LucidLink Filespaces Security Model: https://www.lucidlink.com/wp-content/uploads/LucidLink-Security_Model.pdf 

Firewall:

Encrypted LucidLink client file system data is communicated securely via TCP/IP port 443 directly with the Object Store (Bucket) - using the Object Storage credentials provided. 

All Object Storage transfers are performed through HTTPS with AES-256 end-to-end, client side authenticated encryption through the LucidLink Windows, macOS or Linux client and file system shared secret (password).

LucidLink client communicates with AES-256 encryption via TCP/IP port 443 with our Discovery Service for the purpose of Namespace verification and Metadata co-ordination.


In order for Lucid client to work behind firewall the following outbound connections on port 443 must be enabled:

• LucidLink Filespace service IP address - you need to open a ticket to LucidLink Support team in order to get your filespace service IP address.

• LucidLink discovery service - DNS Record discover.lucidlink.com (current IP is 94.130.115.74).

• Object storage endpoint(s) (standard HTTPS traffic).

   Note: In case of local object storage the inbound traffic on port 443 must also be enabled.


Software:

FUSE https://en.wikipedia.org/wiki/Filesystem_in_Userspace must be installed as a dependency on macOS and Linux. Users with strongly secured environments may receive a warning to allow 3rd-party driver installation.

macOS requires kernel extension (KEXT) approval for FUSE for macOS https://osxfuse.github.io/ please see "Filespace fails to mount macOS"

LucidFS is a required driver within a Windows environment and is included within our installation.

LucidLink client REST APIs communicates to the local daemon/service via the default instance TCP/IP port 7778. Should this port be in use the OS client will fail to start, please consult OS client fails to start

Most object storage providers require Transport Layer Security (TLS) 1.1 or greater SSL connections