System Admin

Getting started

New Install

Reference

Guides

System Admin

It’s your responsibility to oversee and manage your creative.space system, from setting up and configuring spaces to managing user accounts and ensuring the overall health and security of the system.

Welcome to the creative.space platform! As a System Admin, you are the backbone of your team's workflow. It's your job to oversee and manage your creative.space server.

Let's walk through the functionalities that are important and unique to your role:

Create User Accounts - Set up the credentials your team will use to access the storage and creative.space applications.
Allocate Storage - Carve your storage up into virtual partitions and control how capacity is allocated across them.
Schedule and Delete Snapshots - Protect your data from accidental deletion, including ransomware attacks.
Configure Networking - Quickly view activity over each connection and change IP addresses as needed to make sure users have the access they need.
Onboard Remote Users - Set up remote access by receiving a node ID from the user’s desktop app and sending out a config file with a network ID.

Navigating the Web App

As a System Admin, you have the highest level of access to the creative.space web app, which is designed to make managing the system intuitive for non-technical users.

The web app has four pages: System, Team, Spaces, and Monitor.

System

When you first log into the web app, you will arrive at the System page. This page displays how the node's storage is allocated, how the node is connected to your network, who is connected to it, what tasks are running, and what hardware is inside the node.

This is your primary control center. From the System page, you can:

Learn more

Use the System page to:

You can also use the system section to:

‣

Available Actions

Team

The Team page lists all of the user accounts that can access content on the node.

When you first log in, this page will contain two accounts:

Your admin account
A support account, which our support staff will use in case you need them to access the node.

Use the team page to:

You can also use the team page to:

Let other people manage the node
Organize information about each of your team members
Deactivate user accounts

‣

Available Actions

Spaces

The Spaces page is a file browser that shows you all of your content. When you first log in, the spaces page will be empty. As you upload content to the node, it will appear here.

Use the spaces page to:

You can also use the spaces page to:

Tabs on the Spaces Page

Beyond the file browser, there are additional tabs on the spaces page designed for various media management tasks:

Spaces - Browse the spaces hosted on your creative.space node.
Ingest - Connect, browse, and copy from read-only external storage locations using USB, SMB, and FTP
Templates - Create folder structures with custom variables and permissions for your team to apply using a form.
Snapshots - Browse your snapshots and restore deleted and modified assets from them.
Libraries - Browse the contents of your spaces based on custom metadata tags.

Spaces (Tab)

Ingest

Folder Structure Templates

Snapshots

Libraries

‣

Available Actions

Monitor

The Monitor page offers real-time performance metrics, helping you preemptively tackle potential issues.

This dashboard features gauges and graphs that display system resources over the past 10 minutes. Every second the node collects over 2,000 metrics, that can be presented as hundreds of charts, and is currently monitored by approximately 150 potential alarms. Some of these charts are displayed on this page.

Use the monitor section to:

Monitor performance

📢

INFO Your creative.space service contract includes proactive monitoring and support, primarily for identifying network congestion.

Add Your Team Members

creative.space lets you share content with everyone you work with. All you need to do is add them to your team. Your team consists of user accounts, which are assigned a role and can be put into groups.

As a System Admin, you are the only one who can create spaces, but you have the option of deferring access control to a Team Leader.

Create User Accounts

Your user account is your passport to the node. It determines what content can access, and what kinds of changes you can make to the node. Your role is System Admin. You can access everything on the node, from the content stored in it, to the management interface. Most notably, you have the power to grant others access to the node, by creating user accounts for them.

As the system administrator, you will be the one responsible for creating all of the user accounts.

📢

TIP

Create a separate account for everyone you work with. Do not share a single user account among different team members.

To create a user account:

‣

Step by Step Instructions

When the user logs in, they can change the password you gave them to whatever they like. However, you have the ability change it again just in case they forget it.

Assign a Role

Make sure to give users the proper role to control what they can see and do:

System Admin: Oversee and manage the entire creative.space system. This includes setting up and configuring Spaces, managing user accounts and permissions, and ensuring the overall health and security of the system.
System Monitor: Monitor system performance and health. They do not actively manage or configure the system, but instead keep track of system operations and report potential issues.
Team Leader: Manage access and workflow within specific Spaces. They control who can access certain Spaces and files, and ensure that team members have the necessary permissions to execute their tasks.
Team Member: Engage in creative production and collaboration within assigned Spaces. They use the platform for daily operational tasks such as file management, content creation, and collaboration.
Client: Browse, search, and find media assets through the Libraries interface. They have no access to any other web app interfaces, except to change their own password.
User: Limited to mounting shares via SMB through an OS. They have no access to the desktop app. The web app can only be accessed to change their own password.

Create Groups

If you have a large team, you can organize each team member into one or more groups. A group is a set of user accounts. A user account can be included in as many or as few groups as you want. Groups make it easy to grant all the user accounts included within them access to the same space.

To create a group:

‣

Step by Step Instructions

📢

TIP

Create groups that match your organization's structure. For example, if your organization has a group of editors, a group of animators, a group of VFX artists, and a group of production managers, make one group for each of these roles.

📢

⚠️

WARNING

If you delete a group, you will not delete any of the users within that group. However, you will revoke all of the access that the group conferred upon the included users.

Access Control

Best practice is to grant access to Spaces, folders, and files using Groups. This makes changing who can access what as easy as changing which groups a user is a member of, instead of having to change every individual permission the user has.

Adding Users to Groups: The dropdown knows who is already in the group and eliminates them from the list.

Grant a Group Access to a Space: Assign read and write access to a Space and its contents.

📢

INFO

Team Leaders only see the Spaces they have access. Once they do, they can manage permissions. This can be a critical hand-off of responsibility, where the Team Leader takes over day-to-day management of the storage.

Remove a User from a Group: To revoke a user's access, you can remove them from groups.

Deactivate a User: Alternatively, deactivating their account freezes their permissions and revokes access to the entire system.

Reactivate a User: If and when they need access again, you can simply reactivate their account and everything will be back to how it was before.

Reboot or Shutdown the System

Navigation: If you need to power cycle your system, the options can be found at the bottom of the system page.

Create Spaces

A space is a portion of the node's storage. It is a versatile way to organize, protect and restrict access to your content.

By default, spaces stretch to fit the content you place within them. However, you can limit how large a space can grow, and you can also limit how small a space can shrink.

Each space can have its own set of access restrictions. By default, no one can access a space except for the person who created it. However, you can always grant users and groups permission to access a space.

‣

Step by Step Instructions

(Alternative) Go to the Spaces page. Click the “+” button to select a Pool and then name your Space.

Sharing a Space

When you create a space, the share card will appear automatically, but you can bring it up by selecting View Share later.

Select a Share Type: Choose between SMB and Time Machine.

Set Permissions: Define access for users and groups (note: user rights take precedence over group rights).

Configure Settings: Adjust recursive permissions, space visibility (Browsable), and write permissions (Writable).

Managing Capacity with Quotas and Reservations

Navigation: Click the gear icon next to the 'Available' capacity of a Space.

Quotas: Set limits to control the growth of a space.

Reservations: Allocate and protect storage capacity from being used by other spaces.

Connect to a Space (without Desktop App)

Each space can be shared over your network. This means that you can access it from any workstation on your network. While the desktop app makes connecting to spaces much easier, as a manager it is helpful to know how to access the storage without it.

How you connect to a space varies depending on your workstation's operating system:

‣

MacOS

‣

Windows

‣

Linux

Snapshot Management

Create and schedule snapshots to secure your data.

Creating a Snapshot: Creating snapshots is easy and they do not consume any capacity until files are modified or deleted.

Expiring Snapshots: Set an expiration date to automatically delete the snapshot instead of having to do it manually.

Schedule Rolling Snapshots: We suggest creating recurring snapshots every hour that expire daily. This will provide a secure backup for file restoration purposes.

View and Manage Tasks: You can view and delete snapshot schedules from the system page.

Deleting Snapshots

From the Snapshots page: To delete a Snapshot, select the available options for the Snapshot you want to delete and choose the "Delete Snapshot" action.

From the System page: On the System page, click the gear icon next to the Snapshot usage for the Space. This will display a list of Snapshots that you can multi-select to delete in batches.

Onboarding Remote Users

Our Onboarding guide covers the process of assisting new users in connecting remotely, which is one of your main responsibilities as a System Admin.

Set Up Remote Access

Under routine post-production workflows, remote access to shared storage was challenging. However the pandemic pushed the industry to require twenty-four-hour access and collaboration from any location. VPN, WAN, and Internet access to shared projects and files present technical challenges that can be difficult to overcome, especially for small production teams. creative.space has integrated ZeroTier’s VPN and SD-WAN technology on its easy, reliable, and secure storage platform to empower the creative process. Collaborative storage is the main hub connecting remote locations.

📢

TIP

Download our creative.space Zerotier Integration whitepaper for even more information on remote workflows with creative.space and Zerotier.

Now, effortlessly control team and device access to your creative.space storage from anywhere and anytime. Create secure networks between on-premise, cloud, desktop, and mobile devices. Easily provision and de-provision remote access authorization for users, freelancers, and clients. We simplify your network stack by unifying VPNs, VLANs, and SD-WANs into one solution. The creative.space storage seamlessly interacts with ZeroTier’s zero-trust networking software to provide scalable security, peer-to-peer (P2P) connections, and 256-bit end-to-end encryption.

What does this mean for your workflow?

The bottom line is that you can quickly provide secure SMB (Network Share) and FTP remote access to folders and files on your shared storage.

As an example, the SMB connection smb://192.168.1.33/dailies, works the same as if you were onsite. Just be aware that you may need to adapt your projects to account for bandwidth speed and latency. We can assist you in implementing a proxy-based workflow.

FTP is excellent for transferring multiple directories and files to and from your creative.space storage. Another advantage of FTP is the ability to continue transferring files even if the connection is lost. In case you accidentally lose your connection or have to reboot your computer, you don’t have to worry about starting from the beginning again. You can pick up right from where you left off.

Here are some benefits of using FTP for transferring files to and from your creative.space storage:

FTP allows you to transfer multiple directories and files.
You can resume transferring files even after accidentally losing your connection.

With FTP, you can enjoy a seamless and uninterrupted file transfer experience, ensuring that your data is transferred efficiently and securely.

ℹ️

What is a Virtual Private Network? Should I enable it?

A virtual private network (VPN) is a way to connect your workstation to your node, even when they aren't on the same network. From a technical standpoint, a VPN modifies the connection between your workstation and the node so that it looks like both are on the same network. It also makes it impossible for workstations that are not on the VPN to connect to the node.

To use a VPN, you need to install special software on your workstation. This software takes care of modifying and securing the connection between your workstation and your node.

Securely authorize users and devices, and configure networks all within the creative.space web app. This integration saves multiple manual steps and needed IT security knowledge if only using the ZeroTier administration website.

There are two levels of authorization for users to access the creative.space storage:

ZeroTier for encrypted network access
A creative.space account on your server to control user rights and folder/file permissions.

Think of it as a locked gate and front door. You must have the right keys to both before you can get inside. ZeroTier offers a free Basic account for up to 50 network members and 1 admin. Their Professional account increases the numbers to 500 network members and 10 admins for $49 per month. You can always start with their free account and then upgrade as your requirements change.

Open your Gateway's Firewall

Before you can set up ZeroTier, you will need to make sure this port is open on your gateway:

Port Number	TCP/UDP	Inbound/Outbound	Why?
9993	UDP	Inbound and Outbound	Zerotier uses port 9993 to receive incoming connections.

ℹ️

What is a port? How do I know if it is open?

A port is a destination within an IP address. Every IP address has tens of thousands of unique ports. Any software that wants to send or receive data over a network needs to pick an IP address, and then occupy one or more of that address's ports.

A gateway is a device that connects your computer to the internet. Most routers and some managed switches can function as gateways. Your gateway has an IP address, and therefore, it has ports.

Your node accesses the internet through your gateway. That means that any software that runs on your node needs to send its traffic through your gateway to get to the internet. Since the Zerotier VPN client software runs on your node, it needs to send its traffic through your gateway in order to get to the internet.

The Zerotier VPN software (Zerotier) uses a single port. That port has a port number of 9993. A port number is a number that is unique to a port. It differentiates that port from the other ports in the IP address.

Zerotier needs to send its traffic through port 9993 on your gateway's IP address. If your gateway has a firewall enabled, it might not allow Zerotier to send its traffic through that port. If this is the case, you will need to open port 9993 on your gateway. Opening a port is the process of configuring your gateway's firewall so that it does not block traffic on the port.

The easiest way to check if a port is open is simply to set up the Zerotier VPN, and then check if you can connect to it over the internet. If you can, you do not need to open any ports. If you cannot, you will need to open port 9993 on your gateway. You will need to consult your gateway's user manual to find out how to open a port.

We also recommend that you open the following ports. While you do not have to open them, it helps us help you if you do:

Port Number	TCP/UDP	Inbound/Outbound	Why?
22	TCP	Outbound	We use port 22 to apply software updates and provide remote support.
53	TCP and UDP	Outbound	The node's network interfaces use port 53 to connect to Domain Name Services (DNS). Without this port, you cannot configure any network interfaces to use a custom DNS.
80	TCP	Outbound	The node's management interface uses this port to show up in your web browser
123	TCP and UDP	Outbound	The node uses this port to get the time from a Network Time Protocol (NTP) server. Without this port, you cannot connect your node to an external NTP server.
443	TCP	Outbound	The node uses this port to send you email notifications
12975	TCP	Outbound	We use port 12975 to apply software updates and provide remote support.
32976	TCP	Outbound	We use port 32976 to apply software updates and provide remote support.

Get a Zerotier API Access Token and Add It to Your Node

‣

Step by Step Instructions

Navigate the Zerotier Configuration Panel

The ZeroTier configuration panel lets you

Create new ZeroTier networks
Enable and disable existing ZeroTier networks
Join and leave ZeroTier networks

A Node for ZeroTier is a device on the network. A user’s name is automatically added to the node description field. A user can have multiple devices such as a desktop, laptop, and iPad authorized on multiple networks, each with a separate “Node ID”.

The configuration panel is divided by:

Active Networks - Lists the networks that your node is connected to. If your node is connected to a network, it can connect to the other nodes on the network. In this case, a node can be another creative.space node, or a workstation.
Disabled Networks - Lists the networks on your ZeroTier account that nothing can connect to. To use these networks, you must first enable them.
Available Networks - Lists the networks on your ZeroTier account that you can connect your creative.space node to. Once you connect your node to an available network, the network will move to the active networks section.

These are based upon the current status of your creative.space storage within each network. It also displays the number of nodes authorized for each network.

Use ’Change ZeroTier API Token’ to update the token you use to connect to your ZeroTier account. This token allows the creative.space management interface to communicate with ZeroTier.

Use ‘Filter Networks’ to search among the ZeroTier networks associated with your account.

Use ’Name for Your ZeroTier Network’ and ’Assign an IP’ to create a new ZeroTier network with a name and IP address range of your choice. The network will show up in the Available Networks section as soon as you create it.

Through the creative.space web app, you can only create “Private” networks. If you wish to create a “Public” network not requiring node authorization, it must be done on the ZeroTier administration website. If a network is configured for “Public”, the panel will display it with a red border and warning message.

At the bottom of the ZeroTier panel is a section to add a ZeroTier Network ID that is not on your ZeroTier account. It will automatically add the network, but you will need to add the storage Node ID and approve it manually on the ZeroTier administration website.

Add the ZeroTier Network ID and click the “Add” button.

Here are all of the available actions in the web and desktop apps related to ZeroTier:

Connect and Manage ZeroTier

Create a New ZeroTier Network

Join a ZeroTier Network

Leave a ZeroTier Network

Invite Desktop to ZeroTier

Remove a Workstation from a ZeroTier Network

Copy ZeroTier Node ID

Reset ZeroTier Permissions

Restart ZeroTier Service

Install the Desktop Applications on Your Workstation

Select the option that best describes your needs to get started:

‣

I am a local user...

‣

I am a remote user…

‣

I need to onboard a local user…

‣

I need to onboard a remote user…

Create Folder Structure Templates

With creative.space, you can save a folder structure with files as a template that can be applied by filling out a form to populate custom variables and apply permissions. These can include project files for the applications you use, such as Premiere Pro and DaVinci Resolve, that contain your in-app organization structure.

‣

Creating templates on MacOS

‣

Creating templates on Windows 10

Variables

When you create a new project folder structure, there are inevitably some folders and files that need unique names and other that will always be consistent across projects.

Variables allow you to define the information that needs to be customized each time the template is applied.

How does this work? Anything you put in square brackets, i.e. [], becomes a variable.

There are three types of Variables: - Text and/or Number: A user-defied text field that can be filled out with whatever alphanumeric characters you want. - Auto-Increment: Provide a starting number, which can include trailing 0s, such as 001 or 010, and each time the template is applied it will increment. - Date: A calendar will appear in the form to select Year, Month, and Day, which will be populated as YYYYMMDD so that it sorts alphabetically in chronological order.

Access Control

Folder structure templates make managing access easy by allowing permissions to be configured once and then applied automatically when a new project is created. Think of them as your organizational blueprint. How you apply permissions to control access is the key to keeping your projects orderly and manageable.

‣

How permissions work on creative.space

Do you have at least one team member who just doesn’t get with the program? No longer.

Eliminate clutter by carefully controlling write permissions for each directory in your Template to stop files and folders from being created where they shouldn’t be.

For example, making the Space and root level folders read-only, but granting write access to where assets, projects, and documents should be stored.

Here are a few important things to understand:

Recursive Permissions: Whenever you apply permissions, they will only effect the currently selected level, unless you turn on the ‘Recursive’ toggle. This will overwrite the permissions of all children with the current user and group rights.
Groups vs. Users: Granting read and write access at the group level allows you to quickly grant or revoke a user’s access with a single action, instead of having to update each item individually.
Who Owns Created Folders/Files: The person who creates the template will always be the owner of the folders and files that are a part of it regardless of who applies it.

What Can I Do?

Create a Space

Change a User's Password

Change Network Port Name

Check Drive Health

Configure Network Ports

Configure a Static Route

Invite Desktop to ZeroTier

Join a ZeroTier Network

Create a New ZeroTier Network

Delete a Space

Delete Scheduled Task(s)

Delete Multiple Snapshots

Leave a ZeroTier Network

Control Capacity Usage

Connect and Manage ZeroTier

Reboot or Shut Down the Node

Remove a Workstation from a ZeroTier Network

Restart Services

Schedule Snapshot(s)

Snapshot a Space

Roll Back to a Snapshot

This guide provides an overview of the crucial role you play as a System Administrator on the creative.space platform. For a deeper understanding of web app functionalities, continue with the Team Leader guide as your next step.

← Previous

Roles

Team Leader

📢

TIP

You can put a user in more than one group. For example, if your organization has someone who edits and animates, you can add their user account to both the editor and animator groups.