

— Frank Karlitschek, CEO of Nextcloud GmbH.

Federation in action

This certainly makes RENATER a special case, something we’re proud to talk about. And there is more! Another ‘feature’ of this large instance will be the use of federation with existing Nextcloud installations. As you can imagine, many French universities and research organizations already have one or even several Nextcloud installations internally, like the University of Nantes. With RENATER, Nextcloud is working to make sure that all these other Nextcloud instances would be able to seamlessly connect to, integrate with and share files to users on the large service! For this, we use our federation features.

Learn more

Want to learn more about what RENATER is up to? You can! They will present their case at the upcoming JRES 2019, December 3-6 in Dijon, France, where several other Nextcloud customers will present their installations as well. RENATER already presented its use case at the Nextcloud Enterprise day last September in Berlin. We will organize another Enterprise day in early 2020, watch our blog to be the first to read about it!

Introducing Siedl Networks: delivering Nextcloud services in Austria

Since 2002, Siedl Networks has been helping customers with open source based solutions around Linux, Univention, Ikarus and more. A major product the team delivers is a full open source alternative to data exchange platforms and online team collaboration tools with Nextcloud at its heart, if needed complete with hardware, a backup and monitoring setup.

Having grown their team in the last one-and-a-half decade to over a dozen people, Siedl offers an expansive set of services, generally helping customers install and maintain self-hosted infrastructure by dealing with first and second level support. Together with Nextcloud GmbH providing the 3rd level support expertise and access to the Nextcloud Enterprise solution, customers can count on a complete and reliable service.

Our goal is to assess and deliver on the needs of our customers with our wide portfolio of services in the most reliable and friendly way possible. We believe that customers deserve a modern solution which gives them the certainty of knowing where their data is and who has access to it.

Siedl mostly services the German speaking Dach area with Linux-based solutions, often integrated with Windows, Apple and Android based technologies. A heterogeneous environment is common at many organizations and Siedl Networks believes there is strength in diversity!

If you want to build a sustainable business, being completely dependent on a foreign cloud service provider who doesn’t offer self-hosted solutions is not an option.

With dozens of customers in the SMB, government and education markets, Siedl Networks is a proven provider of excellence. Customers looking for help in setting up and maintaining their own heterogeneous producitivity platform, Silver Partner Siedl Networks has you covered!

Nextcloud 3.8.1 for Android is out, plus a tip!

Android client 3.8.1

Starting from today Android client 3.8.1 is available in the app store! This is a minor release which brings many small bug fixes and lots of improvements & refinements.

Among other fixes, now auto upload folders automatically create sub-folders for motion images on the synced folder, without affecting the local folder.

  • Also a recurring notification for new media folders was fixed.

You’d like to know everything about this release? Dive into the details, take a look at the https://github.com/nextcloud/android/milestone/39 and don’t forget to get the updates!

Get the app

Note: This release will be available on Fdroid after up to 24 hours.

Nextcloud 3.8.0 for Android

In case you missed it, we released Android client 3.8.0 with some awesome new features during the Nextcloud conference. Find out more about U2F, TLS 1.3, Remote Wipe in 3.8.0 and a recap of all the previous releases 😉

Tips: did you see these?

Make your life easier with some Nextcloud Android app features you might not know about.

Trash bin

Deleted files are available in a trash bin on your Nextcloud Android app as well! So just like in the web, you have your deleted files stored in a dedicated folder and while they’re there you can permanently delete them or restore if needed.

What’s the worst that can happen without it?

Imagine working for a long time on an announcement that is going to the press, for which you prepare two different proposals and your manager has to determine which one is the best approach. After the selection you delete the other, share the selected one with your contact and then hurry to be on time for an important meeting out of the office. Your manager who wants to make a critical last minute change to the document can’t access it and realizes it’s deleted. You have deleted the selected document from your private folder and have sent to the press the wrong one. So the second you know about this you manage to save your day and your company’s image with two clicks in less then 1 minute using you mobile app! You restore the right document, share that one with your manager and contact from the press!

Contacts backup

This feature allows your Nextcloud app to backup your contacts list every time you choose to do that manually or on a daily basis. You can enable it to be done automatically! Hardware breaks, gets stolen or old and you have to use a new one: but there’s no need to spend much time for setting up your basic data if you have everything backed up in your server 😉

  • Note: you can also restore it directly from within our app

Activity stream

The Activity stream shows you an overview of recent changes on your files in real time.

Here is a recap of the activities you can monitor, but don’t forget that you can only see what you choose to in you settings in the web app!

  • New or deleted files in shared folders
  • File modifications
  • Download of shared files
  • New comments or tags
  • Calendar invitations
  • Talk notifications
  • and more!

2FA with notification

So, you are running you Nextcloud instance and you want to add another layer of security to your data, but you don’t want to use additional hardware tools you might lose or bloat your phone with an extra app for second factor authentication, which you might lose as well 😉

We’ve got you covered! Nextcloud allows enabling 2FA via Nextcloud notification. So every time you try to log in to your account from another device, you receive a notification on your already logged in device.

Get 3.8.1 now!

More

Of course many fixes, refinements and features are being made regularly and older versions of Nextcloud are not supported. The Android app warns you of the risks of running an outdated version. Nextcloud 12 is the oldest release that will work with this version of our app. We strongly recommend private users to upgrade their Nextcloud servers.

As companies sometimes have to use older versions, Nextcloud offers long term support. Contact our sales team for more information on this.

Feedback

We appreciate your feedback! If you’d like to share your comments with us, continue the discussion in our forums. What’s the best thing about the Android app so far?

Join us in Berlin for the next Nextcloud hackweek!

Two weeks ago, we concluded another successful hackweek and a conference, again attracting more people than ever.
During hackweek we’ve worked on many improvements for the Nextcloud 17 release, released app updates, discussed what to do for 18 and of course had great fun, pizza and drinks together.
We have set a date for our next Hackweek, November 4-8 and every Nextcloud contributor is warmly invited to join us. While this hackweek will be a smaller one taking place in our office in Berlin, we still hope to plan a similar to the last one, the hackweek that took place after the conference in a very nice “lounge room” and relaxed atmosphere.

Practical information

Location: Nextcloud GmbH office in Berlin, Germany
Address: Tempelhofer Ufer 23-24, Berlin.
Bring: Your laptop and enthusiasm 😀
How to get in: Once you’re there, ring the bell and find us on the fourth floor

What is this Contributor Week you speak of?

If you have known Nextcloud for a while, you may have heard about these focused work weeks when we used to call them “Hackweek”. If you’re new to Nextcloud: When we kicked off our new project back in June 2016, we had a week-long get-together to discuss how to move forward together. This was both fun and productive and we decided to do more of it! The second Contributor Week already brought a few dozen people together and we’ve been growing them ever since, getting together about once every few months. During the Contributor Weeks, we focus on getting work done and being productive: Going through issues, discussing and fixing them, working on our code and so on. It isn’t a time of meetings or presentations – but working. Just more together, rather than remote as we typically do! And even more togetherness in eating and drinking and having some fun, of course!

There are architectural discussions as well. We also use our Contributor Week to plan for future releases or examine the state of the current one and come up with or discuss grand plans.

Focus

As usual, there are topics we want to focus on during this week. Nextcloud 17 is already out, 18 is on its way – we’ll talk about the state of that release and perhaps plan for the next one.

We also hope to help people get involved and look at the state of our apps, preparing for the upcoming release. And of course, we are looking forward to start discussing with you what the next big thing will be for Nextcloud 19!

Do you want to join?

On October 30th, 2018, we released our own program to support diversity in Open Source: Nextcloud Include. With this program, we provide mentoring and internships to people from underrepresented groups in the tech community, and – even more relevant to the topic of this post – we help you to join us at events like our yearly Conference or our Contributor Week! Want to join us in Berlin? Check nextcloud.com/include and get in touch with us to request travel support!

Of course, even for those who aren’t part of underrepresented groups: As usual, all Nextcloud contributors are warmly welcomed to join us! For those among you where financial issues limit travel possibilities, the easiest way is to contact one of your fellow contributors who works at the company – they’ll be able to help you get some travel support! Alternatively, you can email us here, sending some links to your contributions.

In any case, don’t forget to bring your laptop and help us get some work done!

We look forward to seeing ya’ll in Berlin!

How to back up Nextcloud with Bareos

How to back up Nextcloud with Bareos

People make mistakes, and hardware breaks — even if your data is securely stored in a private cloud with Nextcloud, it’s a good idea to be prepared for the worst case. Regular backups, ideally on external storage, can save your data and even your business. Read this guest post by Heike Jurzik from the Bareos team to find out how to back up Nextcloud with Bareos.

Backup Concepts: Files, Images, and Applications

Some users will be perfectly happy to save single files or folders. It’s ok if the goal is to back up personal data, documents, pictures, etc. A file backup won’t save the applications or the operating system, though. Another approach is to create an image of the entire machine and therefore of the operating system as well. Image backups include files, programs and configuration files. If a file backup is not good enough and an image backup too much, then the alternative is to save an application and its data.

Before we take a closer look at Nextcloud and how to back up the application itself as well as the stored data, let’s discuss the challenges when planning application backups. It’s not just a few files you have to take care of because applications have an internal state that is stored in multiple places. Some parts of the data may be cached in the RAM and will be written to a file later. So, until that happens, the data in the file is incorrect. Sometimes applications store information about files in a database table for faster access. And, of course, the application might write data to a file at the same this file is being backed up. It’s a bit like a jigsaw, and a backup plan needs to consider all pieces that have to fit together again after the restore.

Planning your Nextcloud Backup

To back up a Nextcloud installation, you need to take care of files and folders located in the filesystem itself (conventional directory structures). Apart from that, there is a database that stores additional information like the number of files, permissions, timestamps, etc. All in all, there are four major components to deal with:

  • The folder nextcloud/config
  • The folder nextcloud/data
  • The folder nextcloud/theme
  • The database (can be MySQL/MariaDB, SQLite, or PostgreSQL)

It’s possible to manually back up folders, files, and the database. Have a look at the Nextcloud documentation to find out how to achieve that. It basically involves shutting down the application, letting it store its internal state on disk, backing up all files, and restarting Nextcloud.

There is only one problem with this quick and dirty approach: The service is being interrupted while the application shuts down and the backup job is running. If you’re offering 24/7 access to Nextcloud in a professional environment, your customers might not accept downtimes. So, in the next few sections we’re going to show how Bareos can help you with an automated solution. Now, if you’re familiar with Bareos, you can jump straight to section “Teamwork: Bareos and Nextcloud”. If not, we’re going to give a quick introduction to the backup solution.

Open Source Backup Solution: Bareos

Bareos (Backup Archiving Recovery Open Sourced) has been around since 2010. The project started as a Bacula fork and is now 100% Open Source (AGPLv3). If you’re looking for professional support, the company Bareos GmbH & Co. KG and their partners provide this kind of service.

The cross-network backup solution preserves, archives and recovers data from all major operating systems. It’s a client-server setup, and several programs communicate over the network: the Bareos director (BD), one or more storage daemons (SD) and one or more file daemons (FD).

  • The director is the central control unit and manages the database (catalog), connected clients, file sets (that define which data gets backed up), the configuration of optional plugins, before and after jobs, storage and media pool, schedules and the backup jobs.
  • The catalog maintains a record of the backup jobs, saved files and volumes used. The preferred DB backend is PostgreSQL, although Bareos supports MySQL/MariaDB and SQLite (experimental) as well.
  • The file daemon runs on every client machine. It’s responsible for the backup and the restore process. The FD executes the director’s instructions and sends the data to the storage daemon.
  • At the director’s request, the storage daemon receives data from one or more file daemons and stores the backups on the configured backup medium (disks, tape drives, cloud storage via S3, etc.). During the restore, the SD sends the correct data back to the FD(s).

Let’s not forget to mention backup jobs, schedules, and directives. A backup job describes what to back up (the client’s FileSet directive), when to back up (schedule) and where to back up (backup media). The schedule also defines the kind of backup (full, incremental, or differential). Fore more information about Bareos, please have a look at the documentation.

Teamwork: Bareos and Nextcloud

So, it’s time to describe three different methods and give you some ideas on how Bareos can handle the backup and restore process for Nextcloud servers, including the database. Detailed listings of the scripts and the configuration files we’re mentioning can be found in a technical whitepaper that was published in January 2019.

Dump, Export, Backup!

In this first approach, the data gets exported before the actual backup runs. We’re performing a database dump with the respective tools (i.e. mysqldump, sqlite3, or pg_dump) to save the original database object definitions and table data. The Nextcloud service doesn’t have to be interrupted, so there is no downtime.

You can use the RunScript directive in Bareos to define commands you would like to execute before or after a backup/restore job. It’s possible to run those commands either on the Bareos file daemon (ClientRunBeforeJob and ClientRunAfterJob) or on the Bareos director (RunBeforeJob and RunAfterJob).

So, the whole setup defines one backup job on the client that lists two external shell scripts to be executed before and after the backup job. The first script puts Nextcloud in maintenance mode and runs mysqldump, sqlite3, or pg_dump (for all databases as a single transaction, so it doesn’t lock all tables). The second script dumps the database back and turns off the Nextcloud maintenance mode.

The disadvantage of this solution is that the dump may slow down the database daemon, and the backup job takes longer, since the export has to be done first. If you’re dealing with a large database, this might also take a while (depending on the hardware). Plus, the exported data takes up extra space. So, let’s try to avoid the temporary database dump and save some time and hard disk space.

Streaming Data

In order to avoid storing the database dump in a temporary file, you can use the Bareos bpipe plug-in to stream the database dump to Bareos. The plug-in can also transmit the data from Bareos to another specified program for restore later.

Instead of defining RunBeforeJob and RunAfterJob directives, the plug-in is set up in the director’s configuration file (section Include in the job’s FileSet resource). The bpipe plug-in also executes two external scripts that use mysqldump (or any of the other dump commands) to read from stdin and write to stdout. Since the plug-in runs on the Bareos client(s), it’s required to tell the file daemon to load the plug-in.

This method saves a lot of time because exporting the database and the backup job can run at the same time. In addition, it saves disk space because a temporary file for the database dump is no longer necessary.

Plug-in for your Database

If your Nextcloud installation uses MySQL or MariaDB as database backend, your third option is to use the bareos_percona plug-in. It relies on the xtrabackup tool from Percona to perform full and incremental backups of the database. Especially the incremental dumps are a big advantage when it comes to larger databases.

Like the bpipe plug-in, you need to configure the bareos_percona plug-in on the Bareos file daemon. It’s also mandatory to install xtrabackup from the Percona repository.

Keep in mind that this plug-in does not take care of the restore process. Instead, you end up with a temporary directory with all the files, and you need to use the percona commands to do a MySQL/MariaDB restore. Of course, writing a shell script that takes care of this is possible (see our whitepaper for an example).

Be prepared!

So, taking control over your data with Nextcloud is a first step towards more privacy. But even the most secure private cloud needs a good backup plan. Our advice is to stick to Open Source software, and, of course: Test everything, especially the restore process!

Unsung heroes of the Nextcloud community: Julien Veyssier

Meet Julien

Remember the Best Nextcloud app contest? Julien is the main developer of Maps, the app that took the majority of the votes!

Julien lives in a small town near Montpellier, south of France and he is currently working as GIS software engineer in a public research laboratory about water-related natural risks prediction.
Programming is more than a profession or a hobby to him. It’s a way to participate in the Free/Libre software movement to build the software he needs while maintaining a community around it. He really enjoys the idea of building public tools and knowledge together.

Let’s build our decentralized Internet together!

” I’m pretty convinced that knowledge shouldn’t be a commercial product. I think intellectual property slows down innovation and harms those who don’t have the knowledge. I think it’s a much better society model to let anyone participate in building the software. Enterprises make money with the services or by selling material assets, let us people own the knowledge!

Another motivation is to allow people to get out of big Internet silos where all the data, the money and the power are centralized. I feel the decentralization of the Internet depends a lot on making good software to host decentralized services.”

From user to app developer

Julien used to administrate a small ownCloud server for his family and friends, but after 2012 he switched to Nextcloud because of the enthusiasm of the team and the clearer licensing aspect of the project. Then he started to develop GpxPod, PhoneTrack and Cospend apps for his own needs.

Those apps were very well received by Nextcloud users who have helped so much for translations and bug reports. Their feedback pushed the development far beyond what I expected at the beginning.

Maps

Maps app development started in 2014. The project was almost abandoned but with a few base features already working. Julien joined Maps app development in march 2019, after his first Nextcloud contributor week. At that time he was motivated to make it happen and push it to a first release.

“We had a discussion at the contributors week with Jan-Christoph Borchardt who was really excited about “importing” GpxPod and PhoneTrack features into a generalist Maps app. It took me some time to realize the interest of a simple app mixing many map features but as soon as I started developing I became very excited too.”

The future of Maps

The main features developers would like to bring in the next major version are:

  • be able to synchronize maps favorites with smartphone apps (like OsmAnd or Maps.me)
  • be compatible with vector map tiles
  • be able to add/remove map tile providers
  • show calendar events on the map

Challenging aspects

Julien has to make sure he has enough free time between two engineer contracts to be able to push his apps development forward, but ergonomics and user interface design are the real challenges.

“Adding lots of complicated features is much easier than making a basic feature accessible and clear. “

Talking about time as a challenge, Julien used to contribute in open source projects between 2010 and 2012. Since 2017, developing and maintaining his Nextcloud apps and their Android clients are his focus during free time.

“When my eyes are bleeding because of programming , I do rock climbing or ride a mountain bike in the forest.”

Julien’s favorite Nextcloud features

“As a programmer: the internal API accessible to the apps.
As a user: making public links to a directory with write access to let people upload documents to my Nextcloud even if they don’t have an account. Most useful feature!”

And for the future…

“I hope Nextcloud collaborative text editor becomes solid enough to help people get out of google docs. I hope Nextcloud Talk reaches a critical mass and becomes a reference or a pioneer in decentralized Signal-like communication.”

Nextcloud 17 brings remote wipe, collaborative text editor and next generation secure watermarking


Welcome to Nextcloud 17! This release brings major new improvements, especially around security and team collaboration. You can go get the update or read on to find out what is new!

💣 Remote wipe

Remote wipe allows users and administrators to forcibly clean files from remote devices, for example in case they are stolen. The video shows how easy it is to clean devices when you need to!

📝 Nextcloud Text

Introducing Nextcloud Text, our new distraction-free, collaborative rich text editor. You can see how Text makes working with others easier than ever in the video.

🔒 Secure view

This release comes with improvements to secure view like enforceable document watermarks based on tags, groups, type of share and other properties. Watch the video to learn more!

And much more, including:

  • 🔐 Setup two-factor authentication after first login, admins can create one-time login tokens in the web UI and delegate this to group admins
  • 📧 Secure mailbox in Outlook Add-in
  • 👥 LDAP write support makes it possible to manage users from Nextcloud
  • 💽 S3 versioning support, IBM Spectrum Scale integration and Global Scale with Collabora Online

note that we roll out new versions incrementally and usually wait a few weeks before we do so. This helps us catch any problems before it impacts too many users! If you wait for the updater to notify you, it can take some weeks. If you don’t want to wait, you can switch to the Beta channel, refresh the page, update to 17, and switch back!

Remote wipe

A major new feature in Nextcloud 17 is remote wipe. While many companies have Mobile Device Management, thanks to built-in support, remote wipe will work on systems not under management of the company. This is useful for home users but also large universities and of course in a scenario where guest accounts were handed to a third party. If you permit downloading of documents by the third party, you can wipe the documents from their devices when the the collaboration has ended.

Remote wipe can be used on a per-device basis by users and on a per-user base by the administrator.

Remote wipe user
Remote wipe as a user, per device
Remote wipe admin
Remote wipe as admin, per user

Nextcloud Text

There are many moments when a light-weight, distraction-free text editor is the perfect solution for the task. Note taking, writing down thoughts or brainstorming a little don’t require advanced editors with thousands of features. Nextcloud Text is an integrated, collaborative markdown-based text editor and ships as part of Nextcloud 17. Compared to the test version we made available for Nextcloud 16, this version has much improved reliability and introduces plain text editing with syntax highlighting for code.

Learn how Nextcloud Text and Talk facilitate collaboration in this video.

Nextcloud text in short:

  • Markdown-based
  • Simple, efficient interface
  • Any number of collaborators
  • Support for bullets, headers, bold, italics, images and strike-through
  • Sidebar with sharing, comments, versions, video chat and activity
  • Plain text editing with syntax highlighting for many supported file formats

Learn more in our earlier announcement.

Secure view and watermarks for documents

Last December, Nextcloud 15 introduced the Hide Download menu option. Since then this feature was used to provide secure view functionality in Collabora Online and ONLYOFFICE. With Nextcloud 17, our secure view feature was expanded with admin settings for watermarked text to enforce watermarks on:

  • public shares: option for all/read-only shares/hide download/tagged with (select a tag, for workflow integration)
  • internal shares: option for all/read-only/no reshare/tagged with (select a tag, for workflow integration)

Note that the full range of options requires Collabora Online 4.1. For older versions only the ‘all’ option works. ONLYOFFICE supports all these new capabilities as of today.

With secure view, our online office solutions can be configured to open PDF files, images and text files, making these files available in a watermark-protected way, while downloads and other apps are disabled using File Access Control. This setup is useful when data has to be protected from leaking but still has to be made available for review, like in a virtual data room scenario.

Watch a video of watermarking and our new secure mailbox below!

Configuring Secure View in Collabora
Configuring Secure View in Collabora
Setting a 'confidential' tag
Setting a ‘confidential’ tag
Secure view watermarked file
Secure view watermarked file

Secure mailbox for Outlook

The Outlook Add-in introduces the secure mailbox feature. This feature protects the contents (body) of email from interception by providing the recipient with a notification that a new email was received. The recipient then has to log in on their (guest) account to access the email and its attachments.

In combination with the READ.me app, the body of the email is shown on top of the file attachments. Each email is a folder, linked to in the email notification.

Watch our secure mailbox in action in the last minute of the video below.

Secure Mailbox - Writing an email
Writing an email
Secure Mailbox - attaching files
Attaching files, enabling Secure Mailbox
Secure Mailbox - Email as it will be sent to recipient
Email as it will be sent to recipient
Secure Mailbox - Recipient view in Secure Mailbox in Nextcloud
Recipient view in Secure Mailbox in Nextcloud

The example above sends the link and password to the recipient by email. The user can take out the password and send it through another channel. Alternatively, when a guest account is set up for the recipient, the Outlook add-in will detect this and instead share the message to the guest account and include an internal link in the email. The recipient will have to log into their guest account to access the email.

You might be familiar with this feature from banks, insurance, realtors and other organizations dealing with sensitive data. Protecting the content from emails from leaking is very hard and with the Secure Mailbox for Outlook feature, Nextcloud offers an integrated solution.

Two-factor authentication improvements

Two-factor authentication is very important to protect the security of Nextcloud accounts. Administrators can enforce the use of two-factor authentication and offer a number of options to users.

Nextcloud 17 introduces:

  • Ability for users to setup 2FA after the first login it was enabled or enforced
  • New Administrator settings:
    • Administrator can create one-time-login tokens for users who forgot or broke their second factor solution
    • Administrator can delegate the ability to create one-time-login tokens to group administrators

Nextcloud offers the following ‘second factor’ options, any number of which can be enabled by the system administrator and used to validate the login of a user:

  • Time-based One-Time Password (TOTP, including Google Authenticator or similar apps
  • Universal 2nd Factor hardware tokens (U2F, like Yubikeys or Nitrokeys, also supports NFC)
  • Gateways: SMS, secure messaging apps Telegram, Signal and more
  • Notification (just click to approve login on an existing device like a phone)
  • User backup code (user has to generate these in advance and store them in a safe location)
  • Administrator backup code (creating those can be delegated to group admins)

Active user sessions can be invalidated through a list, by removing the user in the admin settings or by changing passwords. Users can manage their own sessions and devices. Remote wipe is available from that same screen.

2FA enforcement settings, enforcing for guest users
2FA enforcement settings, enforcing for guest users
2FA setup on first login
2FA setup on first login
One-time login token creation
one-time login token creation

Security hardenings

Security is very important to Nextcloud users, and thus a core focus for the Nextcloud team. Every release comes with many improvements, and this is no different. These include:

  • A new feature policy header
  • Stricter CSP
  • Suspicious login improvements

HackerOne logo

At the Nextcloud Conference, Nextcloud GmbH also announced a doubling of its security bug bounties to USD 10.000. This means an even larger incentive for security experts to find and responsibly report security problems to Nextcloud’s capable and responsive security team.

If you want to learn more about security in Nextcloud, we strongly recommend to read about the various layers of encryption in Nextcloud and how Nextcloud can save your business from ransomware attacks.

Performance, scalability and storage integration: IBM Spectrum Scale, Global Scale and S3.

This release delivers a number of improvements in the area of performance, scalability and storage integration.

Real time document collaboration with Global Scale

This release expands the capabilities of our unique Global Scale architecture to Collabora Online. Global Scale is designed to enable some of our largest customers to run a single Nextcloud instance with tens of millions of users. Collabora Online GS integration allows these users to seamlessly collaborate with each other on office documents.

Global Scale has been in production since 2017 in a commercial setup for tens of millions of users across 4 continents. Several other customers have deployed or began experimenting with Global Scale in the last years. Thanks to the new integration, Collabora Online installations at multi-million user scale are now set to roll out.

For smaller deployments, these changes are also relevant: users can now collaboratively edit documents across private Nextcloud servers!

See the Collabora/Nextcloud announcement of Global Scale integration here.

IBM Spectrum Scale logo

IBM Spectrum Scale integration

In collaboration with IBM, Nextcloud 17 introduces IBM Spectrum Scale integration.

IBM Spectrum Scale is a high-performance file system for managing data with the distinctive ability to perform analytics in place with comprehensive support for data access protocols including POSIX, NFS, SMB, HDFS and S3/Object. It can provide a single namespace for all this data, offering a single point of management with an intuitive graphical user interface. IBM Spectrum Scale offers high scalability, high availability, automated data management and reliability with no single point of failure in large file storage infrastructure.

On request of several major research organizations and universities, Nextcloud and IBM developed this integration between IBM’s Spectrum Scale and the Nextcloud storage layer. A white paper with more details can be found on the IBM website. An example use case would be when a research institute has a large storage system where research data is written to by scientific tools. Thanks to this integration, this data can be made available real time through Nextcloud and manipulated without the risk of accessing outdated information.

See the announcement of the Nextcloud and IBM collaboration here.

S3 versioning integration

Nextcloud 17 introduces S3 versioning support which allows a Nextcloud server to use the native versioning of S3 rather than its own. This allows a system administrator to manage versions using native S3 tools but, when used with S3 as external storage, also improves compatibility with other applications which access the same data. Nextcloud will then be able to recognize versions created by these other applications, and vice versa.

More responsive web interface and decreased server load

In every release, Nextcloud improves in performance and responsiveness of its user interface. For this release:

  • We have significantly reduced the number of requests to the server on page loads
  • We do more streaming when writing to storage
  • A new event dispatcher interface does simpler linking and more lazy loading
  • An initial state manager makes some pages feel more instant since it saves the initial ajax call to the backend

This should help decrease server load and improve the snappiness of the web interface.

Nextcloud Talk

With this Nextcloud version comes again a release of Nextcloud Talk. This release delivers the following improvements:

  • 🛎 Lobby for webinars
  • 🔗 Chats and calls on public shares
  • 👤 Guest mentions
  • 💬 Improved chat loading
  • 🎙 Added a voice level indicator and notify the user when they speak while they are muted
  • ➕ And much more!

Client releases!

We also recently made available releases of our Android, iOS and desktop clients!

Note that the Android client will have FIDO2 support, which was developed in collaboration with Nitrokey and Cotech. Learn more in the blog by Cotech!

Even more

There is much more new and improved in this Nextcloud release. For example, we have a systems overview in the admin settings which shows system package versions to help the admin administer their system. Our monitoring view was overhauled and looks much nicer. Much work was also done in the area of usability and performance. Best check it out for yourself!

See our separate announcement about building virtual data rooms with Nextcloud 17 here.

We talked about Nextcloud 17 at the Nextcloud Conference. Other big news from the event included:

Time to update: 16.0.5 and 15.0.12 are here!

16

New minor releases of the Nextcloud server have been made available. As always, these include stability and security improvements that are designed to be a safe and quick upgrade.

Running web facing software without regular updates is risky. Please stay up to date with Nextcloud releases of both the server and its apps, for the safety of your data! Customers can always count on our upgrade support if needed!

Nextcloud 14: end of its public support cycle.

Remember, Nextcloud 14 is no longer maintained. If you would like to stay in this version and continue to get security and bug fixes you can inquire for a Nextcloud Subscription.

Nextcloud 16.0.5: changes (latest version)

The roughly 100 changes for Nextcloud 16.0.5 are quite minor, with over half being updates to shipped libraries. The rest fixes a wide variety of small issues. For example, the audit log now also covers email shares, it is now possible to have hidden SMB shares (those ending with $), a fix for color contrast, a name change of our current text editor to Plain text editor to avoid confusion with our new Text app and more.

You can find the full 16.0.5 and 15.0.12 changelogs on our website..

Stay safe: keep your server up-to-date!

Minor Nextcloud releases are security and functionality bug fixes, not rewrites of major systems that risk user data! We also do extensive testing, both in our code base and by upgrading a series of real-world systems to the test versions. This ensures that upgrades to minor releases are painless and reliable. As the updates not only fix feature issues but also security problems, it is a bad idea to not upgrade!

This is, of course, also true for apps: Keeping them updated has security benefits, besides the new features and other bug fixes.

If you are maintaining a mission-critical Nextcloud system for your enterprise, it is highly recommended that you get yourself some insurance (and job security… who gets blamed if the file handling system isn’t working as expected?). A hotline to the core Nextcloud developers is the best guarantee for reliable service for your users, and the job safety of you as system administrator.

Nextcloud team coming soon to NΓΌrnberg, Paris

conference room with peopleNextcloud Enterprise Day in Berlin

In the next 2 months, the Nextcloud team will visit ITSA in Germany and the Paris Open Source Summit with a booth and talks! Take this opportunity to meet us and learn more about the most deployed enterprise content collaboration platform.

Why did the French and German governments decide for Nextcloud? Ask us!

ITSA 2019 logo

Nürnberg: ITSA

Europe’s largest security conference, it-sa, takes place from October 8-10 in Nuremberg, Germany. This year again Nextcloud will be present at it-sa at booth 10.1-430. We will be joined by our partner and open source backup solution provider Bareos and at the ITSA you can also find our partner ONLYOFFICE!

We are looking forward to meeting you in person! Want a free ticket to ITSA? Contact our sales team!

Paris: Open Source Summit

Like the last years, the Paris Open Source Summit takes place in December and, like the last years, Nextcloud can be found at this major business and enterprise open source gathering!
Paris open source summit logo
We will share a booth with one of our French partners, ARAWA. More information is coming!

Massive series of announcements over weekend from Nextcloud conf, event continues

Last Saturday, the Nextcloud Conference kicked off in Berlin! It started with an impressive keynote by Frank Karlitschek making a series of big announcements. Between the weekend program and the Enterprise Day on Monday, some 250 visitors participated in the event, sharing ideas, collaborating on Nextcloud and meeting new friends, colleagues, partners and fellow users. Over 1500 people watched our live stream video of the announcements, and we’re excited with the interest from everybody!


keynote from FrankThe keynote by Frank drew a full room, plus 1500 viewers online!

6 big announcements

Let’s recap the big announcements from Frank’s keynote! After reminding everyone of the goals and motivations behind Nextcloud and our mission and principles, he announced Nextcloud 17, currently available as release candidate.

We have not yet separated the live stream in shorter videos, but you can start watching from Frank’s keynote on our YouTube channel.

Nextcloud 17

This release delivers an impressive series of improvements with a particular focus in the area of security, scalability and collaboration. A quick overview of the features:

      💣 Remote Wipe allows users and administrators to forcibly clean files from remote devices, for example in case they are stolen.
      📝 Nextcloud Text, our new distraction-free, collaborative rich text editor
      🔒 Improvements to secure view olke enforceable watermarks enable virtual data room use
      🔐 Setup two-factor authentication after first login, admins can create one-time login tokens in the web UI and delegate this to group admins
      📧 secure mailbox in Outlook Add-in
      👥 LDAP write support makes it possible to manage users from Nextcloud
      💽 S3 versioning support, IBM Spectrum Scale integration and Global Scale with Collabora Online

    You can read the full announcement here.

    During his talk, Frank was joined on stage by Nextcloud designer Jan-Christoph Borchardt, Nextcloud security team lead Roeland Douma and IBM Spectrum Scale expert Ulf Troppens to discuss the various improvements that were made. The announcements continued…
    Global Scale

    Global Scale: millions of users, Collabora Online integration

    Nextcloud 17 marks several steps forward for Global Scale, the Nextcloud technology used to support tens to hundreds of millions of users on a single Nextcloud installation. The biggest improvement was covered earlier: Collabora Online integration enables working together even at huge scale.

    registrationAt registration everyone got a bag with goodies!

    IBM Spectrum scale integration, S3 versioning

    At large scale, file storage becomes progressively complicated. A collaboration between Nextcloud and IBM has made the leading large scale file storage and leading content collaboration platform a perfect match for storing, sharing and working with large volumes of data. Thanks to IBM Spectrum Scale integration, users can expect a consistent file system view, even at the massive scale supported by Spectrum Scale. Read more about this here.

    Nextcloud 17 also introduces support for S3 versioning, improving the integration with popular object storage solutions like OpenStack and Amazon AWS.

    Doubling of security bug bounties to USD 10.000

    Just before the Nextcloud Conference in Berlin, Nextcloud GmbH has decided to double the security bug bounty, going up to USD 10.000 for a remote execution vulnerability! This was discussed by Nextcloud Security team lead Roeland Douma. Read more in our blog post.

    Virtual data room

    With Nextcloud 17, Nextcloud releases a product designed for handling extremely sensitive data. Nextcloud VDR is designed for situations like due diligence for an investment, deciding on a loan or other sensitive business transactions.

    Read the full announcement blog here.

    Client updates

    After the big Nextcloud 17 and related announcements, Frank discussed the improvements to the Nextcloud clients, and announced no less than three releases:

    conversations in the loungeDuring the break, people hung out in the lounge.

    Nextcloud Flow makes it easy to automate actions and workflows

    After covering the clients, Frank turned towards a feature preview for the next release!

    Nextcloud 18 will introduce Flow, which will make it easy for users to automate some common tasks through an easy, graphical user interface. Integration with the wide variety of apps in the Nextcloud ecosystem will be an important priority for this project. Learn more about Flow.

    Developer program

    The keynote ended with a focus on the audience, introducing the new Nextcloud developer program.

    Nextcloud was always designed as a software platform and not a monolithic application. This is why we have the apps concept, many of the APIs and why we push open standards. In the past, many developers and companies used these capabilities. At the conference, we launched the new Nextcloud developer program: work with us!

    That was just the start

    After the keynote, the program continued with many talks about privacy-invasion, security threats, a panel on Public Money, Public Code, and dozens more subjects covered in the lightning talks. Talks which represent the values we support and believe in (open source, diversity, digital rights, decentralization, security, privacy) as well as technical and just plain interesting subjects were covered in many ways.

    lunch lineIn line for food during the lunch break
    lounge during lunchEating and hanging out in the lounge
    lunch tablesConversations and food go together well

    It is too much to summarize and we’ll therefore simply point you again to the video on Youtube! We will get the separated videos out in the coming weeks and we’ll keep you up to date.

    Saturday night we visited a beergarden for food, drinks and conversation

    The second day

    The second day kicked off by a keynote from Renata Avila. She made the point that people are having their rights taken away from them and we think we can fix it with webcam blocking stickers. We should be more outraged and need to fight this! Inaction is being complicit.

    Following her inspiring talk, more sessions covered robots and the value of open hardware, the need for activism for privacy and we had a panel on diversity in open source.

    You can watch the live stream video below, we’ll put split up videos live the coming weeks!


    The booth area was well visited

    During the lunch breaks, a lounge room was set up with some bean bags, providing a chance to talk, code or – well, take a nap… Meanwhile, outside the conference room, a series of booths was set up where friends of the project demonstrated a variety of products, devices or invited people to learn more about Free and Open Source Software. Among others, we were joined by:

    • openSUSE
    • Nitrokey
    • FSFE
    • Univention
    • GNOME
    • Turris Omnia
    • DAVX5
    • ONLYOFFICE

    Our friends from Tuxedo computers send us 3 laptops on loan, which were used at the registration and as speaker laptops! We’re real happy with the support and friendship of these projects and, of course, in particular thank those who sponsored us – Univention, openSUSE, Nitrokey, Turris Omnia and Tuxedo Computers. Of course, also present were Collabora and Assanti, makers of our Outlook Add-in, who together with Nitrokey, Turris, ONLYOFFICE and Univention were also with a booth at our Enterprise Day on Monday.

    closing session


    Our awesome volunteers on stage during the closing sessions

    Enterprise Day

    Monday, about 85 Nextcloud customers and partners met at the Park Inn hotel at Alexanderplatz for a day of in-depth sessions around security, Global Scale, the Nextcloud app ecosystem and several case studies from customers like BOELL, RENATER and the University of Nantes.

    enterprise day opening session
    Enterprise day opening session
    enterprise day break
    Enterprise day break

    We are not yet done!

    Our intensive coding sessions are still happening at the TU Berlin! If you’re in Berlin you can still visit us at room MA141.

    For you who missed the Nextcloud Conference this year and really wanted to attend but couldn’t, soon we will make available the split out talks in youtube. If you can’t watch, grab the stream for day one here and find day 2 here. An advice? Don’t miss the next Nextcloud conf!!

    Nextcloud Conference: Nextcloud iOS client release introduces new share view, dark mode, better performance

    The last time we blogged about the Nextcloud iOS client was a release back in October 2018! That's a long time ago, and you're forgiven for thinking not much has been happening. iOS users know better, though: no less than 12 releases were made, introducing an offline file view, voice memo recording, a brand new Media view and much more. The Nextcloud Conference in Berlin was the occasion for the latest release, bringing many more improvements to users.

    2.24.0 in Berlin

    The last version introduces the following improvements:

    • Improve style and discoverability of notification actions
    • Improve notification UI/UX + add avatar
    • Several improvements to Collabora Online document editing integration
    • File Provider Extension now supports multiple accounts
    • New share view now with all functions and UI/UX available on Server side with Details, Activity, Comments and Sharing
    • Improved Activity support
    • new UI/UX on “Files” Tab with improved scroll performance
    • Dark Mode
    New iOS share view
    New iOS share view
    Dark mode!
    Dark mode!

    Here’s all the news from the Nextcloud Conference:

    What else is new?

    Since we talked last about the client in October, the following other improvements were made:

    • UI/UX for view in list or grid mode
    • New Picker Photo/Video with the possibility of making a photo/video inside Nextcloud
    • New UI/UX for notifications
    • Integration of Collabora Online Office
    • You can modify a Photo before the upload
    • New UI/UX for Activities
    • Many improvements to UI/UX & fetch algorithm in the Media tab
    • Added QRCode reader for Login
    • Added the possibility to record a voice memo and save directly to Nextcloud
    • New Push Notifications
    • Improvements to scan document: Added flash, filters, rotate, auto/manual detect and more
    • More integration with Nc Talk

    New Nextcloud developer program: work with us!

    Nextcloud was always designed as a software platform and not a monolithic application. This is why we have the apps concept, many of the APIs and why we push open standards.
    In the past, many developers and companies used these capabilities. Today, we are launching the new Nextcloud developer program to bring these capabilities to the Next-level!

    Here’s all the news from the Nextcloud Conference:

    Join the program

    We are looking for individual developers and companies to work with us in building new apps.

    There are several things you can do:

    • Develop a complete new server side application on top of Nextcloud leveraging the Nextcloud framework for authentication, storage, distribution and many other things.
      Examples would be the recently released OneDrive external storage, the new Maps app or the SecSign ID authentication app.
    • Write a plugin that extends or changes the behavior of Nextcloud.
      Examples include the HSTS app which adds a HSTS header to HTTPS responses or the OCR app which adds a OCR option in the Files app.
    • Integrate other software, services and projects with Nextcloud.
      For example, look at Moodle, RocketChat or Zimbra.
    • Write new desktop or mobile apps that interact with a Nextcloud server.
      For example KDE and GNOME integration or the Deck Android app.

    Nextcloud is a very popular software platform

    So why is Nextcloud a great foundation for your app and why does it make sense to integrate with Nextcloud?

    Nowadays we estimate the number of active servers to be between 250.000 and 300.000 with tens of millions of users. That makes Nextcloud with quite some margin the most deployed on-premises file sync & collaboration platform! In other words, building a Nextcloud app means having a huge audience who can install your app with a single click!

    Why is Nextcloud so immensely popular? It provides what people need!

    Nextcloud’s mission is to be the decentralized central hub that allows you to stay in control of all your data, communication and collaboration needs securely, protecting user’s privacy. That is the reason why home users, companies, universities and the German and French governments and many other organizations from the EU trust Nextcloud to handle their data and meta data.

    Nextcloud started like an open source alternative to Dropbox. More like a tool to store, sync and share files. Nowadays things have changed and we are competing with services like Google GSuite and Office 365, covering a lot more than normal file syncing.

    As a full alternative to the propriety and centralized services from Microsoft, Google, Dropbox, Apple and others, with Nextcloud you can do collaborative office document editing, use a calendar, contacts, do group-chats, video and audio calls, emails, notes, RSS feeds, project management drawings, manage passwords and a lot more. All of that 100% Open Source and self-hosted of course.

    Nextcloud is also very scalable. It runs on tiny systems like Raspberry Pie up to a group of server clusters distributed over several hosting centers and continents with millions of users.
    app store screenshot showing button to enable untested apps

    Why join the program: 8 more reasons

    • Nextcloud is and will remain 100% free and open source software. This creates a fair playing-field for everyone and makes sure that we all benefit from each others work. We are all equal and follow the same AGPL rules.
    • Open Source guarantees that you can always run Nextcloud and your application in all scenarios without the need to buy a license or have a vendor lock-in.
    • There is no Contributor License Agreement or other legal work or contracts needed. No one has to transfer ownership of the code to another entity. Everyone keeps the ownership over their own work.
    • Nextcloud has good developer documentation. All other apps are open source and can be used as blue prints. Developing a Nextcloud app is easy!
    • Nextcloud has millions of users. Your work is immediately available to a huge install base.
    • Nextcloud has an AppStore where you can easily make your work available to all Nextcloud users. So a lot of users will test and use your app.
    • The Nextcloud community is very welcoming and friendly. So if you ever need any help or support then someone will want to help you and answer your questions.
    • There are several events like the yearly Nextcloud Conference where you can get in contact with the developers, attend talks and workshops to get on hand training.

    We at Nextcloud are looking forward to work with other projects and companies to integrate their software and promote the integration together. If you have build an app or want to build one and would like to get a blog published, or even see if there is a way to work with Nextcloud GmbH to monetize your work, shoot us an email!

    All the information and the useful links are listed on the new developer portal page.
    If you have any questions about these new opportunities for developers to build on top of Nextcloud you can always contact us.

    Let’s make a difference and help users take back control over their data and communication!

    Nextcloud announces virtual data room solution for ultimate protection of data during sensitive negotiations

    Tens of millions use Nextcloud to protect their data, at home or in their business. That is why Nextcloud takes security so serious, developing many unique security-related features and offering a USD 10.000 security bug bounty to security researchers. In some situations data has to be protected from leaking, even by the people who gain access to it. For this scenario, Nextcloud introduces its virtual data room (VDR) solution.

    Virtual data rooms

    Say you want to give a third party the chance to review and perhaps even edit a number of documents but prevent data leakage as much as possible. This is useful if you're working on due dilligence for an investment, need to decide on a loan or other sensitive business transactions.

    A Nextcloud virtual data room enables you to:

    • create guest accounts for the third party team and share files to those.
    • enforce the setup of a second factor for secure authentication when the guests create their account.
    • use File Access Control to ensure no files can be downloaded by the guests.
    • configure Secure View ensure the users can still read and (when shared with editing rights) modify documents, while the documents are watermarked when on screen.
    • Keep email content and attachments 100% confidential by using the Secure Inbox feature in the Outlook Add-in to share to the guest accounts. The email body and attachments are shared securily through Nextcloud, without risk of leakage even to the mail server. The recipient only receives an email telling them a new message was send. They can then log in securely on their guest account and view it.
    • If you allowed downloading files so the guests can use Nextcloud mobile and desktop clients, you can use Remote Wipe to clean their devices once the project ends.
    • Make sure that discussions about documents, plans and other information can take place through the integrated Nextcloud Talk so no third party can gain access to the communication, either through listening in on the calls or accessing the chat logs.

    A 100% self-hosted Nextcloud solution

    These capabilities and more are part of our virtual data room solution designed for use by organizations when they need a space where an often cross-organizational team can collaborate, firewalled off from either or both of their organizations.

    It enables secure due diligence during a take-over or venture capital transactions. Multiple virtual data rooms can be set up in paralel, or sequentially, enabling financial institutions to ensure data does not cross between offices, countries or teams.

    Where other virtual data room solutions still require data to be stored at a third party and route authentication and real-time communication through their data centers, a self-hosted Nextcloud virtual data room offers 100% control and thus near perfect protection from data leaks.

    Forget about SAAS and outsourcing: an on-premises Nextcloud VDR offers the ease of use that speeds up deal making while strict control over access and fine grained auditing ensure sensitive data remains secure.

    Nextcloud VDR Capabilities

    Nextcloud develops the industry-leading on-premises content collaboration solution, bringing together efficient real-time communication, document editing and easy sharing together in a coherent platform.

    Features include:

    • Activity tracking and audit log, real-time reporting
    • Built in secure communication with comments and audio/video chat
    • Secure email box (prevent leaking of email content and attachments with Outlook integration)
    • Advanced search within the whole VDR
    • Extensive file compatibility
    • Unlimited data and accounts
    • Easy, familiar interface
    • Document versioning
    • Extensive security capabilites, including:
    • Multi-layer, military-grade encryption
    • Advanced digital rights management
    • multi-factor authentication
    • Video Verification to enforce identity proof
    • Extensive file access control mechanisms
    • Watermarking of files
    • Remote wipe
    • Industry-leading ransomware protection

    Nextcloud is used in extremely security-sensitive environments every day in the financial, healthcare and government sectors. Nextcloud VDR provides an even more hardened, secure, complete and easy to control environment for efficient collaboration on the most sensitive data.

    You can read more about how Nextcloud can help you with a virtual data room on our website.

    Feature highlights

    A virtual data room is a setup customized to each use case and customer. To highlight a few of the capabilities and features useful in virtual data room scenarios, we created a series of screenshots below.

    Secure Mailbox

    This example sends the link and password to the recipient by email. The user can take out the password and send it through another channel. Alternatively, when a guest account is set up for the recipient, the Outlook add-in will detect this and instead share the message to the guest account and include an internal link in the email. The recipient will have to log into their guest account to access the email.

    Secure Mailbox - Writing an email
    Writing an email
    Secure Mailbox - attaching files
    Attaching files, enabling Secure Mailbox

    Fresh from the conference: Nextcloud Desktop client 2.6.0RC1 with new Login Flow, second test version of Virtual Drive

    We have just made available a release candidate of the Nextcloud Desktop client with a large number of fixes and improvements including a rework of our login flow. The new login flow uses the system browser, which should improve compatibility with many servers, especially those with tight security settings or non-standard authentication mechanisms.

    Talking of authentication, the client now fully supports Client-side SSL Certificates for authentication and the new Windows build also supports TLS 1.3! You can grab the new client now.

    Second, today we’ll make available a new test version of our Virtual Drive build of the client, and we’re looking for feedback on the progress we’ve made!

    As always, a big thank-you goes to our community of contributors. Note that we are still looking for new people to join our team!

    Here’s all the news from the Nextcloud Conference:

    EDIT: apologies, due to an internal miscommunication, we said that version 2.6.0 final of the desktop client was available, while the first release candidate has been made available and the final is expected soon.

    Fresh from the conference: Nextcloud Android client 3.8 with U2F, TLS 1.3, Remote Wipe and more

    We have made version 3.8 of our Android client available today, bringing a slew of security features with many bugfixes and smaller improvements to our users. If your phone hasn't updated yet, give it a kick and grab the new version today!

    U2F device support integrated by COTECH

    As said, this release brings many security-related features. First, U2F support was integrated thanks to the work of COTECH. The result is a usable login flow: At the bottom, a dialog indicates that user interaction is needed during U2F login. Users get assistant with helpful animations if they are not familiar with the concepts of security keys on mobile devices.

    The most common security keys are compatible with our implementation. Users can use them via USB or NFC. Just a simple touch with the key on the back of the device and the user is logged in. But USB usage is similarly easy: Plug in the key and press its button to indicate user presence. Learn more in the blog by COTECH.

    Using a Nitrokey to log into Nextcloud

    Updated TLS support and added Remote Wipe

    Second, some internal libraries were updated to allow for TLS 1.3 connections, helping sysadmins who have tight security policies on their Nextcloud server.

    And last but not least, support for one of the major features of Nextcloud 17 was brought to the Android client with the integration of Remote Wipe support!

    With Remote Wipe, users can delete all the data of their devices from the Nextcloud web UI, useful in case of lost of theft of a device. Sysadmins can instruct all devices to wipe their data in case an employee leaves the company, for example.

    Remote wipe as a user, per device
    Remote wipe as a user, per device
    Remote wipe as admin, per user
    Remote wipe as admin, per user

    Here’s all the news from the Nextcloud Conference:

    Last year

    As it is the Nextcloud Conference today, we thought we'd share not just what is new today but also give you an overview of everything we improved in the client over the last year!

    3.3.0

    • Trashbin support
    • Media streaming
    • Protection via device credentials

    3.4.0

    • Editing via Collabora Online
    • set/edit notes on sharing
    • search inside text files
    • action on notifications
    • share file to Talk

    3.5.0

    • Chunked upload: 1Mb wifi / 10Mb Wlan
    • QR codes for signup
    • deep link integration
    • direct camera upload
    • sync all downloaded files

    3.6.0

    • storage path chooser for local files
    • show notes on sharing
    • show shared user as avatar

    3.7.0

    • Chromebook support
    • delete push notifications via server
    • open files from Talk app

    3.8.0

    • U2F support on login
    • crash report
    • TLS 1.3 support
    • Remote Wipe

    Nextcloud Flow makes it easy to automate actions and workflows

    We are happy to announce that Nextcloud 18 will introduce Flow. This app will make it easy for users to automate some common tasks through an easy, graphical user interface. Integration with the wide variety of apps in the Nextcloud ecosystem will be an important priority for this project. A first tech preview is available as part of the daily builds of Nextcloud 18.

    Here’s all the news from the Nextcloud Conference:

    What can Flow do

    Nextcloud Flow is designed to help you automate tasks. For example, when a file is added to a specific folder, a shared link to the file could be created and send through Nextcloud Talk into a specified chat room. Or, when a new element (like a file, a chat or a Deck board) is added to a certain project, you get a notification.

    Here is a mockup (based on current state) of what NC Flow should look like by release time:
    mockup (based on current state) of what NC Flow should look like by release time

    One thing Flow can do is can help the workflow of teams collaborating on documents. Think of the approval and review processes, as in this example:

    An partner sends a customer order form by mail to a special inbox. The attachments get uploaded to Nextcloud and, because they end in a special folder, are given a specific tag. This tag results in the file getting added as a task card in a Deck board for Team X to process. The chat from Team X notifies them of the arrival of the new task. A team member reviews the form and when done, moves the card to done which automatically adds a 'reviewed' tag. This tag results a notification for the manager. Once they adds the 'approved' tag, the files are turned into a PDF, then shared via a public link, which in turn is added to a mail that gets send to the partner.

    As you see, Flow can go beyond files, tying together the various capabilities of Nextcloud. Through an easy API, Nextcloud applications like Calendar, Mail, Talk and Deck will be able to provide actions and triggers for users to use. This means that more and more apps will be able to offer integration, so users can configure Nextcloud to respond to a wider range of events with an ever growing amount of actions.

    Get Flow

    Flow will be a part of Nextcloud 18. We have just started working on this release, but Flow has been under development for while already. A first tech preview is available as part of our development version, downloadable as a daily build. Input from users is very welcome, as there is a wide range of capabilities that could be added and the team is looking for use cases to prioritize. App developers can also get started supporting Flow in their apps! Documentation for Flow will soon be available on our Developer site.

    At the Nextcloud Conference this weekend, a workshop will demonstrate how developers can add new capabilities from their apps to Flow.

    Screenshots of the current state:

    Creating a new flow
    Creating a new flow
    Multiple operations
    Multiple operations
    Select Triggering Event
    Select Triggering Event
    Add check to rule
    Add check to rule
    Define mimetype rule with presets
    Define mimetype rule with presets
    Additional check and operation options
    Additional check and operation options
    Overview
    Overview

    Nextcloud 17 scales up and improves data protection with Remote Wipe, collaborative text editor, 2FA updates, IBM Spectrum Scale support and Global Scale improvements

    Fresh from the Nextcloud conference stage, we are proud to announce a major release of Nextcloud, the easiest solution for secure, on-premises collaboration on documents, calendars and communication! Nextcloud 17 will introduce a series of secure collaboration features including a collaborative text editor, remote wipe, updated secure view, improved two-factor-authentication and easier access than ever with deeper integration of large-scale storage like S3 and IBM Spectrum Scale.

    Nextcloud 17 is available as release candidate, with the final release expected later this month.

    A quick overview of what is new:

    • 💣 Remote Wipe allows users and administrators to forcibly clean files from remote devices, for example in case they are stolen.
    • 📝 Nextcloud Text, our new distraction-free, collaborative rich text editor
    • 🔒 Improvements to secure view like enforcable watermarks enable virtual data room use
    • 🔐 Setup two-factor authentication after first login, admins can create one-time login tokens in the web UI and delegate this to group admins
    • 📧 secure mailbox in Outlook Add-in
    • 👥 LDAP write support makes it possible to manage users from Nextcloud
    • 💽 S3 versioning support, IBM Spectrum Scale integration and Global Scale with Collabora Online

    See our separate announcement about building virtual data rooms with Nextcloud 17 here.

    Other news from the Nextcloud Conference includes:

    Follow the conference live!

    Remote wipe

    A major new feature in Nextcloud 17 is remote wipe. While many companies have Mobile Device Management, thanks to build-in support, Remote Wipe will work on systems not under management of the company. This is useful for home users but also large universities and of course in a scenario where guest accounts were handed to a third party. If you permit downloading of documents by the third party, you can wipe the documents from their devices when the the collaboration has ended.

    Remote wipe can be used on a per-device basis by users and on a per-user base by the administrator.

    Remote wipe user
    Remote wipe as a user, per device
    Remote wipe admin
    Remote wipe as admin, per user

    Two-factor authentication improvements

    Two-factor authentication is very important to protect the security of Nextcloud accounts. Administrators can enforce the use of two-factor authentication and offer a number of options to users.

    Nextcloud 17 introduces:

    • Ability for users to setup 2FA after the first login it was enabled or enforced
    • New Administrator settings:
      • Administrator can create one-time-login tokens for users who forgot or broke their second factor solution
      • Administrator can delegate the ability to create one-time-login tokens to group administrators

    Nextcloud offers the following 'second factor' options, any number of which can be enabled by the system administrator and used to validate the login of a user:

    • Time-based One-Time Password (TOTP, including Google Authenticator or similar apps
    • Universal 2nd Factor hardware tokens (U2F, like Yubikeys or Nitrokeys, also supports NFC)
    • Gateways: SMS, secure messaging apps Telegram, Signal and more
    • Notification (just click to approve login on an existing device like a phone)
    • User backup code (User has to generate these in advance and store them in a safe location)
    • Administrator backup code (creating those can be delegated to group admins)

    Active user sessions can be invalidated through a list, by removing the user in the admin settings or by changing passwords. Users can manage their own sessions and devices. Remote wipe is available from that same screen.

    2FA enforcement settings, enforcing for guest users
    2FA enforcement settings, enforcing for guest users
    2FA setup on first login
    2FA setup on first login
    One-time login token creation
    one-time login token creation

    Secure view and watermarks for documents

    Last December, Nextcloud 15 introduced the Hide Download menu option. Since then this feature was used to provide secure view functionality in Collabora Online and ONLYOFFICE. With Nextcloud 17, our secure view feature was expanded with admin settings for watermarked text to enforce watermarks on:

    • public shares: option for all/read-only shares/hide download/tagged with (select a tag, for workflow integration)
    • internal shares: option for all/read-only/no reshare/tagged with (select a tag, for workflow integration)

    Note that the full range of options requires Collabora Online 4.1. For older versions only the 'all' option works. ONLYOFFICE supports all these new capabilities as of today.

    With secure view, our online office solutions can be configured to open PDF files, images and text files, making these files available in a watermark-protected way, while downloads and other apps are disabled using File Access Control. This setup is useful when data has to be protected from leaking but still has to be made available for review, like in a virtual dataroom scenario.

    Configuring Secure View in Collabora
    Configuring Secure View in Collabora
    Setting a 'confidential' tag
    Setting a 'confidential' tag
    Secure view watermarked file
    Secure view watermarked file

    Secure mailbox for Outlook

    The Outlook Add-in introduces the secure mailbox feature. This feature protects the contents (body) of email from interception by providing the recipient with a notification that a new email was received. The recipient then has to log in on their (guest) account to access the email and its attachments.

    In combination with the read.me app, the body of the email is shown on top of the file attachments. Each email is a folder, linked to in the email notification.

    Secure Mailbox - Writing an email
    Writing an email
    Secure Mailbox - attaching files
    Attaching files, enabling Secure Mailbox
    Secure Mailbox - Email as it will be sent to recipient
    Email as it will be sent to recipient
    Secure Mailbox - Recipient view in Secure Mailbox in Nextcloud
    Recipient view in Secure Mailbox in Nextcloud

    This example sends the link and password to the recipient by email. The user can take out the password and send it through another channel. Alternatively, when a guest account is set up for the recipient, the Outlook add-in will detect this and instead share the message to the guest account and include an internal link in the email. The recipient will have to log into their guest account to access the email.

    You might be familiar with this feature from banks, insurance, realtors and other organizations dealing with sensitive data. Protecting the content from emails from leaking is very hard and with the Secure Mailbox for Outlook feature, Nextcloud offers an integrated solution.

    Security hardenings

    Security is very important to Nextcloud users, and thus a core focus for the Nextcloud team. Every release comes with many improvements, and this is no different. These include:

    • A new feature policy header
    • Stricter CSP
    • Suspicious login improvements

    HackerOne logo

    At the Nextcloud Conference, Nextcloud GmbH also announced a doubling of its security bug bounties to USD 10.000. This means an even larger insentive for security experts to find and responsibly report security problems to Nextcloud's capable and responsive security team.

    If you want to learn more about security in Nextcloud, we strongly recommend to read about the various layers of encryption in Nextcloud and how Nextcloud can save your business from ransomware attacks.

    Nextcloud Text

    There are many moments when a light-weight, distraction-free text editor is the perfect solution for the task. Note taking, writing down thoughts or brainstorming a little don't require advanced editors with thousands of features. Nextcloud Text is an integrated, collaborative markdown-based text editor and ships as part of Nextcloud 17. Compared to the test version we made available for Nextcloud 16, this version has much improved reliability and introduces plain text editing with syntax highlighting for code.

    All the good features are still here, and improved:

    • markdown-based
    • simple, efficient interface
    • any number of collaborators
    • support for bullets, headers, bold, italics, images and strike-through
    • sidebar with sharing, comments, versions, video chat and activity
    • and now: plain text editing with syntax highlighting

    Learn more in our earlier announcement.

    Performance, scalability and storage integration: IBM Spectrum Scale, Global Scale and S3.

    This release delivers a number of improvements in the area of performance, scalability and storage integration.

    Real time document collaboration with Global Scale

    This release expands the capabilities of our unique Global Scale architecture to Colabora Online. Global Scale is designed to enable some of our largest customers to run a single Nextcloud instance with tens of millions of users. Collabora Online GS integration allows these users to seamlessly collaborate with each other on office documents.

    Global Scale has been in production since 2017 in a commercial setup for tens of millions of users across 4 continents. Several other customers have deployed or began experimenting with Global Scale in the last years. Thanks to the new integration, Collabora Online installations at multi-million user scale are now set to roll out.

    For smaller deployments, these changes are also relevant: users can now collaboratively edit documents across private Nextcloud servers!

    See the Collabora/Nextcloud announcement of Global Scale integration here.

    IBM Spectrum Scale logo

    IBM Spectrum Scale integration

    In collaboration with IBM, Nextcloud 17 introduces IBM Spectrum Scale integration.

    IBM Spectrum Scale is a high-performance file system for managing data with the distinctive ability to perform analytics in place with comprehensive support for data access protocols including POSIX, NFS, SMB, HDFS and S3/Object. It can provide a single namespace for all this data, offering a single point of management with an intuitive graphical user interface. IBM Spectrum Scale offers high scalability, high availability, automated data management and reliability with no single point of failure in large file storage infrastructure.

    On request of several major research organizations and universities, Nextcloud and IBM developed this integration between IBM's Spectrum Scale and the Nextcloud storage layer. A white paper with more details can be found on the IBM website. An example use case would be when a research institute has a large storage system where research data is written to by scientific tools. Thanks to this integration, this data can be made available real time through Nextcloud and manipulated without the risk of accessing outdated information.

    See the announcement of the Nextcloud and IBM collaboration here.

    S3 versioning integration

    Nextcloud 17 introduces S3 versioning support which allows a Nextcloud server to use the native versioning of S3 rather than its own. This allows a system administrator to manage versions using native S3 tools but, when used with S3 as external storage, also improves compatibility with other applications which access the same data. Nextcloud will then be able to recognize versions created by these other applications, and vice versa.

    More responsive web interface and decreased server load

    In every release, Nextcloud improves in performance and responsiveness of its user interface. For this release:

    • We have significantly reduced the number of requests to the server on page loads.
    • We do more streaming when writing to storage
    • A new event dispatcher interface does simpler linking and more lazy loading.
    • An initial state manager makes some pages feel more instant since it saves the initial ajax all to the backend.

    This should help decrease server load and improve the snappyness of the web interface.

    Nextcloud Talk

    With this Nextcloud version comes again a release of Nextcloud Talk. Like the previous release, the work for this release was focused on improving the reliability of Talk, but a few new features were integrated as well:

    • Added a simple Lobby: moderators can join and prepare a call/meeting while users and guests can not join yet
    • Allow to mention guest users
    • Added a voice level indicator and notify the user when they speak while they are muted

    Client releases!

    Today, we also make available releases of our Android, iOS and desktop clients!

    Note that the Android client will have FIDO2 support, which was developed in collaboration with Nitrokey and Cotech. Learn more in the blog by Cotech!

    Even more

    There is much more new and improved in this Nextcloud release. For example, we have a systems overview in the admin settings which shows system package versions to help the admin administer their system. The monitoring section received a bit of a redesign. We could keep going, but we rather recommend you try out Nextcloud 17 RC1 and help us make it as stable as possible!

    Also, be sure to check out the other news from the Nextcloud Conference which includes:

    Nextcloud Conference News: Nextcloud GmbH doubling HackerOne security bug bounties!

    Just before the Nextcloud Conference in Berlin, Nextcloud GmbH has decided to double the security bug bounty, going up to USD 10.000 for a remote execution vulnerability! We will talk more about this tomorrow during the conference, but for now read on for details.

    Nextcloud: a secure collaboration platform

    Nextcloud lets users access and collaborate on documents, calendars and in video chats in the browser or through mobile apps. Over 200 apps extend Nextcloud functionality with features like playing music and movies, tracking your phone, reading news, mind mapping and more. It is by far the most popular private cloud software, 100% open source, developed by a community and used by millions of home users as well as organizations like Siemens, the German Federal Government and many more. For Nextcloud, security is key: the need for data protection and privacy that drives most of its users to the platform relies on being able to trust the project's effort in keeping data safe. For this reason, Nextcloud runs a security bug bounty program since its inception in 2016 and with great success.

    In this blog, Nextcloud GmbH announces we've doubled our security bug bounties in an effort to drive even more scrutiny to our platform and demonstrate our commitment to data protection to our customers.

    Nextcloud is the only enterprise file sync & share / content collaboration platform in the on-premises market which has a well maintained security bug bounty program and up to USD 10K bounties. You should ask yourself – is it wise to trust your data to a vendor which doesn’t trust its own product to withstand the scrutiny that comes with such a program?

    — Frank Karlitsche, CEO of Nextcloud GmbH

    Security bug bounties?

    Despite a great security track record and many innovative security hardenings added to Nextcloud over the years the reality is: security is hard, and mistakes are just unavoidable. The largest IT companies with big, well paid and experienced security teams still encounter regular, embarrassing breaches. For this and more reasons, Security Bug Bounties are a 'security best practice' followed by large organizations like Microsoft, Uber, Github, Twitter and Slack.

    Shortly after we founded Nextcloud, we announced a security bug bounty program offering a significant monetary reward for reports of security vulnerabilities within Nextcloud.

    Does a bounty program replace security work?

    Running a security bug bounty program does not replace internal security expertise, rather it augments existing security work.

    We can and do make breaching a Nextcloud server as hard as possible for an attacker. We do that first by having a strong process aimed at writing secure code, training our developers to take security in account and reviewing designs in advance and the code itself after it has been written. Second, we secure Nextcloud pro-actively by introducing security hardenings which decrease the likelihood of a successful exploitation. By performing internal testing, we get the confidence required for shipping. And last but not least external testing such as via our bug bounty program as well as regular security audits by various third parties (including customers) gives us another set of hundreds of eyes looking over our code and potentially discovering issues within our software.

    And they have found things!

    results

    We counted our HackerOne activity since we launched the program. After removal of some invalid reports (sometimes things get reported on out-of scope things like our infrastructure), we have these statistics:

    • Total of 222 reports submitted
    • Paid $2750 in bounties
    • 23 reports received a bounty ($120 per report on average)
    • Average response time: 12 hours
    • Average triage time: 1 day
    • Average time to resolution: 1 month

    Doubling up

    Running a bug bounty program is something you should take seriously to get the most out of it. That means responding quickly – we're proud of our leading response times and response quality on the HackerOne platform, showing our team takes the security issues very serious.

    We're also proud to offer some of the highest competitive bounties in the open source software industry, rewarding responsible disclosure with up to $5,000 for qualifying vulnerabilities.

    In our announcement today, we pledged to double the amount of $5,000 to up to $10,000, signaling we continue to put our money where our mouth is! There are two reasons why we increased the bounties today.

    First, since we announced our program in 2016, the use of Nextcloud has grown explosively. Today, between 200.000 and 300.000 Nextcloud servers provide secure, privacy-respecting file exchange and collaboration services to a massive number of users.

    The average size of Nextcloud servers certainly has also gone up. Today, dozens of our customers count their users in the tens or hundreds of thousands, back in 2016 of course this was not the case.

    On top of that, these customers now include major governments like the German, French and Dutch, dozens of cities, large corporations like SIEMENS…

    With more users comes more risk: a security exploit for Nextcloud has more value today than it did in 2016!

    Second, after a few years, much of the lower-hanging fruit has been caught. While the program has been very successful, we'd like to keep it that way, accelerate it even! By increasing the rewards, we hope to attract even more expertise, efforts and thus scrutiny to our platform.

    Go catch boogs!

    We are grateful to the thousands of people who have scrutinized Nextcloud and the hundreds who've reported issues they found. We hope that, with a doubling of our security bug bounties, we continue to benefit from the massive expertise available on the HackerOne program and in the global white-hat hacker community!

    Consistent file system view with Nextcloud and IBM Spectrum Scale

    Spectrum Scale logo

    At large scale, file storage becomes progressively complicated. A collaboration between Nextcloud and IBM has made the leading large scale file storage and leading content collaboration platform a perfect match for storing, sharing and working with large volumes of data. Visitors of the Nextcloud Conference, September 14 and 15 in Berlin, will be able to learn more about this integration from some of the engineers behind the effort.

    Nextcloud

    Nextcloud is a flexible, on premise Files Sync and Share and Collaboration platform. Nextcloud was designed to make content easily accessible to all members in an organization, wherever the content resides and however the member needs to access it. It features an easy, consistent user interface with extensive collaboration capabilities on mobile, web and desktop and conforms to the highest security and data protection standards. Nextcloud is highly extensible with apps adding functionality and offers deep integration in infrastructure like user management and storage.

    IBM Spectrum Scale

    IBM Spectrum Scale is a high-performance file system for managing data with the distinctive ability to perform analytics in place with comprehensive support for data access protocols including POSIX, NFS, SMB, HDFS and S3/Object. It can provide a single namespace for all this data, offering a single point of management with an intuitive graphical user interface. IBM Spectrum Scale offers high scalability, high availability, automated data management and reliability with no single point of failure in large file storage infrastructure.

    Nextcloud storage

    A Nextcloud installation requires a primary storage and optionally can extend this with external storage. The primary storage is used to hold all the files and metadata of the users like home directories, versions, encryption keys, trash bins and more. Any object storage using the S3 or Swift APIs can be used as primary storage. But most users use some kind of POSIX compatible file system as primary storage. IBM Spectrum Scale is a popular choice due to its reliability and scalability.

    Besides the primary storage used for various metadata like thumbnails, a Nextcloud installation typically integrates external storage. Through this external storage, Nextcloud can aggregate all the storage pools in an organization and make them accessible to the users via one familiar, easy to use interface across platforms and locations. External storage can be any storage that is accessible via SMB, NFS, (s)FTP, S3, SWIFT, WebDAV, Sharepoint or various other protocols.

    Challenges

    To function effectively, Nextcloud needs to be continuously aware of all changes in the external storage such as create, rename, write and delete operations. This is needed to keep the metadata in Nextcloud in sync, to manage file version, activity streams, user notifications, manage efficient syncing to offline clients and more. This is easy if Nextcloud has exclusive access to the storage solution, a requirement for its primary storage. However, with external storage, this is often not the case. Files can be modified by various business processes and tools or by the user through another interface such as SMB or NFS. Still users expect the latest version of each file that are created or modified outside Nextcloud to be available in Nextcloud for immediate access, sharing and syncing. A business application could make files available on a internal FTP drive, for example, or users could modify files through Sharepoint. When files are modified through means other than the Nextcloud interface, an update of the Nextcloud internal metadata is needed. Nextcloud has the ability to scan an external storage for changes, but this introduces delays and introduces scaling limitations. At a large scale, even solutions like inotify or SMB notifications are insufficient due to their technical limitations.

    Spectrum Scale Clustered Watch

    IBM Spectrum Scale 5.0.3 introduces the Clustered Watch feature to improve the monitoring of activities in a Spectrum Scale file system. By monitoring activities in the file system it is possible to automate responses to file access events. For example, a Spectrum Scale administrator can set up a Watch to log every file CLOSE event into a configurable log file. The log file can then be parsed periodically by an external application to trigger further processing of the file.

    Spectrum Scale Clustered Watch is designed to emulate Linux inotify, but it has some significant advantages to simplify the response to events. IBM Spectrum Scale is a distributed file system that can be mounted on many cluster nodes. Spectrum Scale Clustered Watch gathers the Watch events from all nodes and makes them available at one consolidated place. Furthermore, in contrast to Linux inotify a Spectrum Scale Watch on a directory monitors the activities not only in that directory and but also in all its subdirectories.

    The integration solution

    IBM, Nextcloud and the University of Augsburg worked on an integration to improve the performance and scalability of IBM Spectrum Scale as external storage for Nextcloud. In late 2018 and early 2019 a proof of concept integration was developed. This proof of concept uses Spectrum Scale Clustered Watch to track all changes in the file system and notify Nextcloud. The result is that the file structure view in Nextcloud is within less than a second in sync with the state of the file system, even on very large external storage deployments. The integrated solution is designed to be very scalable and will work in a setup with a large number of Nextcloud application servers and large Spectrum Scale file systems.

    Technical implementation

    The integration solution can run on one or more Nextcloud application servers and is designed to use Redis. Redis is used in Nextcloud for caching and file locking handling. It is a well tested solution which scales with Nextcloud use, allowing for clustered deployments.

    The integration tool receives Spectrum Scale Watch events every time a file is changed in the Spectrum Scale file system. The tool then uses a queue in the Redis database to notify Nextcloud of the change. A background service in Nextcloud consumes this queue, scanning the files and updating the Nextcloud index with the changes. This Nextcloud background service can run in parallel on several application servers and the load can be distributed over multiple Redis server to ensure high performance and full scalability.

    Availability

    This solution is available for mutual customers today but requires at least Spectrum Scale 5.0.3 and Nextcloud 17. Contact Nextcloud for a deployment or proof of concept.

    At the Nextcloud Conference, September 14 and 15 2019 in Berlin, IBM Spectrum Scale specialist Ulf Troppens and Nextcloud file systems engineer Robin Appelman will discuss the integration.

    Summary

    IBM Spectrum Scale and Nextcloud provide a reliable, scalable and performant solution for highly secure data storage that is suitable for modern organizations and their needs for efficient team collaboration. The flexible design of both solutions enabled the development of a efficient integration technology, improving the scalability and responsiveness of the solution. All files are accessible directly via the Spectrum Scale file system or via Nextcloud without compromises in performance and user experience.

    Please contact IBM or Nextcloud for more information.

    ❌