Plastic Cloud - Intro guide
Welcome to Plastic Cloud - the Plastic SCM hosted solution.
The purpose of this Intro Guide is to help you get up to speed with Plastic Cloud and its key concepts.
This guides serves as a walkthrough to get your Plastic repositories (repos) up and running in the cloud.
What is Plastic Cloud
Plastic Cloud is the hosted Plastic SCM server solution.
In this guide we explain the 2 different Cloud products we have:
Plastic SCM Team Edition + Cloud extension - For teams who require an on-premise server (included in Team Edition) and also host repositories on the Cloud. They need to purchase Team Edition and then Cloud (not Cloud Edition).
Plastic Cloud Edition - It is a different product designed for teams who do not need an on-premise server. The only central location will be the Cloud. Team members can have local clones of the repositories or alternatively work directly connected to the Cloud. They just need to purchase Cloud Edition (not Team + Cloud).
From a user perspective, you will work with it just like you do with a conventional Plastic SCM server; you will push and pull branches, create repositories, manage permissions, and so on.
Internally, Plastic Cloud uses a fully redesigned Plastic server core. The cloud core runs on several cloud roles instead of just a single computer. This means that it can be horizontally scaled by simply adding more roles (computers).
Plastic Cloud is a multi-tenant and highly scalable solution, capable of handling thousands of different organizations. It makes the best possible use of the underlying cloud infrastructure.
In practice, this means you don't have to worry about server setup or maintenance. We'll handle that for you! :-)
Who is it for?
There are many scenarios where Plastic Cloud fits. Just to mention a few:
You are a small team and don't want to handle any infrastructure. You're already running Plastic on your laptops but you don't want to install and administer your own Plastic server. However, you still need a central rendezvous point for the team. Plastic Cloud is for you.
You are part of a large corporate team working in several locations across the globe. You need a central server but you don't want to depend on your IT group. You can setup a Plastic Cloud organization for you and use it as your hosted central server. You would like to enforce that all the data pushed to the cloud is encrypted prior to being sent outside your network for maximum security.
You are a game development team (or any other team dealing with large repositories and huge files) and you couldn't find a suitable solution with mainstream providers of version control hosting. Git-based solutions have the well-known 2GB repos limit. If you need to skip that, Plastic Cloud is for you.
These are just 3 key scenarios, but there are many more. Some teams asked us to use Plastic Cloud as a live cloud-based backup, and that's certainly an option too.
Request a Plastic Cloud Organization
The first thing you need to access Plastic Cloud is an Organization.
Organizations are the way to handle different sets of repositories in the cloud. Inside a single organization, you can create as many repositories as you need.
To request an organization follow these steps:
Go to plasticscm.com/cloud and click the Subscribe now! button.
A new page will be shown. There you must enter the following data:
- Organization name - it will be the way to identify your repos in the cloud... so choose a cool name.
- Datacenter - select the data center that is closest to you to improve data transfer speed.
- Encrypted data - choose if you want your data to be encrypted. Read more about the encrypted data in Plastic Cloud.
The organization will be created and we'll let you know.
You will be able to sign in to the Plastic Cloud :-) and start using it.
Signup to plasticscm.com
Just in case you didn't, you'll need to sign up to www.plasticscm.com. Only registered users will be able to login to the cloud.
Login to cloud.plasticscm.com
Once you get the confirmation that your organization has been created, you'll be able to login to cloud.plasticscm.com.
Then you'll see something like:
Once you login, you'll enter the organizations management area. There aren't many options at this point so you'll see it is extremely simple to use.
Basically, all that you see is a list of the organizations you belong to. In this case, I'm just part of a single organization called robotmaker. Since I'm the administrator of the organization (we'll make you the admin when you request the organization), you'll be able to manage it.
You can click the View usage button to launch a new page with the usage of your cloud organization. You can also see the details by repository.
Just click Edit organization to go to the robotmaker organization management area.
Administer your organization
Once you enter the Edit organization area you'll see something like:
Here there are a few more options to play with, but not that many. So it is again really simple to use.
- Edit the description of your organization.
- Create / edit lock rules.
- Add / delete users to the organization.
- Create / edit groups.
Editing lock rules
The lock rules let you configure exclusive locking for binary files when you perform a checkout.
The exclusive checkout (or locking) is helpful when working with files than cannot be merged. This is the case of binary files such as images, video, audio...
Using this feature, you can tell Plastic SCM what kinds of files are going to be locked on checkout. If enabled, checking out a file will prevent other users from doing the same thing until you checkin or undo your changes. Any user can be assured that no new revisions of their checked-out files will appear while they're working on them.
The system performs the following operations:
- Is the file locked? If so, it can't be checked out.
- If it isn't locked, the file can be potentially locked. Plastic SCM will check whether the file name matches any of the defined lock rules. If the file name matches the rules, the file will be locked.
You can define rules than can be applied to all repositories (organization rules) or to specific repositories. These rules can be file extensions (such as *.xlsx, *.png or *.blend) or specific file names (such as readme.txt).
Click the Edit lock rules button to start configuring the exclusive checkout.
To create / edit lock rules for the organization:
- Enter the rules you want to be applied. You can click on the Load common lock rules button to load the most typical rules used (the ones related to binary files). You can add more rules or remove some of them.
- Once you have finished, click the Save button to store the lock rules.
To create / edit lock rules for a specific repository:
- Click the Add repository rules button related to the repository. A new empty field will appear under the repository name:
- Proceed as explained before: enter your own rules or load the suggested common lock rules (you can edit them as well).
- Click the Save button.
You can remove all repository rules at any time by clicking the Clear repository rules.
Users and groups in Plastic Cloud
Plastic Cloud uses the same underlying mechanism to handle users and groups like a regular Plastic SCM server. But, unlike Plastic SCM, instead of retrieving users and groups from LDAP, Active Directory, or a custom defined user/password file, Plastic Cloud works as follows:
Users are retrieved from plasticscm.com. You can invite any user to join your organization, and once they sign up to plasticscm.com, they will be valid users.
Groups are defined by organization. It is just like a cloud-based
groups.conf defined from the organization management area. You can add the users you invited to the groups you create.
Users and groups can be used to define access policies to the cloud server. This configuration will be done from the Plastic SCM GUI tool or the command line as you would do with a regular server. At this point, all that you need to do from the web interface is to define the users, the groups, and its relationships. It behaves like a web-based umtoolgui.exe.
Users can be defined as administrators from the web interface, but it just means that they can access the organization administration area. It doesn't have any influence on the Plastic repositories.
To get a better understanding of Plastic SCM users and groups please refer to our online documentation.
Adding users to the organization
Just click Add new user from the organization administration area and you will arrive at this page:
You can enter the email of any user you want to invite, even if they are not yet a plasticscm.com user. They will have to sign up to plasticscm.com prior to signing in, but you can already configure your groups counting on them as valid users.
By default, any new user will be automatically added to the built-in group called Developers. Of course, you can delete the group or rename it.
By default, every new organization comes with two groups: Administrators and Developers. Every new user marked as admin will go to the Administrators group, and everyone else to Developers.
You can add new groups, delete the default ones, or rename them.
You can also add users to a group. Just click the Edit icon to the right of the organization name to access the group configuration area:
Here I'm just editing the pre-configured Developers group.
From here, I can delete users and add new ones and also go to create new groups. I can also rename the group and edit its description.
If I click Add new member, I'll go to the following page:
Here, I can simply type the email of a user I want to add to the group.
Configuration wrap up
As you have seen, configuring your organization is straightforward. You'll get everything you need done with just a few clicks.
At this point, configuring users and groups is all that can be done from the web interface. Anything else will be done, as usual, from the Plastic SCM GUIs or command line interface.
Accessing the Plastic Cloud from your Plastic SCM client
Let's do something really fast to check connectivity with the cloud server. I'll go to my GUI, open up the Repositories view and this screen will show up:
I just type robotmaker@cloud as the server name. Then, I'll hit refresh (or press the enter key) and...
I'll be prompted to enter the credentials to access the cloud server:
I'll enter the credentials I used to register at cloud.plasticscm.com before. Then, the list of available repositories will show up... Empty! That's because we didn't create any repository in the cloud yet, but we're already connected! :-)
Let's create a repository as we would normally do:
And then our repo list will refresh, this time showing our first cloud repository:
From here on, you will be able to work with this cloud repository normally.
Check the list of current limitations
to have a better understanding of what can be done at this point.
Regular vs Cloud repositories
As you have seen above, all that you need to do to access a Plastic Cloud repository is to use the combination organization_name@cloud as server name.
A regular repo is named as: repo@localhost:8087.
At Plastic Cloud this repo is named as: repo@robotmaker@cloud.
The @cloud part is just a shortcut to tell Plastic to connect to cloud.plasticscm.com. In fact, you can do something like this:
And as you see robotmaker@cloud is equivalent to email@example.com.
All communications to Plastic Cloud go through SSL
When you configure a Plastic SCM server, you can use plain TCP connections or SSL connections. For internal networks, TCP is often the preferred choice because it is faster.
But, since Plastic Cloud is in the Internet, outside the safety of your network, we only allow SSL connections to happen. This takes place behind the scenes and, in fact, you don't even have to specify it. Plastic knows that every connection to @cloud must be secured.
Creating a server profile
Although you can simply list your cloud organization repositories, enter your credentials and choose to remember them for the next time, there is other way to configure access to a server. Just go to Preferences / Profiles and select Add... to get the following screen:
Just select <your_organization>@cloud as server, and then fill in your credentials. This way Plastic will use this configuration to access your organization.
Remember that, at this point, you will need a different profile for each organization, even if you're using the same user.
First push to the Cloud
Pushing a branch to the cloud is as simple as pushing it to a regular Plastic SCM server. In my case, I'll do something like:
And my main branch will be ready in the Cloud!
Just use <organization>@cloud as server name everywhere
Just a final tip: Whenever you can use a server name, you can use <organization>@cloud. It means that:
- You can do something like cm lrep robotmaker@cloud from the CLI to list available repos.
- You can create sync views from your local server to your cloud organization.
- You can list repos from the GUI and open up its Branch Explorer remotely.
- You can annotate a file remotely on the cloud server.
- And much more!
Plastic Cloud and Gluon
This chapter explains how to start using Plastic Cloud with Gluon, the Plastic SCM version specifically designed for artists and content creators.
Note: This guide applies to Windows users only.
Gluon comes as part of the standard Plastic SCM client installer. Just go to our website, click More installers and select the Client installer:
You don't need to download the default Full installer. It includes the server, which is something most likely you don't need as a Gluon user.
Install the client
Installing the client is straightforward and won't take more than 60 seconds. Just double click the binary you just downloaded to start the setup.
After entering the credentials to install new software on your computer, you'll be on the first screen of the installation wizard:
Simply click Next to go to the second screen:
Accept the license and click Next again.
Just keep the default installation directory, although you could choose a different location if you want to:
Now the wizard lets you select the client components to be installed. As the picture below shows, Gluon is selected by default:
After clicking Next, select the application that will run when the installation finishes. In our case, Gluon:
Click Next and the wizard is ready to start the installation:
Finally, you'll reach the last screen:
Click Finish and Plastic Gluon will show up.
As you selected Plastic Gluon to be started after the installation finishes, Gluon will start up.
If you want to run Gluon at any other time, simply type "Gluon" on your taskbar to launch the program. You'll use a different user interface depending on your Windows flavor. In Windows 10 it looks like:
Since it won't detect any previous Plastic SCM configuration, the configuration screen will show up:
It is very easy to fill in:
- Server - Just type in the name of your organization followed by @cloud. You must have received an email with the organization you've been invited to join or the one you've purchased. In my case, I typed robotmaker@cloud, since robotmaker is the name of my organization.
- Credentials - Type the email and password you use to login to plasticscm.com (or cloud.plasticscm.com).
You can click Check to verify that you entered the right credentials.
- Repository - Then you can click Choose... to select the project (a.k.a. repository) you want to work on. All the repositories will be listed.
- Workspace - Finally, type the path of the workspace on your computer to host the files you'll be downloading from the cloud.
And you're done! Click Apply to start using Gluon.
Start using Gluon
Once your tool is configured, you'll reach the screen with all the workspaces. Only the one you have just created in the previous step will appear at this point:
Double-click it to open up the workspace. You'll see the Gluon workspace window open in the Workspace explorer, which is the main GUI to handle your files.
Initially, your workspace will be totally empty because you haven't downloaded any files from the Cloud yet.
As the figure below shows, just click Configure to browse to your project (or repository if you prefer) and select what you want to download to your disk to start working on it:
In my case, I just selected a couple of files to be downloaded. But, you can choose to download the entire directory tree or just parts of it:
Then, simply click Apply and the download will start.
Configure the data encryption password
In case your organization uses encrypted data, Gluon will ask you to enter the encryption password to be able to decode the data.
This is how data encryption works: All data leaving your computer is encrypted prior to being sent to the Cloud. This means it is totally safe and nobody can access it even if the Cloud is compromised. Data is decrypted once downloaded from the Cloud, and only users who know the password will be able to decrypt the data successfully.
Remark: The encryption password must be a well-kept secret in your organization. Important: Not even we at Plastic SCM can help you recover your data in case you forget the password.
Just type the password and the download operation will start.
Remember that you only have to configure the password once for the organization. And keep in mind that the password must not be changed; otherwise the previously-encrypted data won't be decrypted. So, choose your password wisely.
In order to learn more about Gluon, just visit the Gluon guide.
Encrypt all data going to Plastic Cloud
When you request a new organization, you can specify that you want to enforce encryption. If that flag is set during organization creation, Plastic Cloud will only accept encrypted data for this organization.
The motivation for encryption
Code is a very sensitive asset, so some teams will be extremely worried about protecting it as much as they can.
Even though Plastic Cloud runs on Azure and hence is protected by a well-known provider, we thought it would be a good idea to offer users the choice to encrypt the data when sending it to the cloud.
How does encryption work?
Encryption is quite simple and in fact it is supported by the standard Plastic SCM servers too.
How to set up encryption
Just ask us to create the organization as "encrypted" so that the Plastic Cloud rejects non-encrypted data. There's a header in the data to notify that, but the server doesn't have any clue about how to decrypt it.
Now try an initial push and the following will happen:
You'll have to select a type of encryption algorithm and then enter a password twice.
Remark: Be very careful with the password (or pass phrase) since it is the key to encrypting/decrypting your data. If you lose it, we won't be able to recover your data; it is simply not possible!
Remark: Don't panic! You'll have your data on your own server too. You are just pushing it to the Plastic Cloud, so in the unlikely event of a lost password you'll have a local copy of your repo. But, of course, once you decide to go to production using Plastic Cloud, you had better not lose it!
What is going on under the hood is the following: A new file
cryptedservers.conf is created on your Plastic SCM server directory with the following content:
In my case, it is saying that every data transfer from/to encrypted_robotmarker@cloud must be encrypted/decrypted using the key created on file
Frequently asked questions about encrypted data
What do you encrypt exactly?
We just encrypt file data, not metadata. This means that file names, branch names, labels, user names, and so on, are not encrypted, only file data.
Does it mean that even if Plastic Cloud gets compromised, attackers won't steal my code?
Exactly, that's what it means!
What if we are a team of, let's say, five, and we're all pushing/pulling to the Plastic Cloud?
Then, you all need to configure your keys. Whether you share the cryptedservers.conf file or you share the password. That's up to you!
Optionally, on bigger teams, you can have only one Plastic SCM server in sync with Plastic Cloud, and all the other replicated repos in the internal network just access to it. There are many possible options.
Can I open up a Branch Explorer to Plastic Cloud and diff a cset if the data is encrypted?
Not at this point, but that feature will be available soon. Right now, files will show an empty content because they can't be decrypted on the client.
The goal is to get the credentials from the local server (if configured to do so) to allow this scenario.
Current limitations and remarks
||You need to use Plastic SCM release 126.96.36.1999 or higher in order to access Plastic Cloud.
||The "default" repo is not created in the Cloud. You'll need to create a repo manually before you can push branches to it.
||At this point, changing the revision type of an item in Plastic Cloud is not available. This is a limitation due to the new storage we're using, which is different from the standard relational databases we use with Plastic SCM.
||Path-based security is still not reliable in the cloud server. It is not key for replication operations and we expect to fix it in the near future to roll out full checkin workflow support.
What is Plastic Cloud?
Plastic Cloud is a hosted, multi-tenant, cloud-based Plastic SCM server that organizations can use to store their Plastic SCM repositories in the cloud.
More at plasticscm.com/cloud
What do I need to use Plastic Cloud?
You'll need a Plastic Cloud subscription if you wish to store your repositories in the Plastic SCM hosted service, combined with an on premise Plastic SCM Server (not required if you use Plastic Gluon).
To subscribe to Plastic Cloud, you must have a valid Plastic SCM license.
- Plastic Cloud + your Team Edition license for five users - the entire team will be able to access the Plastic Cloud.
- Plastic Cloud + Personal Edition - you can use your Plastic SCM Personal Edition for free and then push/pull your changes to the cloud.
Does Plastic Cloud require a local (on premise) Plastic SCM Server?
Short answer: No, if you use Plastic Gluon. Yes, if you are a developer using the regular Plastic SCM.
Let's go for the longer explanation now.
Programmers can achieve a better experience by using a distributed workflow with Plastic SCM. This means the will get better performance by pushing/pulling their branches in local repos to/from Plastic Cloud, instead of doing direct checkin to cloud. To work distributed a local server is needed, whether it's central to the team, installed locally for each developer, or a mix of these combinations.
It is still possible to checkin directly to Plastic Cloud. It is the recommended way to work for users of Plastic Gluon, the tool designed for artists in game development, document writers, project managers, and other team members who don't work on code but work on other binary assets and don't need merge operations. Developers can also checkin directly and merge on Plastic Cloud if they need to.
How do I upload my data to Plastic Cloud?
You just need to push your data from your local Plastic SCM server (or your team on premise server) to Plastic Cloud.
You will push to the Cloud the same way you push to a regular remote Plastic SCM server.
You can setup your sync view to push/pull branches in batches. Remember, your remote repos will be referenced as reponame@organization@cloud. Example: tetris@arcadegarage@cloud. The @cloud part simply tells Plastic SCM to connect to the cloud server instead of specifying a full IP or domain name.
Can I checkin and merge in Plastic Cloud?
Yes, direct checkin and merge are available since 188.8.131.522 (Nov-14, 2016). We discouraged direct checkin and merge for developers before, because we thought it was slower and they would be better served by push/pull from their local repos, but we got many requests from customers who preferred this simpler way of working.
We believe that artists in game development, document writers, project managers and other team members who don't work on code but other assets, will largely benefit from Plastic Gluon + Plastic Cloud. They will be able to perform direct checkins and download only the assets or content files they need. Also, exclusive checkout may be configured to ensure only one person is modifying each file at a given time.
We believe code developers can achieve a better experience by using a distributed workflow with Plastic SCM. This means they will be probably better served by pushing/pulling their branches to the Cloud, but they can work centralized too if they prefer. They can also merge using the Cloud server.
Some remarks for developers:
- Checkins will only get slower on the Cloud because data will have to travel through the Internet (and hence through a higher latency network), as opposed to performing checkins locally or to a server on your LAN. This is fine for artists and team members working in documents, but it can be perceived as slow for developers who expect super-fast checkins. In short, checking in directly to the Cloud for developers is like going back to the old SVN days. Still, we optimize the entire cycle on a continuous basis for developers who prefer to work centralized.
- However, pushing and pulling branches, while it's certainly also affected by network latency, is something you don't do as frequently. This means that the impact of having a distant server is slower. This is the DVCS style of working: many local checkins and then just a push, the same thing that many developers use to do with Git/GitHub.
In short, you can checkin and merge on Plastic Cloud, but we recommend developers to check the DVCS + Plastic Cloud workflow if they feel they need faster operations.
Can I lock files if I use Plastic Gluon to access Plastic Cloud?
Yes, you can. And, you can configure the files that will be locked on checkout from your Plastic Cloud organization's dashboard.
Which version of Plastic SCM do I need to access Plastic Cloud?
You need 184.108.40.2069 or higher. Our network API has been updated and expanded for Plastic Cloud, so older versions will not work.
Is my data secured in Plastic Cloud? What is the "data encryption" all about?
Plastic SCM can encrypt your code and data before uploading it to Plastic Cloud.
When you request a new Plastic Cloud organization to host your repositories, you can set it as "encrypted". It means whenever you upload data to it, Plastic Cloud will require data to be encrypted. Plastic SCM will ask you to define an encryption key locally on your server (which can be your team's server).
So it works as follows:
- Prior to uploading data to Plastic Cloud, the contents of each file are encrypted using the key you have defined.
- The file contents are always stored encrypted in Plastic Cloud. It means that in the unlikely event that the server is compromised, your data won't be accessible by the attacker. The data will be encrypted using a key that belongs to you. Plastic Cloud will never have or require access to this key, so it's unable to decrypt the data.
- Whenever you or any of your team members download file contents from Plastic Cloud, the data is decrypted at your computers once it's received from the Cloud.
Every team member has to share the same data encryption key in order to work on the same organization. If everyone used a different one, nobody would be able to decrypt data encrypted by others.
Only file contents are encrypted. File names, directory names, branch names, comments and label names are not.
Is the connection to Plastic Cloud secured?
Yes, Plastic Cloud only allows SSL connections.
While a regular Plastic SCM server listens both in TCP and SSL, Plastic Cloud is restricted to SSL to enforce secure communications.
Thus, your server or client connection to the Cloud must be correctly configured to use SSL (which is the default out-of-the-box setting, by the way).
What happens if I accidentally remove a repository in Plastic Cloud?
Don't panic. Your data is still there. Just contact support and we will help you reconnect the repository.
Actually, when a repository is removed, it's just marked as deleted. We wait for a few days before actually erasing the data to give you time to recover accidentally removed repos.
Where is Plastic Cloud hosted?
Plastic Cloud is currently hosted in Microsoft Azure. That means it's built on top of well-proven technology by a trusted provider.
Plastic SCM metadata is stored in a combination of SQL Server Azure plus blob storage. Databases are replicated for high availability and redundancy.
Versioned files are stored in Azure blob storage. Each blob is replicated up to six times on two different physical locations.
What does it mean to choose a datacenter?
In order to speed up the data transfer, you can choose the closest datacenter to you to store your versioned file data.
There are several datacenters around the world, so by choosing the closest one to your team, you will reduce the network latency and hence greatly improve data transfer.
Does Plastic Cloud provide a way to browse repositories online?
Not currently. You can use your Plastic SCM client to list repos, as you would do with a regular remote Plastic SCM server.
Licensing and pricing
How does Plastic Cloud licensing work?
You need a valid Plastic SCM license (more on "licensing" below) to subscribe to Plastic Cloud. The license can be a valid Enterprise, Team, Cloud, or Personal Edition license. You can also use a Trial Edition.
Then you need a Plastic Cloud subscription, billed on a per-team basis.
Plastic Cloud starts at $4.95/month per team for up to 15GB of storage. This level is meant to be used by teams handling small repos (or at least what Plastic SCM considers small :P).
The next level is $19.95/month per team for up to 100GB, which is the level specially designed for game development teams, 3D design teams, or teams who need to handle large binaries.
After the first 100GB, your subscription will grow by buckets of 50GB, at an additional $7.50/month per team per bucket.
Plastic Cloud will automatically upgrade your subscription to the next size tier without any interruption in the service. You will receive an email with the details of the payment seven days in advance of the next charge.
I'm a Community Edition user, can I use Plastic Cloud?
Yes, Community Edition users who qualify as open source projects and non-profit organizations can subscribe to Plastic Cloud and use their CE licenses to access the service.
I'm a Personal Edition user, can I use Plastic Cloud?
Yes, you can subscribe to Plastic Cloud while using your Personal Edition for free.
I have a Plastic SCM Trial License; can I use it to connect to Plastic Cloud?
Yes, the Trial License is a full featured license and allows you to access Plastic Cloud. In fact, it's a great way to test the entire ecosystem before you buy, since you have 30 days for free to use both products.
What happens if I cancel my subscription?
If you cancel your subscription, you will have a few days (typically one week) to retrieve all your data before we remove your organization to free up space. Upon cancellation, you will receive an email notifying you when the data will be finally erased.
December 14, 2016
Some screenshots in the guide were updated.
November 30, 2016
We explain the differences between Plastic SCM Team Edition + Cloud extension and Plastic Cloud Edition.
November 21, 2016
Since release 220.127.116.112, direct checkin and merge are available in Plastic Cloud.
January 21, 2016
Learn how to use Plastic Cloud with Gluon.
If you have more questions about Plastic Cloud, please read the FAQ.
December 4, 2015
Removed some limitations. We're introducing new features!