Login at Kodi Home

koga73 · 2012-07-07, 03:05

Hi,
I want to migrate my video files from my desktop onto my server. I have both Windows Server and Linux VMs and want to leverage encryption on the file system that contains my video files. I want clients to be able to add the videos on my server to their xbmc libraries in a secure way. Ideally I don't want xbmc running on the server and would like to use Windows Server. If I'm running in linux everything has to work through the CLI no GUI or VNC.

I really want to find the best solution that meets the requirements above; here is what I am currently exploring:

• NFS - Problem is I would have to use third party file encryption such as TrueCrypt and after doing some research I'm finding that it might not be a good idea due to the fact that the many clients encrypting files could cause corruption and damage the entire file system.

• Windows Server with BitLocker encryption. Clients would need VPN access to the network to add the shared video directory. Problem is I don't know if this would work for non-Windows clients and while I'm not anticipating any at the moment I want to keep my options open.

• I see that xbmc has the option to add videos from SMB and this could be a viable solution as I understand this is well supported for non-Windows clients but I'm a bit unsure as how to set this up.

Any help or suggestions is appreciated!
Thanks

~~Ned Scott~~ · 2012-07-07, 08:16

Why use file encryption instead of encrypting the network connection? Not sure what exactly you are looking to do, but something like an SSH tunnel would work for most situations.

**vicbitter** · (This post was last modified: 2012-07-07, 13:36 by vicbitter.)

a) When you say "leverage encryption on the file system", I am assuming you mean Full Disk Encryption as opposed to file/folder-based encryption? Full Disk Encryption only protects data at rest and not while the Operating System is running.
b) When you say "I want clients to be able to add the videos on my server to their xbmc libraries in a secure way" sounds like you are concerned about protecting the connection between the client and the server. ie. Protection against eavesdropping or man in the middle attacks... This would be achieved by encrypting the network connection (such as, using SSH as Ned suggested). Are you using a private network (ie. your home newtork) or is it public? If this is your own private network, it seems odd that you would need additional encryption on top of what could be achieved through standard network configuration...

I guess it comes down to what are you trying to achieve with encryption?

koga73 · 2012-07-07, 16:50

I want to use full disk encryption. Im a strong beliver in disk encryption as without it anybody can access the contents of your hard drives... likewise if your disks are not encrypted your data can be read via a live cd or usb.

As for clients connecting in a secure way this is meant for clients connecting from outside my network for instance if I take my laptop somewhere else and want to watch a movie. The only people I will really be sharing my library with is friends and family however my server is in my house so security is a high priority for me as I dont want somebody to hack into my home network.

SSH could work and my router is VPN capable so that is a possibility as well. If i go the SSH route that would mean I would be running from linux... how would I set this up would I need xbmc running on my server? is there a command line version as I stated I dont have GUI or VNC on my linux VMs. If possible I would like to use Windows Server as I feel it would be easier to manage.

Thanks for the help

**vicbitter** · (This post was last modified: 2012-07-07, 19:56 by vicbitter.)

Okay... As I said Full Disk Encryption only protects the data at rest. i.e. When the machine is powered off. Given that most servers are always running you'll have limited protection. On the other hand, it does makes sense for laptops, etc where you can't always ensure physical protection of the machine. However, this is really out of scope of XBMC and has no impact once the machines are up and running so I would put it to one side...

WRT external access, again this is not so much an issue for XBMC but more about how you protect your home network from unauthorised access... There are a number of VPN solutions that can be used, such as, Routers with in-built VPNs or VPN plug-ins, etc for NAS. eg. Amahi Home Server which comes with an in-built VPN (https://www.amahi.org/tour/vpn)