Welcome to Plastic Cloud Edition - the Plastic SCM hosted solution.
The purpose of this guide is to help you get up to speed with Plastic Cloud Edition and its key
This guides serves as a walkthrough to get your Plastic repositories (repos) up and running in the cloud.
What is Plastic Cloud
Plastic Cloud is the hosted Plastic SCM server solution.
We have two different Cloud products:
Plastic Cloud Edition
For teams who do not need an on-premises server. The only central location is the Cloud.
Team members can have local clones of the repositories or alternatively work directly connected to the Cloud.
Requirements: Purchase Cloud Edition (not Team + Cloud).
This guide documents this version of Plastic Cloud.
Plastic SCM Team Edition plus Cloud extension
This is a different product designed for teams who require an on-premises server (included in Team Edition)
and also host repositories on the Cloud.
Requirements: Purchase Team Edition and add the Cloud Extension (not Cloud Edition).
From a user perspective, you will work with Plastic Cloud just as you do with a conventional Plastic SCM server;
you will push and pull branches, create repositories, manage permissions, and so on.
Internally, Plastic Cloud uses a fully redesigned Plastic server core. The cloud core runs on several cloud roles instead
of just a single computer. This means that it can be horizontally scaled by simply adding more roles (computers).
Plastic Cloud is a multi-tenant and highly scalable solution, capable of handling thousands of different organizations.
It makes the best possible use of the underlying cloud infrastructure.
In practice, this means you don't have to worry about server setup or maintenance. We'll handle that for you!
Who is it for?
There are many scenarios where Plastic Cloud Edition fits. Just to mention a few:
You are a small team and don't want to handle any infrastructure. You're already running Plastic on your laptops
but you don't want to install and administer your own Plastic server. However, you still need a central rendezvous
point for the team. Plastic Cloud extension is for you.
You are part of a large corporate team working in several locations across the globe. You need a central server
but you don't want to depend on your IT group. You can setup a Plastic Cloud organization for you and use it as
your hosted central server. You would like to enforce encryption on all the data pushed to the cloud prior to
sending it outside your network for maximum security.
You are a game development team (or any other team dealing with large repositories and huge files) and you couldn't
find a suitable solution with mainstream hosting providers of version control software. Git-based solutions have
the well-known 2GB repos limit. If you need more than that, Plastic Cloud is for you.
These are just 3 key scenarios, but there are many more. Some teams asked us to use the Plastic Cloud extension as
a live cloud-based backup, and that's certainly an option too.
Work centralized, distributed or both
Plastic Cloud Edition is designed with fully distributed teams in mind. But, Plastic Cloud Edition also supports
centralized and mixed way of working:
The team members that don't want intermediate repositories and no push/pull actions can go for a simpler direct
checkin to Plastic Cloud cycle.
This is the best option for artists in games together with Gluon.
And it's also available for coders who want to work centralized with
Plastic (the developer GUI).
Each developer works on their machine. Each developer has their own local Plastic SCM repo (or collection of
repositories), so that checkins are always local and blazing fast.
The developers both belong to the same Plastic Cloud organization and deliver changes to Plastic Cloud through
This is the best options for developers using Plastic (the
Working both distributed and centralized:
Your team doesn't have to stick with one of these two ways of working—distributed or centralized. Some team
members can work centralized and some others distributed.
And Plastic, the developer GUI, also lets you work distributed.
In a distributed workflow, you have a workspace and a local repository (the intermediate repository) where you
directly checkin to, and then you push/pull to the remote repository in a Plastic Cloud server:
In the following Plastic example, you will have:
a workspace (testsrc)
in your machine (Path on disk)
pointing to your repository (testsource)
Then, you will work with Plastic as you would normally do by:
Once you login, you will enter the organizations management area. There aren't many options at this point so you'll
see it is extremely simple to use.
Basically, all that you see is a list of the organizations you belong to.
If you are the administrator of an organization (we'll make you the admin when you request the organization),
you'll be able to manage it.
If you click Edit, you'll see something like this:
This is a simple page where you can edit the description of your organization.
You can click the View activity button to open a new page where you can see the usage of
your entire cloud organization:
You can also click the Details link to launch a new page with the details by repository:
Read the following chapter to learn how and what you can manage of your Cloud organization.
Editing lock rules
By clicking the Edit lock rules button in the Cloud dashboard, you can start configuring
the exclusive checkout.
The lock rules let you configure exclusive locking for binary files when you perform a checkout.
The exclusive checkout (or locking) is helpful when working with files than cannot be merged like binary files
(images, video, audio...).
Using this feature, you can tell Plastic SCM what kinds of files need locking on checkout. If enabled, checking out
a file will prevent other users from doing the same thing until you checkin or undo your changes. Any user can be
assured that no new revisions of their checked-out files will appear while they're working on them.
The system performs the following operations:
Is the file locked? If so, it can't be checked out.
If it isn't locked, the file can be potentially locked. Plastic SCM will check whether the file name matches any
of the defined lock rules. If the file name matches the rules, the file will be locked.
You can define rules than can be applied to:
All repositories (organization rules)
To specific repositories. These rules can be file extensions (such as *.xlsx, *.png
or *.blend) or specific file names (such as readme.txt).
To create / edit lock rules for the organization (all repositories):
Enter the locking rules you want apply. You can click on the Load common lock rules
button to load the most typical rules used (the ones related to binary files). You can add more rules or
remove some of them.
To store the lock rules, click the Save button to store the lock rules.
To create / edit lock rules for a specific repository:
For the repository that you want to edit its lock rules, click the Add repository rules
A new empty field will appear under the repository name:
Enter your own rules or load the suggested common lock rules by clicking
Load common lock rules. You can edit them as well.
Click the Save button.
You can remove all repository rules at any time by clicking the Clear repository rules.
Users and groups in Plastic Cloud
Plastic Cloud uses the same underlying mechanism to handle users and groups just like a regular Plastic SCM server.
But, unlike Plastic SCM, instead of retrieving users and groups from LDAP, Active Directory, or a custom defined
user/password file, Plastic Cloud works as follows:
Users are retrieved from plasticscm.com. You can invite any user to join your organization, and
once they sign up to plasticscm.com, they will be valid users.
Groups are defined by organization. It is just like a cloud-based
groups.conf defined from the organization management area. You can add invited users to
the groups you create.
You can define access policies to the cloud server for users and groups. You configure access policies by using the
Plastic SCM GUI tool or the command line just like you would do with a regular server. At this
point, all that you need to do in the web interface is to define the users, the groups, and its relationships.
You can define users as administrators in the web interface, but it just means that they can access the organization
administration area. It doesn't have any influence on the Plastic repositories.
In the Users and groups organization administration area, just click
Add new user and you will arrive at this page:
You can enter the email of any user you want to invite, even if they are not yet a plasticscm.com user. They will
have to sign up to plasticscm.com prior to signing in, but you can already configure your groups counting on them
as valid users.
By default, any new user will be automatically added to the built-in group called Developers. Of
course, you can delete the group or rename it.
By default, every new organization comes with two groups: Administrators and
Developers. Every new user marked as Administrator will go to the
Administrators group, and everyone else to Developers.
You can add new groups, delete the default ones, or rename them.
You can also add users to a group. Just click the edit icon
to the right of the group name to access the group configuration area:
Here, I'm just editing the pre-configured Developers group.
From here, I can delete users and add new ones and also go to create new groups. I can also rename the group and
edit its description.
If I click Add new member, I'll go to the following page:
Here, I can simply type the email of a user that I want to add to the group.
Configuration wrap up
As you have seen, configuring your organization is straightforward. You'll get everything you need done with just a
At this time, configuring users and groups is all that you can do in the web interface. Anything else is done, as
usual, from the Plastic SCM GUIs or command line interface.
Encrypt all data uploaded to Cloud
When you request a new organization, you can specify that you want to enforce encryption. If that flag is set
during organization creation, Plastic Cloud will only accept encrypted data for this organization.
The motivation for encryption
Code is a very sensitive asset, so some teams will be extremely worried about protecting it as much as they can.
Even though Plastic Cloud runs on Azure and hence is protected by a well-known provider, we thought it would be a
good idea to offer users the choice to encrypt the data when sending it to the cloud.
When you create the organization as "encrypted", Plastic Cloud rejects non-encrypted data. There's a header in
the data to notify that, but the server doesn't know how to decrypt it.
Both Plastic and
clients need to be configured to handle encrypted data and will ask you to enter the encryption password.
Remark: Be very careful with the password (or pass phrase) since it is the key to encrypting/decrypting
your data. If you lose it, we won't be able to recover your data; it is simply not possible!
Remark: Don't panic! You'll have your data on your own server too. You are just pushing it to the
Plastic Cloud, so in the unlikely event of a lost password you'll have a local copy of your repo. But, of course,
once you decide to go to production using Plastic Cloud, you had better not lose it!
What is going on under the hood is the following:
A new file cryptedservers.conf is created on your Plastic SCM server directory with the following content:
In my case, it is saying that every data transfer from/to encrypted_test@cloud must be
encrypted/decrypted using the key created on file e33a805b-0ce5-4047-81da-3c95c3c7b2a9.key.
Frequently asked questions about encrypted data
What do you encrypt exactly?
We just encrypt file data, not metadata. This means that file names, branch names, labels, user names, and so on,
are not encrypted, only file data.
Does it mean that even if Plastic Cloud gets compromised, attackers won't steal my code?
Exactly, that's what it means!
What if we are a team of, let's say, five, and we're all pushing/pulling to the Plastic Cloud?
Then, you all need to configure your keys. Whether you share the cryptedservers.conf
file or you share the password. That's up to you!
Optionally, on bigger teams, you can have only one Plastic SCM server in sync with Plastic Cloud, and all the
other replicated repos in the internal network just access to it. There are many possible options.
Can I open up a Branch Explorer to Plastic Cloud and diff a cset if the data is encrypted?
Not at this point, but that feature will be available soon. Right now, files will show an empty content because
they can't be decrypted on the client.
The goal is to get the credentials from the local server (if configured to do so) to allow this scenario.
Current limitations and remarks
You need to use Plastic SCM release 22.214.171.1249 or higher in order to access Plastic Cloud.
The "default" repo is not created in the Cloud. You'll need to create a repo manually before you can push
branches to it.
At this point, changing the revision type of an item in Plastic Cloud is not available. This is a limitation
due to the new storage we're using, which is different from the standard relational databases we use with
Path-based security is still not reliable in the cloud server. It is not key for replication operations and
we expect to fix it in the near future to roll out full checkin workflow support.
What is Plastic Cloud Edition?
Plastic Cloud Edition is a hosted, multi-tenant, cloud-based Plastic SCM server that organizations can use to
store their Plastic SCM repositories in the cloud.
More at plasticscm.com/plasticscm-cloud-edition.
Does Plastic Cloud Edition require a local (on-premises) Plastic SCM Server?
Short answer: No. Yes, if you are a developer working distributed with the regular Plastic SCM
by running push/pull or directly checkin to the cloud organization.
Let's go for the longer explanation now.
Programmers can achieve a better experience by using a distributed workflow with Plastic SCM. This means they
will get better performance by pushing/pulling their branches in local repos to/from Plastic Cloud, instead
of doing direct checkin to cloud. To work distributed you need a local server, whether it's central to the
team, installed locally for each developer, or a mix of these combinations.
It is still possible to checkin directly to Plastic Cloud. It is the recommended way to work for users of
Plastic Gluon, the tool designed for artists in game development,
document writers, project managers, and other team members who don't work on code but work on other binary
assets and don't need merge operations. Developers can also checkin directly and merge on Plastic Cloud if
they need to.
How do I upload my data to Plastic Cloud?
You just need to push your data from your local Plastic SCM server to Plastic Cloud.
You will push to the Cloud the same way you push to a regular remote
Plastic SCM server.
You can setup your sync view
to push/pull branches in batches. Remember, your remote
repos will be referenced as reponame@organization@cloud.
Example: tetris@arcadegarage@cloud. The @cloud part simply tells Plastic SCM to
connect to the cloud server instead of specifying a full IP or domain name.
Can I checkin and merge with Plastic Cloud Edition?
Yes, direct checkin and merge are available since 126.96.36.1992 (Nov-14, 2016). We discouraged direct checkin
and merge for developers before, because we thought it was slower and they would be better served by push/pull
from their local repos, but we got many requests from customers who preferred this simpler way of working.
We believe that artists in game development, document writers, project managers and other team members who
don't work on code but other assets, will largely benefit from
Plastic Gluon + Plastic Cloud. They will be able to perform direct
checkins and download only the assets or content files they need. Also, exclusive checkout may be configured
to ensure only one person is modifying each file at a given time.
We believe code developers can achieve a better experience by using a distributed workflow with Plastic SCM.
This means they will be probably better served by pushing/pulling their branches to the Cloud, but they can
work centralized too if they prefer. They can also merge using the Cloud server.
Some remarks for developers:
Checkins will be slower in the Cloud because data will have to travel through the Internet (and hence
through a higher latency network), as opposed to performing checkins locally or to a server on your LAN.
This is fine for artists and team members working on documents, but developers who expect super-fast
checkins will find it slow. In short, checking in directly to the Cloud for developers is
like going back to the old SVN days. Still, we optimize the entire cycle on a continuous basis for
developers who prefer to work centralized.
However, pushing and pulling branches, while it's certainly also affected by network latency, is something
you don't do as frequently. This means that the impact of having a distant server is slower. This is the
DVCS style of working: many local checkins and then just a push, the same thing that many developers use to
do with Git/GitHub.
In short, you can checkin and merge on Plastic Cloud, but we recommend that developers to check the DVCS +
Plastic Cloud workflow if they feel they need faster operations.
Can I lock files if I use Plastic Gluon to access Plastic Cloud?
Which version of Plastic SCM do I need to access Plastic Cloud?
You need 188.8.131.529 or higher. Our network API was updated and expanded for Plastic Cloud,
so older versions will not work.
Is my data secured in Plastic Cloud? What is the "data encryption" all about?
Plastic SCM can encrypt your code and data before uploading it to Plastic Cloud.
When you request a new Plastic Cloud organization to host your repositories, you can set it as "encrypted".
This means that whenever you upload data to it, Plastic Cloud requires data encryption. Plastic SCM will
ask you to define an encryption key locally on your server (which can be your team's server).
Therefore, it works as follows:
Prior to uploading data to Plastic Cloud, the contents of each file are encrypted using the key you have
The file contents are always stored encrypted in Plastic Cloud. This means that in the unlikely event that
the server is compromised, your data won't be accessible by the attacker. The data is encrypted using
a key that belongs to you. Plastic Cloud will never have or require access to this key, so it's unable to
decrypt the data.
Whenever you or any of your team members download file contents from Plastic Cloud, the data is decrypted
at your computers once it's received from the Cloud.
Every team member has to share the same data encryption key to work on the same organization. If everyone
used a different one, nobody would be able to decrypt data encrypted by others.
Only file contents are encrypted. File names, directory names, branch names, comments and label names are not.
Is the connection to Plastic Cloud secured?
Yes, Plastic Cloud only allows SSL connections. Plastic knows that every connection to
@cloud must be secured.
While a regular Plastic SCM server listens both in TCP and SSL, Plastic Cloud is restricted to SSL to enforce
Thus, your server or client connection to the Cloud must be correctly configured to use SSL (which is the
default out-of-the-box setting, by the way).
What happens if I accidentally remove a repository in Plastic Cloud?
Don't panic. Your data is still there. Just contact support and we will help you reconnect the repository.
Actually, when a repository is removed, it's just marked as deleted. We wait for a few days before actually
erasing the data to give you time to recover accidentally removed repos.
Where is Plastic Cloud hosted?
Plastic Cloud is currently hosted in Microsoft Azure. That means it's built on top of well-proven technology
by a trusted provider.
Plastic SCM metadata is stored in a combination of SQL Server Azure plus blob storage. Databases are
replicated for high availability and redundancy.
Versioned files are stored in Azure blob storage. Each blob is replicated up to six times on two different
What does it mean to choose a datacenter?
In order to speed up the data transfer, you can choose the closest datacenter to you to store your versioned
There are several datacenters around the world, so by choosing the closest one to your team, you will reduce
the network latency and hence greatly improve data transfer.
Does Plastic Cloud provide a way to browse repositories online?
Not currently. You can use your Plastic SCM client to list repos, as you would do with a regular remote
Plastic SCM server.
Plastic Cloud Edition starts at $6.95/month per team including all software plus up to 5GB cloud storage.
Once the 5GB limit is exceeded, the monthly price per team is $4.95 for up 15GB.
The next level is $19.95/month per team for up to 100GB, which is the level specially designed for game
development teams, 3D design teams, or teams who need to handle large binaries.
After the first 100GB, your subscription will grow by buckets of 50GB, at an additional $7.45/month per
team per bucket.
Plastic Cloud will automatically upgrade your subscription to the next size tier without any interruption
in the service. You will receive an email with the details of the payment seven days in advance of the next
You need a valid Plastic SCM license (more on "licensing" below) to subscribe to Plastic Cloud. The license
can be a valid Enterprise, Team, Cloud, or Personal Edition license. You can also use a Trial Edition.
I'm a Community Edition user, can I use Plastic Cloud?
Yes, Community Edition users who qualify as open source projects and non-profit organizations can subscribe
to Plastic Cloud and use their CE licenses to access the service.
I'm a Personal Edition user, can I use Plastic Cloud?
Yes, you can subscribe to Plastic Cloud while using your Personal Edition for free.
I have a Plastic SCM Trial License; can I use it to connect to Plastic Cloud?
Yes, the Trial License is a full featured license and allows you to access Plastic Cloud. In fact, it's a
great way to test the entire ecosystem before you buy, since you have 30 days for free to use both products.
What happens if I cancel my subscription?
If you cancel your subscription, you will have a few days (typically one week) to retrieve all your data
before we remove your organization to free up space. Upon cancellation, you will receive an email notifying
you when the data will be finally erased.