FileMaker Cloud Getting Started Guide
Preparing to purchase and create a FileMaker Cloud instance
Getting to know Amazon Web Services
You must have an Amazon Web Services (AWS) account before you create a FileMaker Cloud instance on AWS.
If you are unfamiliar with AWS, review these sections:
Before purchasing FileMaker Cloud, decide which type of license subscription you want:
To purchase a new FileMaker Cloud license, determine the number of user connections you need. You can choose from SKUs with 5, 10, 25, and 100 user connections.
Note:For SKUs with 25 or fewer user connections, the maximum number of supported FileMaker Perform Script on Server (PSoS) sessions is 25. For SKUs with greater than 25 user connections, the maximum is 100.
- To use an existing FileMaker Server license, or if the number of user connections you need differs from the AWS SKUs, choose FileMaker Cloud BYOL.
Understanding AWS regions
Most Amazon Web Services offer regional endpoints to reduce data latency in applications. FileMaker Cloud supports these regions:
- US East (Northern Virginia)
- US West (Oregon)
- Canada (Central)
- EU (Ireland)
- EU (Frankfurt)
- Asia Pacific (Sydney)
- Asia Pacific (Tokyo)
The resources in each region are independent. For example, if you create FileMaker Cloud instances in US West and US East, the two instances are independent.
When you sign in to the AWS Elastic Compute Cloud (EC2) Management Console, you choose a region from the list next to your user name in the navigation bar. To reduce data latency, choose the region nearest you.
Step 1: Create your EC2 key pair
Note:Key pairs are region specific. When you create the key pair, it is valid only for the region selected upon sign-in.
- Sign in to the EC2 Management Console.
- If a region isn't already selected, select one from the top navigation bar.
- In the left navigation pane, under Network & Security, choose Key Pairs.
- Click Create Key Pair.
- In the Create Key Pair dialog box, name your key pair and click Create.
- The key pair is downloaded by your browser to your computer. If the extension .txt is added, delete that extension so that the key pair filename ends in .pem.
Step 2: Purchase FileMaker Cloud on the AWS Marketplace
Note:Key pairs are region specific. When you create the key pair, it is valid only for the region selected upon sign-in.
Sign in to AWS Marketplace, using your AWS account ID, IAM user name, and password. (Do not use private Amazon credentials.)
Note:If you have to sign in again to AWS Marketplace, click Sign in at the top of the page.
- Search for FileMaker Cloud.
- Click the SKU you want to purchase.
Click Continue to Subscribe on the FileMaker Cloud homepage.
Click Accept Terms on the next page.
The page displays a message about the pending subscription. After a few minutes, the message confirms that you are subscribed, and the page shows the terms for your subscription.
Note:The total price displayed on this page is an estimate.
- The default subscription term is hourly. To configure the hourly subscription, click Continue to Configuration. To choose an annual subscription term, see step 7.
To choose an annual subscription, click View Options. Choose the instance type and number of subscriptions, then click Add.
The instance type must be the same as the one you select when you create the instance. See Create your cloud instance.
Important:By default, the Number of subscriptions is set to 1. Don't change the default number if you need to purchase one subscription for the selected SKU. For example, if the selected SKU is for 10 users, and the number of subscriptions is 1, you purchase one subscription for 10 connections. If you add additional subscriptions, you must use the same instance type; otherwise, the subscription term will be hourly.
Review the subscription information, then click Purchase. (You might have to scroll up to see the Purchase button.)
If all the information is correct, click Confirm Order on the next page.
Important:You will be charged the full annual subscription fee after you click Confirm Order.
After the purchase is complete, the page displays the terms for your subscription.
Click Continue to Configuration.
Click Usage Instructions to display instructions and links necessary for creating your instance. To choose a link for a regional cloud template on the Usage Instructions page, see Create your FileMaker Cloud instance.
Important:Do not click the Launch button on this page. To create your instance, you need to click Usage Instructions.
Create your FileMaker Cloud instance
Step 1: Create your cloud instance
To create your instance from the Launch This Software page in AWS:
- Click Usage Instructions.
On the Usage Instructions page, click the link for a regional cloud template. Choose the link for the region nearest you. If you previously created a key pair, choose the same region as before.
The Create Stack wizard guides you through the four steps to create an instance.
On the Select Template page, click Next to use the stack template URL selected at the bottom of the screen. This URL determines the properties of the cloud stack that will be created.
On the Specify Details page, enter the following and then click Next.
- A stack name. This name identifies your stack in AWS. It can contain only letters, numbers, and dashes.
- An email address for signing in to FileMaker Cloud. This email address will be the root administrator user name.
- An instance type.
For annual subscriptions, you must choose the same instance type as the one you selected when you purchased FileMaker Cloud. See Purchase FileMaker Cloud on the AWS Marketplace.
- The key name of your key pair.
Click Next on the Options page to continue. (These settings are optional.)
Review your settings, acknowledge possible Identity and Access Management (IAM) resource creation, and click Create.
The CloudFormation Management Console screen appears. If you have not created stacks before, no stacks are listed. You can check on your stack by clicking the Refresh button at the top right of the list.
The stack status is CREATE_IN_PROGRESS.
Wait several minutes while the stack is created. The status changes to CREATE_COMPLETE when the process is finished.
- Monitoring stack creation on the Events tab for your instance in the CloudFormation Management Console is good practice. You can add a CloudFormation shortcut (and other services, such as EC2) to the AWS Services navigation bar by clicking the pushpin icon in the navigation bar and dragging the CloudFormation service there.
- If the stack detects an internal failure during creation, the cloud formation template terminates the stack, and the CloudFormation Console displays a failure message.
- If the stack creation is successful, the console displays a success message.
- If the stack times out, its creation is rolled back and the console displays a "wait condition" message. The default wait time is 15 minutes, and the timer starts after the instance is created.
Step 2: Set up FileMaker Cloud
- If you did not select a BYOL license, skip to step 2. If you selected a BYOL license, you receive an email with a link to the FileMaker Store, sent to the email address specified when you created the instance. After the FileMaker Store completes your transaction, you receive the email shown in the next step.
Wait to receive an email from the FileMaker Cloud administrator, sent to the address specified when you created the instance.
Note:If you plan to use a custom signed SSL certificate instead of the default Comodo certificate, copy and save the URL that appears in the browser when you click the the Setup page link in the email. You will need the generated host name for Domain Name Service (DNS) mapping when you import the custom certificate.
Click the link in the email, complete these fields on the Welcome page, then click Set Up:
- Amazon Account Number: Your Amazon account number. To locate it on the AWS Management Console, click Support, choose Support Center, and view your 12-digit account number at the upper right.
- Host Name: Create a host name for FileMaker Cloud. This name appears in the server URL, and cannot exceed 40 characters.
- Password: Create a password. The password must have from 8 to 128 characters and include three of these four character types: uppercase letter, lowercase letter, number, and symbol.
- Confirm Password: Confirm the password you created.
- Local Time Zone: Choose your local time zone from the list.
The Admin Console Setup page appears, displaying a countdown timer and a wait message.
Sign in when the Admin Console Sign In page appears. Your user name is the email address you specified when you created the instance.
You are prompted to accept the End User License Agreement for FileMaker Cloud. Click Agree and Continue.
If you don't agree and choose Disagree and Delete Instance, the Proceed with Deletion dialog box appears. Enter the root administrator email address and password, and confirm deletion. In AWS, your FileMaker Cloud stack is immediately deleted and the instance is terminated.
Note:When you delete your FileMaker Cloud instance, you are still subscribed to FileMaker Cloud in AWS. (You cancel your software subscription via your AWS account.)
In the FileMaker Cloud Opt-in Registration page, enter your information and click Submit. Or, click I will do this later at the bottom of the page.
If you choose to register later, go to the Opt-in Registration area in Subscription > Subscription Center to complete registration.
- For information on using FileMaker Cloud Admin Console, see FileMaker Cloud Help.
- Once the stack creation is complete, charges for your instance begin accruing on AWS.
- BYOL users may have to wait as long as a day for the FileMaker Store to validate their license. During any wait time, they will accrue AWS charges before receipt of the welcome email.
Processing your host name and SSL certificate
During FileMaker Cloud setup, FileMaker provides a default Secure Socket Layer (SSL) certificate issued by the Comodo certificate authority (CA). Comodo reviews your requested host name and assigns the SSL certificate to your fully qualified domain name (FQDN).
If a delay occurs in processing your request, FileMaker Cloud provides a temporary host name for you to sign in with, as shown here:
Follow these steps while you wait for your host name request to be processed:
Enter your user name and password, and click Sign In.
You see a notification that the associated SSL certificate is not yet available and the temporary host name has been assigned. You can work with FileMaker databases while you wait, but do not make any changes to your FileMaker Cloud instance.
When the SSL certificate for your host name is ready, a second notification appears. Click Import Comodo Certificate.
- In the confirmation dialog box, click Import and Restart.
A wait page appears, displaying the URL with your requested host name. Write down the URL in case you need to troubleshoot.
- You receive an email when your instance with the requested host name is ready. Click the URL in the email to sign in.
Creating a new host name
A delay in host name processing might mean that your host name will be rejected by Comodo. For example, if your host name includes an established company or website name, it can be rejected.
If your host name is rejected, you see the following notification in FileMaker Cloud Admin Console:
Follow these steps to create a new host name:
- Click Enter Host Name in the notification.
In the host name dialog box, enter a new host name and click Request Name.
A message confirms the host name request.
- When the host name and SSL certificate have been successfully processed, a second notification appears. Click Import Comodo Certificate.
- In the confirmation dialog box, click Import and Restart.
- A wait page appears, displaying the URL with the new host name. Write down the URL in case you need to troubleshoot.
- You receive an email when your instance with the new host name is ready. Click the URL in the email to sign in.
FileMaker Cloud system requirements
Hardware and software requirements
FileMaker Cloud hardware and software requirements are listed here: FileMaker Cloud Technical Specifications.
Supported data sources
The following ESS data sources are supported:
- Microsoft SQL Server 2012 SP1, 2014, and 2016
- MySQL 5.7.14 Community Edition (free)
- Oracle 11g R2, Oracle 12c R1, and Oracle 12c R2
The following Linux ODBC drivers are supported:
- Microsoft ODBC Driver 13 for SQL Server (version 220.127.116.11, 64-bit)
Supports Microsoft SQL Server 2008, 2008 R2, 2012, 2014, and Windows Azure database
- MySQL ODBC 5.2 Unicode Driver (version 5.2.5, 64-bit)
- Oracle Database 12c Release 2 Client for Microsoft Windows (version 18.104.22.168.0, 64-bit)
Instance sizing and pricing
Review the AWS EC2 Instance types to choose the instance type that best suits your needs. See the following summary table, or see Amazon EC2 instance types.
- Review the pricing details for your instance type on the FileMaker Cloud homepage. See Amazon EC2 pricing.
Important: Your FileMaker Cloud instance is a compute resource in AWS. If you have an hourly subscription, you pay on an hourly basis from the time you launch or start a compute resource until the time you stop or terminate it. (For data storage and transfer, you pay on a per-gigabyte basis.) You can turn off your compute resources and stop paying for them when you don’t need them. See AWS EC2 User Guide, "Stop and Start your Instance".
This table summarizes the instance types supported for FileMaker Cloud. For each type, storage is Amazon Elastic Block Storage (EBS), a durable block-level storage volume attached to a single EC2 instance. For optimal operation, FileMaker Cloud requires 40 GB of storage. Each instance will include 40 GB of EBS. You can upgrade the volume size at additional cost.
|Type||Description||Use for||vCPU||CPU credits/hour||Memory (GiB)|
|t2.medium||Used for workloads that don’t use the full CPU often or consistently, but occasionally need to burst (surge). The baseline performance and ability to burst are governed by CPU Credits.||Early product experiments, small databases||2||24||4|
|m4.xlarge||Provides a balance of compute, memory, and network resources. A good choice for many applications. Provides EBS optimization through dedicated EBS throughput of 750 Mbps. Provides support for EC2 Enhanced Networking.||Most applications||4||16|
|c4.xlarge||Features the highest performing processors and the lowest price/compute performance in EC2. Provides EBS optimization through dedicated EBS throughput of 750 Mbps. Provides support for Enhanced Networking and Clustering.||High compute performance and advanced optimization||4||7.5|
FileMaker Cloud security
AWS security features
This section describes AWS security features and the steps you can take as the root administrator to apply these security features to your FileMaker Cloud instance.
Root credentials: Secure your root AWS account credentials by setting up multi-factor authentication (MFA), to require more than one method of authentication. See Using Multi-Factor Authentication in AWS.
Protecting your key pair
You created an EC2 key pair used to launch your FileMaker Cloud instance and to provide Secure Shell (SSH) access. Amazon EC2 stores the public key only, and you store the private key. Anyone who possesses your private key can decrypt your login information, so it's important that you store your private keys in a secure place.
For increased security, instead of using Amazon EC2 to create your key pair, you can create an RSA key pair using a third-party tool and import the public key into Amazon EC2. For example, use
ssh-keygen (provided with the standard OpenSSH installation) to create a key pair and protect your key pair with a passphrase.
To create a key pair with passphrase protection using
On the Linux command line of your local machine, enter
ssh-keygen -f /path/filename
Your private key will be stored in the path and file specified. For example:
When prompted, enter and reenter a passphrase.
The key pair is generated, as shown in a series of messages.
- Import the public key: in the AWS Management Console, under Network and Security, choose Key Pairs and click the Import Key Pair tab.
- In the Import Key Pair dialog box, browse to the public key file location, or use the
catcommand to copy and paste the public key.
To connect to your instance using the passphrase-protected private key:
- On the Linux command line, enter
ssh -i /path/filename centos@ipaddress
yeswhen prompted to connect.
- Enter the passphrase in the dialog box, and click OK.
AWS Simple Email Service (SES): FileMaker Cloud uses AWS SES for sending emails to administrators. Security is enhanced because you don't have to set up an SMTP server and open port 25.
AWS Web Application Firewall (WAF): Consider purchasing AWS WAF, a web application firewall that can help protect FileMaker Cloud against web security risks. With AWS WAF, you first identify the Amazon CloudFront web distribution to protect, and then create and deploy the rules and filters that will best protect your instance. See AWS WAF Product Details.
Managing ports in your security group
Control network access to your EC2 instance through the security group, which acts like a built-in software firewall for your instance. The security group allows you to filter both inbound and outbound traffic. FileMaker Cloud doesn't filter outbound traffic because each customer's users will be unique. However, if you have a known set of outbound ports, you can configure them for your instance's security.
Limit inbound traffic to specific ports and protocols, and specify which IP addresses can have access to your instance. FileMaker Cloud restricts access for each instance's default security group to the following inbound ports.
|80||FileMaker Cloud, FileMaker Cloud web server, FileMaker Cloud Admin Console users, client users||HTTP|
|443||FileMaker Cloud, FileMaker Cloud web server, client users||HTTPS|
|5003||FileMaker Cloud, FileMaker Pro Advanced, FileMaker Go client users||Hosting databases|
You may need to configure two additional ports for your FileMaker Cloud instance:
- For Secure Shell (SSH) access, open port 22.
- For access by ODBC or JDBC clients, open port 2399.
To configure a port:
- In the AWS Management Console, select your instance.
- On the Description tab, click the Security groups link.
- Click the Inbound tab.
- Click Edit.
- In the Edit inbound rules dialog box, click Add Rule.
For each port, specify the port type, number, source, and IP address or range in CIDR notation.
- For SSH access, choose SSH. Port 22 appears as the number. Choose Custom and enter the IP address or range.
- For ODBC or JDBC client access, choose Custom TCP Rule and enter port 2399. Choose Custom and enter the IP address or range.
- Click Save.
Note:Click the i button for information on accepted values for any column.
Restrict inbound traffic for the remaining ports 80, 443, and 5003. Avoid inbound access from Anywhere.
For secure access from an ODBC or JDBC client, use a Virtual Private Network (VPN) to connect the client to FileMaker Cloud.
Make sure to protect the SSH key pair with a passphrase to limit access to your instance. See Protecting your key pair.
Denial of service attack prevention: FileMaker Cloud implements rules for rate control. If ports 80, 443, or 2399 receive greater than 20 hits per second from the same incoming IP address, subsequent hits are dropped.
FileMaker Cloud security features
This section describes FileMaker Cloud security features and the steps you can take as the root administrator to manage these features in your FileMaker Cloud instance.
Software patching: You receive notifications when patches are available.
Non-root credentials: FileMaker Cloud requires that you set up Login with Amazon, an identity provider based on OAuth 2.0. This feature allows authenticated users to sign in to FileMaker Cloud with their Amazon credentials. These users have limited access to FileMaker Cloud; for example, they cannot see the configuration page, where the root user can change their email address or password.
Database encryption: FileMaker Cloud encrypts all the information stored in a database file (also known as encryption at rest) before opening it. You are required to create an encryption password for the database, and have the option of saving the password and creating a hint for it.
Session timeouts: Set session timeouts for FileMaker Go and FileMaker Pro Advanced clients. The default session timeout for FileMaker WebDirect users is 15 minutes. When client users' idle periods reach the timeout setting, they are disconnected. Setting session timeouts reduces the risk of database files being accessed by an unattended computer or mobile device.
FileMaker Cloud plug-ins: Use plug-ins only from trusted sources. Plug-ins can access and modify your solution and connect to other services over the Internet. If you enable FileMaker Script Engine (FMSE) plug-ins, you can choose whether to allow scripts to install, update, and load plug-ins using the Install Plug-In File script step. Similarly, if you allow FileMaker WebDirect plug-ins, you can choose whether to allow the Install Plug-In File script step in FileMaker WebDirect.
Log file entries: Frequently download and review the Event.log file for the keyword SECURITY to see security-related entries.
FileMaker Script Engine (FMSE) access: FileMaker Cloud limits FMSE access for enhanced security in the following ways:
- FMSE cannot query the AWS metadata service.
- FMSE cannot send requests to localhost at ports 1895 and 16002.
- FMSE cannot execute applications from the Data folder, and it can access only the Data/Documents and Data/Database folders.
The following terms appear during purchase or stack creation. For detailed descriptions, see the AWS documentation.
Amazon Elastic Blockstore (Amazon EBS) – Block-level storage volumes for use with Amazon EC2 instances.
Amazon Elastic Compute Cloud (Amazon EC2) – Scalable computing capacity in the AWS cloud.
Amazon Machine Image (AMI) – A preconfigured template for instance creation.
Amazon Simple Storage Service (Amazon S3) – Storage for the Internet, used to store and retrieve any amount of data at any time, from anywhere on the web.
BYOL – Bring Your Own License. A license model that lets you use an existing software license for a cloud instance.
Identity and Access Management (IAM) – A web service that lets you control access to AWS resources for your users.
instance – A virtual computing environment.
instance type – A preset configuration of CPU, memory, storage, and networking capacity.
key pair – Provides secure login information for your instances. AWS stores the public key, and you store the private key in a secure place.
SKU – Stockkeeping unit. An identification, usually alphanumeric, of a specific product that allows it to be tracked for inventory purposes.
snapshot – A backup of your volumes that is stored in Amazon S3. Use these snapshots as the starting point for new Amazon EBS volumes or to protect your data for long-term durability.
stack – A group of related resources that you manage as a named unit.
switchover – For FileMaker Cloud, an instance switchover occurs when the administrator initiates a change that produces a fresh copy of the instance. These actions trigger an instance switchover: version upgrade, instance refresh, and instance type or storage volume upgrade.
tag – Metadata that you create and assign to your Amazon EC2 resources. Tags are case-sensitive key-value pairs that help you manage your instances. For example, you could define a tag with Key = Name and Value = OregonServer.
template – An AWS CloudFormation template is a formatted text file that describes the resources to be provisioned in your AWS CloudFormation stacks.
timeout – Sets the number of minutes before stack creation times out. The default is 15 minutes for initial stack creation and 60 minutes for upgraded stacks.