This major release strongly focuses on administration, compliance, productivity and security, and elevates all these aspects to new heights. Over and above some of the highlights we have previously unveiled, our comprehensive list of new features serves as a captivating “sneak preview” detailed in our release notes. It is plausible that as we approach the release of version 3.0, there may still be some changes, but we are confident that you and your users will find the features already presented to be impressive and invaluable. For those new to ownCloud, our enterprise documentation offers an easily digestible introduction to the core components and distinctions between ownCloud Infinite Scale and ownCloud Server. Now, let’s dive into the range of new features awaiting you in ownCloud Infinite Scale 3.0:
ownCloud Infinite Scale 3.0 makes malware checks much faster and increases acceptance within users. When uploading a file, users will not have to wait until the virus check is done. Infinite Scale is capable of asynchronous post-processing, which means that the system can efficiently handle a large number of simultaneous file scans without delays or bottlenecks that keep end users waiting.
The new Antivirus interface itself ensures secure file sharing by protecting against trojans, viruses, and other malicious software. It scans files by using an external antivirus scanning engine before storing them, thus preventing the spread of infected data. The integration of antivirus scanners through Internet Content Adaptation Protocol (ICAP) allows offloading of scanning to a dedicated service, improving performance and scalability. The interface works, for example, with ClamAV, a comprehensive virus scanner that detects various forms of malware in different file types, all managed by Infinite Scale’s Antivirus Service.
The file firewall adds an additional layer of security to the file-level. With definable rules and criteria, the admin can restrict file uploads based, for example, on file extensions, mime types or even content. This granular control helps prevent unwanted or unauthorized uploads, utilizing Infinite Scale’s Policies Service to check whether a requested operation is allowed or not. To do so, Open Policy Agent (OPA) is used to define the set of rules of what is permitted and what is not. Policies are written in the Rego query language.
With Tags, ownCloud Infinite Scale brings a flexible and intuitive way to categorize files. By assigning relevant tags to files, users can easily locate specific documents through powerful search functions. This eliminates the need to remember file names precisely or to navigate through complex folder structures, saving valuable time and effort. Unlike traditional folder-based systems, tags offer a flexible way to organize files that transcends rigid hierarchies. Users can assign multiple tags to a single file, enabling them to classify and retrieve documents using different criteria simultaneously. This adaptability allows for personalized organization methods that align with individual preferences and working styles.
Tags are stored as metadata directly on the storage system, eliminating the need for a dedicated database, and also ensuring system resilience and scalability. To further facilitate a smooth and seamless process, Infinite Scale comes equipped with a Tag API.
Experience a revolutionary way to search and retrieve files with Fulltext search in Infinite Scale 3.0’s Search Service. This unique feature makes it easier and more efficient to locate the information you need. You can now search for files based on their content, not just in titles or metadata. By simply entering keywords or phrases related to the text within documents, you can find the relevant spreadsheets, presentations, and more with utmost ease. Say goodbye to manually scanning through countless files and folders — finding the right document is now just a search away.
Fulltext search utilizes Apache’s content analysis toolkit Tika for advanced content extraction. Apache Tika ensures lightning-fast search results, delivering near-instantaneous responses to your queries. Whether you have a large document repository or a vast number of files, full text search will provide you with swift and accurate results, enabling you to access the information you need without delay. By unleashing the potential of Apache Tika, you can search the contents of a long list of file types and document formats, including PDF, DOCX, XLSX, PPTX, ODF, HTML, XML, EPUB, RTF, Tar, RAR, AR, CPIO, Zip, 7Zip, Gzip, BZip2 and many more.
Space Templates and Trash Bins
ownCloud Infinite Scale 3.0 also massively improved and extended the Spaces feature. Save precious time and ensure consistency by eliminating the need to manually create folders and subfolders every time you start a new project or onboard a new team!
When you’re creating a new project space, simply right-click on a folder of your choice, select “Create Space from selection” and the entire folder structure, complete with subfolders and files, will be instantly generated for a project space. Space templates ensure a consistent folder structure across projects providing a standardized, efficient, and customizable approach to organizing your documents. Please note that Space Templates are only available to users with the permission to create Spaces.
The separate trash bin for Spaces introduces individual trash bins for each space within your organization’s file system. A space represents a dedicated area where teams collaborate on specific projects, departments, or initiatives. With this feature, accidental file deletions and consequent loss of data are a thing of the past, as files deleted within a Space are now moved to a separate trash bin specific to that Space.
Custom User Roles: Define Your Users’ Permissions
Infinite Scale ships with the default user roles “admin”, “space admin”, “user” and “guest”. Each role has different permissions. For example, only Space admins have the permission to create Spaces, but people with the role “user” do not. By utilizing the feature custom roles, it is possible to configure roles that fit the needs of your organization.
For example, if you need custom roles for your school, you can configure the roles “teacher” and “pupil” and restrict pupils from creating public links public links. If you are interested in creating custom roles, reach out to us on Talk.
New Design for File Versions
In the third edition of Infinite Scale, File Versions have received a complete design overhaul. Navigating through version histories of a file has never been easier. Thanks to the revamped file versions feature, you gain easier access to a comprehensive version history for each file. Every time a file is modified or updated, a new version is created and securely stored, preserving a complete timeline of changes. This allows you to track and revert to previous versions as needed, ensuring data integrity and eliminating the risk of accidental data loss.
GDPR Export: Your Right to Data Portability
This update focuses on fulfilling legal requirements of Article 20 of the General Data Protection Regulation (GDPR) – the right to data portability. This feature empowers users to exercise greater control over their personal data and ensures compliance with GDPR guidelines by enabling them to easily export where and which personal data are stored within Infinite Scale. Users can now request and receive an export of their personal data in a JSON file, saved to the users’ personal files. The export can be requested at any time in self-service by the user, with a simple mouse click.
Secret File Drop: Compliance with Whistleblower Regulations and Effortless File Collection
“Secret File Drop”, a feature replacing the former “Uploader”, allows users to generate unique links that can be shared with external parties. Recipients can anonymously drop files through these links without the need for a registered account or visibility into other submissions. This ensures data privacy and eliminates the risk of unauthorized access, at the same time helping companies comply with recent whistleblower regulations.
With Secret File Drop’s effortless file collection, gathering files from an external and internal or hybrid team becomes a seamless process. Simply create a file drop link, share it with recipients, and let them submit files directly without any additional steps or complications. This feature saves time and eliminates the need for manual file collection methods, such as email attachments or physical hand-ins.
This update brings a range of functions to streamline user, group, and Space administration, enhancing the overall management experience:
- Filter Chips for Groups and Role:
Filter chips use tags or descriptive words to filter content. This empowers you to conveniently filter users based on groups and roles, and locate and manage specific user segments efficiently.
- Batch Actions:
Administrators can now modify the storage quota for multiple users at once, simplifying the management of storage allocations.
- Add to Group:
Administrators can add multiple users to a group simultaneously, streamlining the process of assigning users to specific teams or projects.
- Remove from Group:
Administrators can remove multiple users from a group in one go, ensuring efficient group membership management.
- Disable Login:
Administrators can now disable login access for multiple users simultaneously, providing better control over user accounts.
- Edit Login (Dis/-allow):
Administrators can enable or disable login access for multiple users, providing greater flexibility in managing user authentication.
- Edit Username:
- In Infinite Scale, administrators have the capability to edit usernames, which proves to be especially useful when users undergo changes to their last names, for example, in case of marriage. It is worth noting that in ownCloud Server, users were previously restricted from modifying their names, due to technical limitations. However, with Infinite Scale, the allowance for name changes has been introduced, offering users the freedom to update their names as and when needed.
- Rename Group:
Administrators can now rename groups, enabling them to update group names to better reflect their purpose or current project.
- Show Members of a Group:
You can easily view a list of members belonging to a specific group, facilitating better oversight and management of group memberships.
- Filter Members of a Group:
Administrators can filter group members, making it effortless to locate specific users within a group.
“List all Spaces”: Administrating Spaces in one overview
Administrators can now manage all Spaces within the organization in a single comprehensive platform.
The following attributes are visible:
- Name of the Spaces
- Managers of the Space
- Amount of Members in the Space
- Remaining Quota
- Last Modified Date
No access for administrators: Please note that this update does not enable viewing of contents within a Space, including files, space images, or descriptions. This limitation ensures the security and privacy of Space contents even from the eyes of an administrator.
Three View Modes
Users can now choose three view modes, enhancing file browsing and navigation options – with especially the Tiles View helping users who prioritize visual recognition and prefer a visually rich interface.
- Compact List View
The Compact List View provides a condensed and space-efficient representation of your files and folders, designed for users who prefer a streamlined view.
- Regular List View
The Regular List View offers a familiar and comprehensive approach to file organization.
- Tiles View
The Tiles View introduces a visually appealing and intuitive way to browse your files and folders. In this mode, files and folders are displayed as colorful and resizable tiles, providing a visually engaging experience. Users can preview file contents and relevant details directly within the tiles, allowing for quick identification and navigation.
Other Notable Changes
- We added a config option for cross-origin resource sharing (CORS), which, for example, allows running the Web UI on another domain. #5987
- We changed the default behavior of shares: Share receivers have no access to versions. People in Spaces with the “Editor” or “Manager” role can still see versions and work with them. #5531
- With ownCloud Web having transitioned to Vue 3 recently, we would have had to port the settings ui as well. The decision was made to discontinue the settings ui instead. As a result, all traces of the settings ui have been removed. The only user facing setting that ever existed in the settings service is now integrated into the
accountpage of ownCloud Web (click on top right user menu, then on your username to reach the account page). #5463
- We changed the default behavior of shares: Share receivers have no access to versions. People in Spaces with the “Can edit” or “Can manage” role can still see versions and work with them. #5531
- To provide more monitoring metrics, we added a debug server to the services “audit”, “idm”, “userlog”, “eventhistory” and “postprocessing”. #6178, #6153, #6203, #6202, #6204
- You can now send visually appealing notification emails with HTML templates. #6147
- WebFinger: If your deployment consists of multiple instances, the WebFinger service offers the right instances for the right users so that they can login without having to remember instance-specific URLs. #5373, #6110
- Async post-processing allows the system to carry out post-processing tasks like virusscan, copying of bytes to their final destination, etc. asynchronous to the users request. This is a huge enhancement available only with Infinite Scale! #5207
- We introduced a new setting to disable email notifications #6137
- The LDAP base DN for new groups is now configurable: The LDAP backend for the Graph service introduced a new config option for setting the Parent DN for new groups created via the
GRAPH_LDAP_GROUP_CREATE_BASE_DN). It defaults to the value of
GRAPH_LDAP_GROUP_BASE_DN. If set to a different value the
GRAPH_LDAP_GROUP_CREATE_BASE_DNneeds to be a subordinate DN of
GRAPH_LDAP_GROUP_BASE_DN. All existing groups with a DN outside the
GRAPH_LDAP_GROUP_CREATE_BASE_DNtree will be treated as read-only groups. So it is not possible to edit these groups. In the UI, this is indicated via a lock-icon in the administration settings. #5974
- Disable login for specific users: This new option in the administration settings allows login to be disabled/enabled for specific users. By setting the
falsefor a user via the graph API, users can be disabled (i.e. they can no longer log in). #5588
- New service
eventhistory: It is a service that stores events and provides a grpc API to retrieve them. Users will notice this enhancement by the bell on the top right in the Web UI and the corresponding notifications (for example, if a user receives a share or becomes a member of a Space).
- New service
policies: The policies-service provides a new grpc api, which can be used to return whether a requested operation is allowed or not. Open Policy Agent is used to determine the set of rules of what is permitted and what is not.2 further levels of authorization build on this:
- Proxy Authorization
The simplest authorization layer is in the proxy. Since every request is processed here, only simple decisions that can be processed quickly are made here, more complex queries such as file evaluation are explicitly excluded in this layer.
- Event Authorization (needs async post-processing enabled)
The next layer is event-based as a pipeline step in asynchronous post-processing. Since processing at this point is asynchronous, the operations there can also take longer and be more expensive, the bytes of a file can be examined here as an example.
- Proxy Authorization
- Enforce passwords on public links: Added a new config option to enforce passwords on public links with “Uploader,Editor,Contributor” roles. The new options are:
FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD. Check the docs on how to properly set them. #5848
- We added the possibility to restrict the creation of public links based on user roles (permission). #5690
- We added the possibility to assign roles based on OIDC claims: #6048
- Default quota based on user role: With this enhancement roles can now be configured with a default quota (for example, admins should have a default quota of 100GB, Users should have a default quota of 50GB). #5616
- Set default quota for project spaces: Additionally to
set-space-quotafor setting quota on personal Spaces we now have
Drive.ReadWriteQuota.Projectfor setting project spaces quota. #5660
- Automatically empty the trash bin (off per default): Introduction of a new cli command to purge old trash bin items. (#5500
- Metadata in MessagePack: Metadata are no longer stored in the xattr of a file, but in a dedicated, more scalable and robust file in the binary
- The Web UI was updated from Vue.js 2 to Vue.js 3. #7948
Register now for our monthly newsletter, and we will inform you as soon as ownCloud Infinite Scale 3 is out.
Introducing ownCloud Infinite Scale 3: Unleashing Limitless Possibilities for Scalability and Performance: Join our Webinar