LogoLogo
cegedim.cloudITCareAPIPrivacy
English
English
  • Documentation
  • ITCare
    • What is ITCare ?
      • Get started with ITCare
      • Demos
    • Enercare
      • Carbon footprint
    • Release notes
  • ITCare API
    • Overview
    • Authentication
    • Errors
    • Pagination
    • API Reference
      • Quick start
      • Analytics
        • Matomo
      • Changes
        • Changes
      • Compute
        • Application Servers
        • Backup Policies
        • Containers
        • Environments
        • Instances
        • Platform
        • Resource Filters
        • Resource Types
        • Resources
        • Services
        • Statuses
        • Tag Keys
        • Tag Values
        • Types
      • Databases
        • Databases
        • MariaDB
        • OpenSearch
        • PostgreSQL
        • Redis
        • SQL Server
      • Hardwares
        • Hardwares
      • Messaging
        • Apache Kafka
        • Message Brokers
        • RabbitMQ
      • Networking
        • Domains
        • Load Balancers
        • Network Clusters
        • Networks
      • Operations
        • Actions
        • Operations
      • Storage
        • Glusterfs
        • Overdrive
      • Topology
        • Topology
  • Services
    • Products
    • Support policy
    • Patch policy
    • RACI
  • Analytics
    • Matomo
      • Matomo - Features
      • Matomo - Get started
  • Compute
    • Virtual instances
      • Virtual instances - Features
        • Linux - Hardening
      • Virtual instances - Get started
    • Containers (K8s)
      • K8s - Features
        • Hardening
        • Persistent Storage
      • K8s - Get started
        • High Availability
  • Databases
    • MariaDB
      • MariaDB - Features
      • MariaDB - Get started
    • OpenSearch
      • OpenSearch - Features
        • v2 - Breaking changes
      • OpenSearch - Get started
    • PostgreSQL
      • PostgreSQL - Features
      • PostgreSQL - Get started
      • PostgreSQL - Upgrade
    • Redis
      • Redis - Features
      • Redis - Get started
      • Redis - Upgrade
    • SQL Server
      • SQL Server - Features
      • SQL Server - Get started
      • SQL Server - Upgrade
  • Messaging
    • Apache Kafka
      • Apache Kafka - Features
      • Apache Kafka - Get started
      • Apache Kafka - Upgrade
    • RabbitMQ
      • RabbitMQ - Features
      • RabbitMQ - Get started
      • RabbitMQ - Upgrade
    • SMS
      • SMS - Get started
  • Monitoring
    • ExtraHop
  • Security
    • Advanced Vulnerability Assessment
    • Bot Defense
      • Bot Defense - Features
    • Data Masking
      • Data Masking - Get started
    • Phishing Campaign
  • Storage
    • GlusterFS
      • GlusterFS - Features
      • GlusterFS - Get started
    • Object Storage
      • Object Storage - Features
        • S3 API compatibility
        • Limitation and Best Practices
        • Presigned URL
        • Bucket Policies
        • Bucket Lifecycle
        • Object Lock
      • Object Storage - Get started
        • Manage Object Users
        • Manage versioning in Bucket
        • Manage Bucket access
    • OverDrive
      • OverDrive - Features
      • OverDrive - Get started
Powered by GitBook
On this page
  • Description
  • Architecture
  • Availability
  • Resiliency
  • Supported versions
  • Features
  • Sizings
  • XS Diagram
  • Resource
  • Configuration and properties
  • Product configuration
  • Security
  • Authentication
  • Authorizations
  • Network
  • Data location
  • Password management
  • Monitoring
  • Antivirus
  • Backup
Export as PDF
  1. Storage
  2. OverDrive

OverDrive - Features

Description

OverDrive is a file hosting system based on the Nextcloud solution.

The Nextcloud server is configured and accessible through a secure web interface, enabling authorized users to control storage, set policies on file access or set up automated file processing, manage users, enable or disable functionality and more.

Nextcloud is a PHP web application running on a Linux web server. It stores file sharing information, user details, application data and configuration as well as file information in a PostgreSQL database.

OverDrive uses Object Storage Service (S3) as a primary storage.

Architecture

Availability

The product is currently available in all our regions as well as in all availability zones.

Resiliency

OverDrive relies on cegedim.cloud's Linux virtual instance product.

Supported versions

cegedim.cloud supports Nextcloud version 27 in this OverDrive product.

Update can be executed by cegedim.cloud: either on request or during grouped update.

Features

This section is to list which feature / capability is available to customer, and how to request/perform them :

Self service

Customer can perform action autonomously

On Request

Customer can request for the action to be done by cegedim.cloud support team

Features
Self-Service
On Request
Comments

Change OverDrive configuration

✅

Via administration settings

Security patches /

Versions upgrade

✅

Update is done by cegedim.cloud: either on request or during grouped update.

Add existing SSO product

✅

Update is done by cegedim.cloud: either on request or during grouped update.

Add users / Resize user storage

✅

Accessible through admin account, in "Users" settings.

Add new application

✅

Accessible through admin account, in "Applications" settings.

(forthcoming) Expand the OverDrive sizing

✅

(forthcoming) Possible via the resize button on ITCare.

Sizings

XS Diagram

Resource

XS

Sizing supported 1 to 49 users:

  • 1 Nextcloud Frontend (Linux virtual instance - 2/4)

  • Dedicated S3 bucket

  • 24/7 Monitoring (optional)

  • Data replication enabled (virtual instance disaster recovery)

Configuration and properties

Product configuration

Local Log Management

Logs are accessible with the administrator account (admin_client) through the Web UI, in the section "Parameters" > "Logging".

Remote Log Management

Logs are sent to cegedim.cloud SIEM to detect security issues and sensitive actions.

Security

Authentication

Web access

A default admin_client account is provisionned by default.

The customer can access its account by connecting to the drive URL (ending by *.mydrive.cegedim.cloud), choosing "Direct authentication", and using the admin_client account with the password chosen during provisionning.

Authentication for local accounts (e.g.: admin_client) are protected by TOTP.

The TOTP can be configured on the first connection, after the provisioning of the OverDrive through ITCare. It ensures that only the client can connect to the admin_client account.

cegedim.cloud still has the possibility to activate the admin account for security uses ("bris-de-glace"). This password does not provide access to data hosted on the web servers.

When needed, these accesses are protected by several security measures:

  • TOTP usage

  • Access through the bastion, as presented on the diagrams

  • Full traceability

System access

System access is reserved to cegedim.cloud administrators. These accesses are necessary to provide mandatory services for the application, for example:

  • Monitoring operations (e.g.: restart a service)

  • Version update

  • Security update

Servers providing the OverDrive services can be accessed by SSH and require to be authenticated through the cegedim.cloud Bastion. These accesses are limited to cegedim.cloud administrators and entirely journalized to ensure only legitimate operations are realized.

Authorizations

Roles

Roles
Permissions

Users

Use the product

Administrators

Use the product and manage users

Super Admin

All

Network

SSL is used while connecting to the Nextcloud application.

A secure profile is deployed to avoid any deprecated cipher to be used.

Data location

The infrastructure is located in France and the data is stored within cegedim.cloud's datacenters.

Files are stored on cegedim.cloud's Object Storage solution (S3 compatible).

Password management

The end user password is not stored into our password management solution and is known only by the client. This password is created when the end user order its OverDrive on ITCare.

cegedim.cloud admin account is deactivated during the OverDrive creation process.

This section lists the password management :

Password
Stored by Cegedim.cloud
Stored by Customer
Enforced
Hashing algorithm

admin_client account

sha256

ANY other account

sha256

Monitoring

Each OverDrive instance deployed through ITCare is monitored. An automatic check verifies if the Nextcloud service is available.

When the drive website is unavailable, the alert is taken into account by our monitoring teams which implement corrective measures.

The 24x7 option, available in ITCare, will extend the monitoring to non business hours.

Antivirus

The servers are protected by cegedim.cloud antivirus (SentinelOne).

Backup

OverDrive virtual machines are always backuped by default.

PreviousOverDriveNextOverDrive - Get started

Last updated 1 year ago

❌
❌
❌
❌
❌
❌
❌
✅
✅
❌
✅
❌