Encrypted Connections to M-Files Server

M-Files clients can use different protocols when they communicate with M-Files Server. If users access data from outside the organization's private network, encrypting the network communication is usually mandatory. M-Files clients support end-to-end encrypted connections to the server.

For details on available protocols and how to create the connection, see Adding a Vault Connection.

M-Files Cloud server

The connection is always end-to-end encrypted with HTTPS protocol, which is implemented with a public Transport Layer Security (TLS) certificate.

The desktop client always uses the gRPC protocol to encode the data. When you configure the protocol, you will see gRPC and not HTTPS. gRPC steps on HTTPS as the network carrier protocol and for encryption.

On-premises server

With on-premises server configurations, you can select more connection protocol options:
  • gRPC - recommended
  • RPC over HTTPS - obsolete
  • TCP/IP - obsolete

gRPC - recommended

Note: M-Files recommends that you use the gRPC connection protocol with all new M-Files implementations for all client connections.

You can configure the gRPC connection with or without encryption. To require an encrypted connection, a valid TLS certificate must be in use on the server. To learn more about server certificates, see Managing Server Certificates, or refer to Setting Up M-Files to Use gRPC in M-Files Support Portal.

RPC over HTTPS - obsolete

Note: RPC over HTTPS protocol is obsolete and it is not recommended for new installations. M-Files recommends that you use the gRPC connection protocol with all new M-Files implementations and also set up gRPC on existing installations.

The classic M-Files Desktop can use the RPC over HTTPS to communicate with M-Files Server.

RPC over HTTPS steps on the HTTPS encryption provided by an old IIS feature. The IIS feature must be present between the M-Files client and M-Files Server. RPC over HTTPS encapsulates the underlying RPC protocol inside HTTPS for encryption. For more information, refer to Enabling RPC over HTTPS Connections to M-Files Server in M-Files Support Portal.

TCP/IP - obsolete

Note: TCP/IP protocol is obsolete and it is not recommended for new installations. M-Files recommends that you use the gRPC connection protocol with all new M-Files implementations and also set up gRPC on existing installations.

When both computers are connected to the same domain, TCP/IP uses RPC protocol and is encrypted by default. Because no additional configuration steps are needed for this communication mode, it is usually an easier way to communicate inside the organization's internal network. Please make a note that it is not recommended to use TCP/IP outside internal networks. For more information, refer to Protecting Data in Transit in M-Files in M-Files Support Portal.

Other clients

You can also encrypt the M-Files Web and M-Files Mobile connections. In M-Files Cloud, the connection is always end-to-end encrypted with HTTPS protocol, which is implemented with a public TLS certificate. In an on-premises environment, make sure that the server requires HTTPS and has a valid certificate that the client trusts. For more information, see Setting Up Web and Mobile Access to M-Files.

M-Files Web

M-Files Web and the classic M-Files Web use HTTP or HTTPS protocol to connect to the server. Both clients use the web browser when setting up the connection and encrypting it.

M-Files Mobile

By default, M-Files Mobile tries to use gRPC protocol for the server communication. If gRPC is not available, M-Files Mobile uses the REST API of the server or vault. Both protocols use HTTPS for encryption.