Install and configure your Claris FileMaker Server

Claus Lavendt, Claris Engage 2024

Menu

• What is FileMaker Server?
• Technologies Around the Server
• Installing FileMaker Server on Ubuntu
• FileMaker Server Components in Detail
• Best Practices for FileMaker Server Deployment
• Backup Strategy for FileMaker Server
• Solution Security Best Practices

Introduction

Welcome to this comprehensive guide on installing and configuring Claris FileMaker Server, with insights from Claus Lavendt’s presentation. This expanded version aims to provide you with not only the necessary technical steps but also the critical reasoning behind them. By delving into network architecture, backup strategies, and security protocols, we ensure your FileMaker Server is both robust and secure. This guide primarily focuses on the Ubuntu platform, but most principles apply to other supported platforms like macOS and Windows.

The goal is to give you a deep understanding of why each step matters and how it impacts your overall deployment. Whether you’re managing a single server or an entire infrastructure, following these best practices will ensure optimal performance, security, and reliability.

1. What is FileMaker Server? #tag1

Overview: A Deep Dive into FileMaker Server

Claris FileMaker Server is a powerful, feature-rich server platform designed to manage databases in real-time. Beyond just “hosting” a database, it provides a multi-channel ecosystem where applications can interact with the server via desktop, mobile apps, and web clients. It handles everything from simple data storage and management to complex integrations with external APIs.

In a FileMaker Server environment, users can access database files from various clients, ranging from FileMaker Pro desktop apps to FileMaker Go on mobile devices and even WebDirect (browser-based access). But FileMaker Server does more than just provide access. It also offers:

• Centralized management: All database files, security settings, backups, and client connections are managed centrally.
• Automation and scripting: Automate routine maintenance tasks, like backups and user management, directly through the Admin Console or command line interface (CLI).
• Comprehensive security: From SSL encryption to robust user authentication and field-level encryption, the server ensures data is securely handled.

Why Choose FileMaker Server?

FileMaker Server is not just a hosting solution for databases but a comprehensive platform designed to handle complex workflows and mission-critical business operations. With the increasing complexity of business processes and the need for real-time data access, organizations require a platform that can support:

• Scalability: Whether you’re handling a small team or hundreds of users, FileMaker Server scales with your needs.
• Security Compliance: Many industries, from healthcare to finance, rely on FileMaker Server to meet stringent data security standards (e.g., HIPAA, GDPR).
• Extensibility: With support for APIs, third-party integrations, and advanced scripting, FileMaker Server can be extended to connect with virtually any other platform.

Key Features of FileMaker Server

FileMaker Server hosts various advanced features, enabling businesses to streamline data access and ensure secure interactions across their entire ecosystem. Below are the main features in greater detail:

1. Hosting Database Files FileMaker Server securely hosts your databases (.fmp12 files) and ensures fast, reliable access. It uses the Draco engine, which has been optimized for performance over decades of development, handling millions of records seamlessly.
2. FileMaker WebDirect WebDirect enables database access through a standard web browser without needing FileMaker Pro installed. This is particularly useful for environments where casual users or clients need temporary access. WebDirect supports most modern browsers like Chrome, Firefox, Safari, and Microsoft Edge, ensuring flexibility and ease of use.
3. API and Web Integration (REST, XML, OData) FileMaker Server integrates smoothly with external systems via REST APIs, XML, and OData. This integration allows you to create seamless workflows where data is passed between systems automatically, such as syncing with an eCommerce platform or fetching data from third-party systems.
   • REST API: Allows developers to interact with databases using HTTP requests, making it easy to create custom web apps, mobile solutions, or even integrate with other cloud-based services like Salesforce.
   • XML: While XML remains in use, the REST API is quickly becoming the preferred method due to its simplicity and scalability.
   • OData: A relatively newer addition, OData provides a standardized way to query and interact with data, making FileMaker Server even more versatile.
4. Backup Scheduling FileMaker Server allows you to configure custom backup schedules for individual databases or the entire server. It supports:
   • Full Backups: Capture the entire state of the database, ideal for disaster recovery.
   • Incremental Backups: Only save the changes made since the last backup, conserving disk space and speeding up the process.
5. Security and Encryption FileMaker Server uses industry-standard encryption methods to ensure secure data transmission and storage:
   • SSL/TLS Encryption: Encrypts the data transmitted between the server and clients.
   • Field-Level Encryption: FileMaker offers AES-256 encryption to protect specific fields containing sensitive information, ensuring only authorized users can access that data.

Back to Menu

2. Technologies Around the Server #tag2

Networking Essentials for FileMaker Server

When setting up FileMaker Server, understanding the networking environment is crucial for smooth operation, optimal performance, and robust security. Here’s a detailed look at the key networking components:

IP Addressing and DNS

• IPv4 vs. IPv6: FileMaker Server primarily uses IPv4 addresses. However, with the increasing demand for network addresses due to the proliferation of IoT devices, IPv6 is becoming more widely used.
  • IPv4: Example: 192.168.1.100 – still the most common format, but IPv4 addresses are becoming scarce.
  • IPv6: Example: 2001:0db8:85a3:0000:0000:8a2e:0370:7334 – this format offers virtually limitless IP addresses.
  You can use Dynamic DNS (DDNS) services to manage IP address changes dynamically. This is useful for businesses using residential or non-static IP addresses for their FileMaker Server.
• DNS Resolution: DNS converts human-readable domain names like example.com into IP addresses, which machines use to connect. In a FileMaker environment, DNS ensures clients can consistently access the server without having to memorize an IP address.

Network Ports

FileMaker Server requires specific network ports to be open for client communication. Each port serves a different function:

• Port 5003: Used for communication between FileMaker clients (Pro, Go) and FileMaker Server.
• Port 443: Secure port used for encrypted web traffic, especially when using WebDirect or interacting with REST APIs.
• Port 16000: The Admin Console communicates via this port. It’s crucial that this port is securely configured and not exposed to the public internet to avoid unauthorized access.

In addition to these default ports, you can configure additional ports if you’re running multiple services or need to support other client types like JDBC/ODBC connections. Always audit your open ports to minimize vulnerabilities.

NAT (Network Address Translation) and Firewalls

• NAT: This acts as a gateway between your internal network and the wider internet. It translates internal, non-routable IP addresses (like 192.168.1.5) into a public IP address. This allows multiple devices on your internal network to share a single public IP.
• Firewall Configuration: A firewall monitors and controls incoming and outgoing network traffic based on security rules. When configuring your firewall for FileMaker Server, ensure that only essential ports (like 5003 and 443) are open, while all others remain blocked to minimize attack surfaces.

Virtual Private Network (VPN) for Remote Access

For businesses that require remote access to FileMaker Server, consider using a VPN (Virtual Private Network). VPNs provide an encrypted tunnel between the client and server, ensuring that all traffic remains secure, even when users are connecting from public or untrusted networks.

3. Installing FileMaker Server on Ubuntu #tag3

Deploying FileMaker Server on Ubuntu requires careful planning, from preparing the server environment to running the installation script. Below is a step-by-step guide, complete with real-world tips and best practices.

Preparing Your Server

Before installing FileMaker Server on Ubuntu, make sure your environment is configured correctly:

1. Choose the Right Version: FileMaker Server supports Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. These versions are Long-Term Support (LTS), meaning they receive security updates for at least five years. Always ensure your server runs an LTS version for stability and security.
2. Check Server Specifications:
   • CPU: FileMaker Server performs best with a multi-core CPU (minimum of 4 cores). This ensures it can handle multiple client requests simultaneously.
   • RAM: 8GB of RAM is recommended for smaller deployments, but if you plan to support many clients or use WebDirect, 16GB or more is advisable.
   • Storage: SSDs are preferred for hosting database files, while standard HDDs can be used for backups.
3. Update System Packages: Ensure your server is up-to-date by running: sudo apt-get update && sudo apt-get upgrade This command ensures that all existing software packages are patched with the latest security updates.

Downloading and Installing FileMaker Server

Here’s how to install FileMaker Server step-by-step:

1. Download the Installer: First, download the installer from Claris’s website. You’ll need your Claris account credentials and product key to access the download link. After downloading, transfer the file to your Ubuntu server.Example command: wget https://downloads.claris.com/filemaker_server_installer.tar.gz
2. Install Required Libraries: FileMaker Server relies on several libraries, such as OpenSSL and Curl, for secure communication and data transfers. Use the following commands to install these dependencies: sudo apt-get install libssl1.1 libcurl4 libxml2
3. Extract the Installation Package: Use the following command to extract the downloaded FileMaker Server package: tar -xvzf filemaker_server_installer.tar.gz This command decompresses the package and prepares it for installation.
4. Run the Installer: Begin the installation process by executing the installation script: sudo ./fms_install.sh During installation, you will be prompted to provide an Admin Console username and password. This login grants access to the Admin Console for server management, so choose strong, secure credentials.
5. Configure Server Settings: Once installation is complete, configure essential server settings through the Admin Console:
   • File Hosting Directory: Define where database files are stored (preferably on a separate disk).
   • Backup Directory: Define a backup directory (ideally a different disk or volume to ensure redundancy).
6. Install SSL Certificates: Installing SSL certificates is a crucial step to securing communication between the server and clients. Generate a CSR (Certificate Signing Request) directly from the Admin Console and use this request to purchase an SSL certificate from a trusted Certificate Authority (CA).Let’s Encrypt offers free SSL certificates, and FileMaker Server 2024 now supports automatic SSL renewal via Let’s Encrypt on Ubuntu.
7. Reboot the Server: After the installation and initial configuration, it’s a best practice to reboot the server to ensure all services are running smoothly: sudo reboot After rebooting, access the Admin Console via your server’s IP address or domain name (e.g., https://yourdomain.com:16000/admin-console) to confirm the installation succeeded.

Automating the Process with Claus Lavendt’s Tool

Claus Lavendt has provided an invaluable tool that simplifies the installation and configuration process for FileMaker Server on Ubuntu. This tool allows users to generate a custom shell script tailored to their environment, automating tasks such as:

• Downloading the latest FileMaker Server version: Including specifying the build number for precision.
• Configuring caches and system settings: Automatically adjust server settings like cache size based on the server’s available RAM.
• Managing security settings: Automatically configure SSL and secure the server environment from the outset.

To download Claus’s tool and streamline your FileMaker Server installation, visit DataManix’s BrainBasket.

Back to Menu

4. Best Practices for FileMaker Server Deployment #tag4

Deploying FileMaker Server involves more than just installing the software. There are several key best practices to ensure your deployment is secure, reliable, and optimized for performance. Below are expanded details covering each aspect of server deployment.

Using Multiple Disks

A critical best practice for optimizing FileMaker Server performance and ensuring data integrity is separating different types of files onto different disks:

1. Database Files Disk:
   • Store your active FileMaker database files (.fmp12) on a high-speed SSD to ensure fast access times. This is particularly important for databases with high transaction volumes.
2. Backup Files Disk:
   • Use a separate disk (or even better, a cloud service like Amazon S3) to store backup files. Keeping backups on a different disk ensures that if the main disk fails, your backups are safe.
3. System Files Disk:
   • Always keep the operating system and FileMaker Server software on a separate system disk. This separation ensures that system processes don’t compete with database transactions for disk I/O (input/output) bandwidth.

Real-world example: Many cloud providers, including AWS, allow you to create multiple volumes attached to a single instance. Use SSDs for active database files and cheaper HDDs for backups. Claus Lavendt recommends having at least three disks in any production environment:

• System Disk: For the OS and FileMaker Server software.
• Database Disk: For live database files.
• Backup Disk: For regular backups.

Disabling Automatic File Opening

By default, FileMaker Server can be set to automatically open hosted databases after a server reboot. However, this poses a risk. In the event of a crash, automatically reopening files without verification can lead to corruption.

Best practice: Disable automatic file opening. This way, after a reboot (planned or unplanned), you’ll need to manually review the state of the databases and ensure they are corruption-free before making them accessible to users.

How to disable automatic file opening:

1. Access the FileMaker Admin Console.
2. Navigate to the Database Server Settings.
3. Disable the option for Automatic Database Opening.

Understanding the FileMaker WebDirect and Web Publishing Engine (WPE)

When hosting a solution that will be accessed via a web browser (WebDirect), or when integrating with external systems through APIs, the Web Publishing Engine (WPE) plays a crucial role. Here’s what happens under the hood:

• WebDirect uses the WPE to translate FileMaker database requests into web-compatible content. This allows users to interact with the database through a browser interface, replicating much of the functionality available in the FileMaker Pro client.
• The Web Integration Platform (WIP) is a more modern web service powered by Node.js. It supports newer technologies like JSON and REST, allowing for more efficient data exchanges and third-party integrations.

Best practice: Only enable the WPE if you’re using WebDirect or require API access. The Web Publishing Engine consumes server resources, and leaving it enabled when it’s not in use increases the server’s attack surface.

Tip: If you’re serving multiple clients via WebDirect, consider setting up secondary WPE servers. This distributes the workload and prevents a single server from being overwhelmed.

Back to Menu

5. Backup Strategy for FileMaker Server #tag7

Having a solid backup strategy is crucial for any mission-critical application. FileMaker Server provides robust backup features, and it’s essential to configure them appropriately to avoid data loss and ensure quick recovery in case of server failure or corruption.

Types of Backups

1. Hourly Data Backups:
   • Hourly backups capture the most recent changes to your databases and are essential for minimizing data loss. In the event of user error (e.g., accidentally deleting records), you can quickly restore a backup from an hour ago and recover lost data.
2. Daily Logic (Clone-Only) Backups:
   • Logic backups capture the structure of your database without any data (i.e., a database clone). This backup type is ideal for ensuring the integrity of your database schema and enables quick restoration if database corruption occurs.
3. Weekly Full Backups:
   • Weekly backups combine both data and structure and should be stored for several weeks. These backups are crucial for long-term data retention and disaster recovery.

Tip: Use immutable backups for cloud storage. Platforms like Amazon S3 allow you to store immutable backups that cannot be altered or deleted once written. This ensures that even in the case of a ransomware attack, your backups remain safe.

Remote Backup Strategies

In addition to local backups, it’s essential to have remote (off-site) backups to protect against natural disasters or hardware failures.

• Cloud-based Backup: Use cloud storage services like AWS S3 or Google Cloud Storage to maintain off-site backups. Cloud providers often offer advanced backup features like versioning and immutability, ensuring that your backups are always available and cannot be tampered with.
• Immutable Backups: As mentioned, immutability ensures that once a backup is written, it cannot be altered. This protects against ransomware attacks, which often target backups first.

For mission-critical solutions, FileMaker’s built-in backup system should be complemented with third-party backup solutions, ensuring redundancy and reliability.

Automating Backups

FileMaker Server’s Admin Console allows you to schedule backups easily. Set up multiple schedules to handle different types of backups:

• Hourly for recent data.
• Daily for both data and structure.
• Weekly for full backups that capture everything.

Always store multiple copies in different locations (locally and remotely) for redundancy.

Back to Menu

6. Solution Security Best Practices #tag5

Security is paramount when deploying FileMaker Server. With growing threats like ransomware, ensuring the security of your FileMaker Server solution must be a top priority. Below are advanced security practices that go beyond just using strong passwords.

Enforcing Strong Passwords

Password security is often the weakest link in an organization’s security chain. Weak passwords can easily be guessed or cracked by brute force attacks. To mitigate this risk, enforce strong password policies.

• Minimum length: Passwords should be at least 12 characters long, combining upper and lower-case letters, numbers, and symbols.
• Password expiration: Enforce regular password changes to reduce the risk of compromised accounts.
• External Authentication: Integrate FileMaker Server with Active Directory (AD) or OAuth for centralized user authentication. This allows you to enforce organization-wide security policies and streamline user management.

SSL and Data Encryption

In addition to strong passwords, SSL/TLS encryption is crucial for securing communications between FileMaker clients and the server. FileMaker Server natively supports SSL/TLS, ensuring that data is encrypted while in transit.

• Use Trusted Certificates: Always use certificates from trusted Certificate Authorities (CA) like Let’s Encrypt or DigiCert. Never use self-signed certificates in production environments, as they do not offer the same level of trust and security.
• Field-Level Encryption: FileMaker allows AES-256 encryption for sensitive fields, such as Social Security numbers or credit card information. This ensures that even if an attacker gains access to the database, they cannot read encrypted fields without the correct decryption key.

Regular Security Audits

Schedule regular security audits to review:

• User access levels: Ensure that only authorized users have access to sensitive data.
• Logs: Review logs regularly to detect suspicious activity.
• SSL Certificates: Check for expiring certificates and renew them promptly to avoid vulnerabilities.

By following these security best practices, you protect your organization from data breaches and ensure compliance with regulations such as GDPR or HIPAA.

Conclusion

Installing and configuring Claris FileMaker Server, especially on a platform like Ubuntu, requires careful attention to detail. By following best practices, such as using multiple disks, enforcing strong security protocols, and setting up an optimized backup strategy, you can ensure that your server is secure, performant, and reliable.

This guide is based on the invaluable insights from Claus Lavendt, with expanded details aimed at both beginner and advanced users. Whether you’re deploying on-premise or in the cloud, taking these steps will protect your organization’s data and provide a scalable, secure platform for your business applications.

Back to Menu

Additional Resources

• Download Claus Lavendt’s Free FileMaker Server Installation Tool
• https://community.claris.com/en/s/course/a5UVy0000000FK2MAM/lavendt-c-install-and-configure-your-claris-filemaker-server