Nextcloud 17 scales up and improves data protection with Remote Wipe, collaborative text editor, 2FA updates, IBM Spectrum Scale support and Global Scale improvements

Fresh from the Nextcloud conference stage, we are proud to announce a major release of Nextcloud, the easiest solution for secure, on premise collaboration on documents, calendars and communication! Nextcloud 17 will introduce a series of secure collaboration features including a collaborative text editor, remote wipe, updated secure view, improved two-factor-authentication and easier access than ever with deeper integration of large-scale storage like S3 and IBM Spectrum Scale.

Nextcloud 17 is available as release candidate, with the final release expected later this month.

A quick overview of what is new:

💣 Remote Wipe allows users and administrators to forcibly clean files from remote devices, for example in case they are stolen.

📝 Nextcloud Text, our new distraction-free, collaborative rich text editor

🔒 Improvements to secure view like enforcable watermarks enable virtual data room use

🔐 Setup two-factor authentication after first login, admins can create one-time login tokens in the web UI and delegate this to group admins

📧 secure mailbox in Outlook Add-in

👥 LDAP write support makes it possible to manage users from Nextcloud

💽 S3 versioning support, IBM Spectrum Scale integration and Global Scale with Collabora Online

See our separate announcement about building virtual data rooms with Nextcloud 17 here.

Other news from the Nextcloud Conference includes:

Follow the conference live!

Remote wipe

A major new feature in Nextcloud 17 is remote wipe. While many companies have Mobile Device Management, thanks to build-in support, Remote Wipe will work on systems not under management of the company. This is useful for home users but also large universities and of course in a scenario where guest accounts were handed to a third party. If you permit downloading of documents by the third party, you can wipe the documents from their devices when the the collaboration has ended.

Remote wipe can be used on a per-device basis by users and on a per-user base by the administrator.

Remote wipe user
Remote wipe as a user, per device
Remote wipe admin
Remote wipe as admin, per user

Two-factor authentication improvements

Two-factor authentication is very important to protect the security of Nextcloud accounts. Administrators can enforce the use of two-factor authentication and offer a number of options to users.

Nextcloud 17 introduces:

  • Ability for users to setup 2FA after the first login it was enabled or enforced
  • New Administrator settings:
    • Administrator can create one-time-login tokens for users who forgot or broke their second factor solution
    • Administrator can delegate the ability to create one-time-login tokens to group administrators

Nextcloud offers the following 'second factor' options, any number of which can be enabled by the system administrator and used to validate the login of a user:

  • Time-based One-Time Password (TOTP, including Google Authenticator or similar apps
  • Universal 2nd Factor hardware tokens (U2F, like Yubikeys or Nitrokeys, also supports NFC)
  • Gateways: SMS, secure messaging apps Telegram, Signal and more
  • Notification (just click to approve login on an existing device like a phone)
  • User backup code (User has to generate these in advance and store them in a safe location)
  • Administrator backup code (creating those can be delegated to group admins)

Active user sessions can be invalidated through a list, by removing the user in the admin settings or by changing passwords. Users can manage their own sessions and devices. Remote wipe is available from that same screen.

2FA enforcement settings, enforcing for guest users
2FA enforcement settings, enforcing for guest users
2FA setup on first login
2FA setup on first login
One-time login token creation
one-time login token creation

Secure view and watermarks for documents

Last December, Nextcloud 15 introduced the Hide Download menu option. Since then this feature was used to provide secure view functionality in Collabora Online and ONLYOFFICE. With Nextcloud 17, our secure view feature was expanded with admin settings for watermarked text to enforce watermarks on:

  • public shares: option for all/read-only shares/hide download/tagged with (select a tag, for workflow integration)
  • internal shares: option for all/read-only/no reshare/tagged with (select a tag, for workflow integration)

Note that the full range of options requires Collabora Online 4.1. For older versions only the 'all' option works. ONLYOFFICE supports all these new capabilities as of today.

With secure view, our online office solutions can be configured to open PDF files, images and text files, making these files available in a watermark-protected way, while downloads and other apps are disabled using File Access Control. This setup is useful when data has to be protected from leaking but still has to be made available for review, like in a virtual dataroom scenario.

Configuring Secure View in Collabora
Configuring Secure View in Collabora
Setting a 'confidential' tag
Setting a 'confidential' tag
Secure view watermarked file
Secure view watermarked file

Secure mailbox for Outlook

The Outlook Add-in introduces the secure mailbox feature. This feature protects the contents (body) of email from interception by providing the recipient with a notification that a new email was received. The recipient then has to log in on their (guest) account to access the email and its attachments.

In combination with the read.me app, the body of the email is shown on top of the file attachments. Each email is a folder, linked to in the email notification.

Secure Mailbox - Writing an email
Writing an email
Secure Mailbox - attaching files
Attaching files, enabling Secure Mailbox
Secure Mailbox - Email as it will be sent to recipient
Email as it will be sent to recipient
Secure Mailbox - Recipient view in Secure Mailbox in Nextcloud
Recipient view in Secure Mailbox in Nextcloud

This example sends the link and password to the recipient by email. The user can take out the password and send it through another channel. Alternatively, when a guest account is set up for the recipient, the Outlook add-in will detect this and instead share the message to the guest account and include an internal link in the email. The recipient will have to log into their guest account to access the email.

You might be familiar with this feature from banks, insurance, realtors and other organizations dealing with sensitive data. Protecting the content from emails from leaking is very hard and with the Secure Mailbox for Outlook feature, Nextcloud offers an integrated solution.

Security hardenings

Security is very important to Nextcloud users, and thus a core focus for the Nextcloud team. Every release comes with many improvements, and this is no different. These include:

  • A new feature policy header
  • Stricter CSP
  • Suspicious login improvements

HackerOne logo

At the Nextcloud Conference, Nextcloud GmbH also announced a doubling of its security bug bounties to USD 10.000. This means an even larger insentive for security experts to find and responsibly report security problems to Nextcloud's capable and responsive security team.

If you want to learn more about security in Nextcloud, we strongly recommend to read about the various layers of encryption in Nextcloud and how Nextcloud can save your business from ransomware attacks.

Nextcloud Text

There are many moments when a light-weight, distraction-free text editor is the perfect solution for the task. Note taking, writing down thoughts or brainstorming a little don't require advanced editors with thousands of features. Nextcloud Text is an integrated, collaborative markdown-based text editor and ships as part of Nextcloud 17. Compared to the test version we made available for Nextcloud 16, this version has much improved reliability and introduces plain text editing with syntax highlighting for code.

All the good features are still here, and improved:

  • markdown-based
  • simple, efficient interface
  • any number of collaborators
  • support for bullets, headers, bold, italics, images and strike-through
  • sidebar with sharing, comments, versions, video chat and activity
  • and now: plain text editing with syntax highlighting

Learn more in our earlier announcement.

Performance, scalability and storage integration: IBM Spectrum Scale, Global Scale and S3.

This release delivers a number of improvements in the area of performance, scalability and storage integration.

Real time document collaboration with Global Scale

This release expands the capabilities of our unique Global Scale architecture to Colabora Online. Global Scale is designed to enable some of our largest customers to run a single Nextcloud instance with tens of millions of users. Collabora Online GS integration allows these users to seamlessly collaborate with each other on office documents.

Global Scale has been in production since 2017 in a commercial setup for tens of millions of users across 4 continents. Several other customers have deployed or began experimenting with Global Scale in the last years. Thanks to the new integration, Collabora Online installations at multi-million user scale are now set to roll out.

For smaller deployments, these changes are also relevant: users can now collaboratively edit documents across private Nextcloud servers!

See the Collabora/Nextcloud announcement of Global Scale integration here.

IBM Spectrum Scale logo

IBM Spectrum Scale integration

In collaboration with IBM, Nextcloud 17 introduces IBM Spectrum Scale integration.

IBM Spectrum Scale is a high-performance file system for managing data with the distinctive ability to perform analytics in place with comprehensive support for data access protocols including POSIX, NFS, SMB, HDFS and S3/Object. It can provide a single namespace for all this data, offering a single point of management with an intuitive graphical user interface. IBM Spectrum Scale offers high scalability, high availability, automated data management and reliability with no single point of failure in large file storage infrastructure.

On request of several major research organizations and universities, Nextcloud and IBM developed this integration between IBM's Spectrum Scale and the Nextcloud storage layer. A white paper with more details can be found on the IBM website. An example use case would be when a research institute has a large storage system where research data is written to by scientific tools. Thanks to this integration, this data can be made available real time through Nextcloud and manipulated without the risk of accessing outdated information.

See the announcement of the Nextcloud and IBM collaboration here.

S3 versioning integration

Nextcloud 17 introduces S3 versioning support which allows a Nextcloud server to use the native versioning of S3 rather than its own. This allows a system administrator to manage versions using native S3 tools but, when used with S3 as external storage, also improves compatibility with other applications which access the same data. Nextcloud will then be able to recognize versions created by these other applications, and vice versa.

More responsive web interface and decreased server load

In every release, Nextcloud improves in performance and responsiveness of its user interface. For this release:

  • We have significantly reduced the number of requests to the server on page loads.
  • We do more streaming when writing to storage
  • A new event dispatcher interface does simpler linking and more lazy loading.
  • An initial state manager makes some pages feel more instant since it saves the initial ajax all to the backend.

This should help decrease server load and improve the snappyness of the web interface.

Nextcloud Talk

With this Nextcloud version comes again a release of Nextcloud Talk. Like the previous release, the work for this release was focused on improving the reliability of Talk, but a few new features were integrated as well:

  • Added a simple Lobby: moderators can join and prepare a call/meeting while users and guests can not join yet
  • Allow to mention guest users
  • Added a voice level indicator and notify the user when they speak while they are muted

Client releases!

Today, we also make available releases of our Android, iOS and desktop clients!

Note that the Android client will have FIDO2 support, which was developed in collaboration with Nitrokey and Cotech. Learn more in the blog by Cotech!

Even more

There is much more new and improved in this Nextcloud release. For example, we have a systems overview in the admin settings which shows system package versions to help the admin administer their system. The monitoring section received a bit of a redesign. We could keep going, but we rather recommend you try out Nextcloud 17 RC1 and help us make it as stable as possible!

Also, be sure to check out the other news from the Nextcloud Conference which includes:

Start the discussion at the
Nextcloud forums

Go to Forums