Storage


To store the uploaded PDF documents, Bulksign requires the configuration of a storage path. This path can be both local (example c:\Program Files\Bulksign\Storage) or a network path (\\DSF\BulksignStorage)

Q: What is the protocol used to access files over the network share ?

A : Protocol is SMB. The opened ports required for SMB are 445 and 137-139 (these are used for NetBios/Name resolution).

Important!

If the network share is only accessible to a certain user, Bulksign IIS websites and Bulksign Windows service need also to be changed so they will run under the user which has access to the network share.

Please see this section about how to configure Bulksign for this scenario

Encrypting the stored data on disk

For security reasons, Bulksign also supports encrypting the data at rest (the stored documents on disk). The encryption is done using AES .

Here is how to enable the storage encryption : 

    "StorageEncryption" : {
        "Enabled" : "true",
        "IStorageEncryptionProvider" : "Bulksign.Integrations.EnvironmentStorageEncryptionProvider, Bulksign.Integrations.dll"
    },

To encrypt the data, a encryption key is needed. To retrieve the encryption key, Bulksign has a provider model which allows the key retrieval from any source. The default provider shipped with Bulksign allows the key to be stored in a environment variable (either the system or the user are supported, we recommend to user a user environment variable) . Here is how the configuration looks like : 

   "IStorageEncryptionProvider.EnvironmentVariable.VariableName" : "BulksignKey",// the name of the environemnt variable which contains the key
   "IStorageEncryptionProvider.EnvironmentVariable.Target" : "User",             // allowed values are "Machine" or "User", depending where the environment variable is stored

Antivirus scan for storage files

For the best balance between security and I/O performance, we recommend to implement a IFileScannerProvider provider to scan the files before they being written to storage. Comparing to real time scanning, the advantage of a IFileScannerProvider is that is scanning ALL input files only once.

Out of the box Bulksign ships with a provider that allows you to scan the files before being written to disk using ClamAV .

This can be enabled like this :

    "IFileScannerProvider": "Bulksign.FileScanner.ClamScanProvider, C:\\Program Files\\Bulksign\\Settings\\Providers\\ClamAV\\Bulksign.Provider.ClamAv.dll"

The provider settings are :

"IFileScannerProvider.ClamAVScanner.Port": "3310",
"IFileScannerProvider.ClamAVScanner.ServerName": "localhost",
"IFileScannerProvider.ClamAVScanner.TimeoutSeconds": "30",
Important!

We recommend you to deploy ClamAV on the same server as Bulksign.