Welcome to Plastic Cloud Edition - the Plastic SCM hosted solution.
The purpose of this guide is to help you get up to speed with Plastic Cloud Edition and its key
This guides serves as a walkthrough to get your Plastic repositories (repos) up and running in the cloud.
What is Plastic Cloud
Plastic Cloud is the hosted Plastic SCM server solution.
We have two different Cloud products:
Plastic Cloud Edition
For teams who do not need an on-premises server. The only central location is the Cloud.
Team members can have local clones of the repositories or alternatively work directly connected to the Cloud.
Requirements: Purchase Cloud Edition (not Team + Cloud).
This guide documents this version of Plastic Cloud.
Plastic SCM Team Edition plus Cloud extension
This is a different product designed for teams who require an on-premises server (included in Team Edition)
and also host repositories on the Cloud.
Requirements: Purchase Team Edition and add the Cloud Extension (not Cloud Edition).
From a user perspective, you will work with Plastic Cloud just as you do with a conventional Plastic SCM server;
you will push and pull branches, create repositories, manage permissions, and so on.
Internally, Plastic Cloud uses a fully redesigned Plastic server core. The cloud core runs on several cloud roles instead
of just a single computer. This means that it can be horizontally scaled by simply adding more roles (computers).
Plastic Cloud is a multi-tenant and highly scalable solution, capable of handling thousands of different organizations.
It makes the best possible use of the underlying cloud infrastructure.
In practice, this means you don't have to worry about server setup or maintenance. We'll handle that for you!
Who is it for?
There are many scenarios where Plastic Cloud Edition fits. Just to mention a few:
You are a small team and don't want to handle any infrastructure. You're already running Plastic on your laptops
but you don't want to install and administer your own Plastic server. However, you still need a central rendezvous
point for the team. Plastic Cloud extension is for you.
You are part of a large corporate team working in several locations across the globe. You need a central server
but you don't want to depend on your IT group. You can setup a Plastic Cloud organization for you and use it as
your hosted central server. You would like to enforce encryption on all the data pushed to the cloud prior to
sending it outside your network for maximum security.
You are a game development team (or any other team dealing with large repositories and huge files) and you couldn't
find a suitable solution with mainstream hosting providers of version control software. Git-based solutions have
the well-known 2GB repos limit. If you need more than that, Plastic Cloud is for you.
These are just 3 key scenarios, but there are many more. Some teams asked us to use the Plastic Cloud extension as
a live cloud-based backup, and that's certainly an option too.
Work centralized, distributed or both
Plastic Cloud Edition is designed with fully distributed teams in mind. But, Plastic Cloud Edition also supports
centralized and mixed way of working:
The team members that don't want intermediate repositories and no push/pull actions can go for a simpler direct
checkin to Plastic Cloud cycle.
This is the best option for artists in games together with Gluon.
And it's also available for coders who want to work centralized with
Plastic (the developer GUI).
Each developer works on their machine. Each developer has their own local Plastic SCM repo (or collection of
repositories), so that checkins are always local and blazing fast.
The developers both belong to the same Plastic Cloud organization and deliver changes to Plastic Cloud through
This is the best options for developers using Plastic (the
Working both distributed and centralized:
Your team doesn't have to stick with one of these two ways of working—distributed or centralized. Some team
members can work centralized and some others distributed.
And Plastic, the developer GUI, also lets you work distributed.
In a distributed workflow, you have a workspace and a local repository (the intermediate repository) where you
directly checkin to, and then you push/pull to the remote repository in a Plastic Cloud server:
In the following Plastic example, you will have:
a workspace (testsrc)
in your machine (Path on disk)
pointing to your repository (testsource)
Then, you will work with Plastic as you would normally do by:
Once you login, you will enter the organizations management area. There aren't many options at this point so you'll
see it is extremely simple to use.
Basically, all that you see is a list of the organizations you belong to.
If you are the administrator of an organization (we'll make you the admin when you request the organization),
you'll be able to manage it.
If you click Edit, you'll see something like this:
This is a simple page where you can edit the description of your organization.
You can click the View activity button to open a new page where you can see the usage of
your entire cloud organization:
You can also click the Details link to launch a new page with the details by repository:
Read the following chapter to learn how and what you can manage of your Cloud organization.
Editing lock rules
By clicking the Edit lock rules button in the Cloud dashboard, you can start configuring
the exclusive checkout.
The lock rules let you configure exclusive locking for binary files when you perform a checkout.
The exclusive checkout (or locking) is helpful when working with files than cannot be merged like binary files
(images, video, audio...).
Using this feature, you can tell Plastic SCM what kinds of files need locking on checkout. If enabled, checking out
a file will prevent other users from doing the same thing until you checkin or undo your changes. Any user can be
assured that no new revisions of their checked-out files will appear while they're working on them.
The system performs the following operations:
Is the file locked? If so, it can't be checked out.
If it isn't locked, the file can be potentially locked. Plastic SCM will check whether the file name matches any
of the defined lock rules. If the file name matches the rules, the file will be locked.
You can define rules than can be applied to:
All repositories (organization rules)
To specific repositories. These rules can be file extensions (such as *.xlsx, *.png
or *.blend) or specific file names (such as readme.txt).
To create / edit lock rules for the organization (all repositories):
Enter the locking rules you want apply. You can click on the Load common lock rules
button to load the most typical rules used (the ones related to binary files). You can add more rules or
remove some of them.
To store the lock rules, click the Save button to store the lock rules.
To create / edit lock rules for a specific repository:
For the repository that you want to edit its lock rules, click the Add repository rules
A new empty field will appear under the repository name:
Enter your own rules or load the suggested common lock rules by clicking
Load common lock rules. You can edit them as well.
Click the Save button.
You can remove all repository rules at any time by clicking the Clear repository rules.
Users and groups in Plastic Cloud
Plastic Cloud uses the same underlying mechanism to handle users and groups just like a regular Plastic SCM server.
But, unlike Plastic SCM, instead of retrieving users and groups from LDAP, Active Directory, or a custom defined
user/password file, Plastic Cloud works as follows:
Users are retrieved from plasticscm.com. You can invite any user to join your organization, and
once they sign up to plasticscm.com, they will be valid users.
Groups are defined by organization. It is just like a cloud-based
groups.conf defined from the organization management area. You can add invited users to
the groups you create.
You can define access policies to the cloud server for users and groups. You configure access policies by using the
Plastic SCM GUI tool or the command line just like you would do with a regular server. At this
point, all that you need to do in the web interface is to define the users, the groups, and its relationships.
You can define users as administrators in the web interface, but it just means that they can access the organization
administration area. It doesn't have any influence on the Plastic repositories.
In the Users and groups organization administration area, just click
Add new user and you will arrive at this page:
You can enter the email of any user you want to invite, even if they are not yet a plasticscm.com user. They will
have to sign up to plasticscm.com prior to signing in, but you can already configure your groups counting on them
as valid users.
By default, any new user will be automatically added to the built-in group called Developers. Of
course, you can delete the group or rename it.
By default, every new organization comes with two groups: Administrators and
Developers. Every new user marked as Administrator will go to the
Administrators group, and everyone else to Developers.
You can add new groups, delete the default ones, or rename them.
You can also add users to a group. Just click the edit icon
to the right of the group name to access the group configuration area:
Here, I'm just editing the pre-configured Developers group.
From here, I can delete users and add new ones and also go to create new groups. I can also rename the group and
edit its description.
If I click Add new member, I'll go to the following page:
Here, I can simply type the email of a user that I want to add to the group.
Configuration wrap up
As you have seen, configuring your organization is straightforward. You'll get everything you need done with just a
At this time, configuring users and groups is all that you can do in the web interface. Anything else is done, as
usual, from the Plastic SCM GUIs or command line interface.
Encrypt all data uploaded to Cloud
When you request a new organization, you can specify that you want to enforce encryption. If that flag is set
during organization creation, Plastic Cloud will only accept encrypted data for this organization.
The motivation for encryption
Code is a very sensitive asset, so some teams will be extremely worried about protecting it as much as they can.
Even though Plastic Cloud runs on Azure and hence is protected by a well-known provider, we thought it would be a
good idea to offer users the choice to encrypt the data when sending it to the cloud.
When you create the organization as "encrypted", Plastic Cloud rejects non-encrypted data. There's a header in
the data to notify that, but the server doesn't know how to decrypt it.
Both Plastic and
clients need to be configured to handle encrypted data and will ask you to enter the encryption password.
Remark: Be very careful with the password (or pass phrase) since it is the key to encrypting/decrypting
your data. If you lose it, we won't be able to recover your data; it is simply not possible!
Remark: Don't panic! You'll have your data on your own server too. You are just pushing it to the
Plastic Cloud, so in the unlikely event of a lost password you'll have a local copy of your repo. But, of course,
once you decide to go to production using Plastic Cloud, you had better not lose it!
What is going on under the hood is the following:
A new file cryptedservers.conf is created on your Plastic SCM server directory with the following content:
In my case, it is saying that every data transfer from/to encrypted_test@cloud must be
encrypted/decrypted using the key created on file e33a805b-0ce5-4047-81da-3c95c3c7b2a9.key.
Frequently asked questions about encrypted data
What do you encrypt exactly?
We just encrypt file data, not metadata. This means that file names, branch names, labels, user names, and so on,
are not encrypted, only file data.
Does it mean that even if Plastic Cloud gets compromised, attackers won't steal my code?
Exactly, that's what it means!
What if we are a team of, let's say, five, and we're all pushing/pulling to the Plastic Cloud?
Then, you all need to configure your keys. Whether you share the cryptedservers.conf
file or you share the password. That's up to you!
Optionally, on bigger teams, you can have only one Plastic SCM server in sync with Plastic Cloud, and all the
other replicated repos in the internal network just access to it. There are many possible options.
Can I open up a Branch Explorer to Plastic Cloud and diff a cset if the data is encrypted?
Not at this point, but that feature will be available soon. Right now, files will show an empty content because
they can't be decrypted on the client.
The goal is to get the credentials from the local server (if configured to do so) to allow this scenario.
Current limitations and remarks
You need to use Plastic SCM release 184.108.40.2069 or higher in order to access Plastic Cloud.
The "default" repo is not created in the Cloud. You'll need to create a repo manually before you can push
branches to it.
At this point, changing the revision type of an item in Plastic Cloud is not available. This is a limitation
due to the new storage we're using, which is different from the standard relational databases we use with
Path-based security is still not reliable in the cloud server. It is not key for replication operations and
we expect to fix it in the near future to roll out full checkin workflow support.
What is Plastic Cloud Edition?
Plastic Cloud Edition is a hosted, multi-tenant, cloud-based Plastic SCM server that organizations can use to
store their Plastic SCM repositories in the cloud.
More at plasticscm.com/plasticscm-cloud-edition.