Configure file storage for internal applications using the procedure below. This is required if you are deploying Win32 apps using software distribution, but applies to all internal applications once configured.


If you have managed content taking up space in the database, Workspace ONE UEM offers you dedicated file storage. To set up file storage, you must determine the location and storage capacity, configure network requirements, and create an impersonation account. Read through the following prerequisites before you get started:

Verify the File Storage connectivity from your servers:

  1. Make sure that the file path is reachable from all the Console and DS boxes uses the same impersonation credentials defined in the UEM console when configuring File Storage.
  2. When using DFS share, if the FS path is configured using FQDN the root must be accessible from all Console and DS nodes. For example, if the file path configured in the File Storage is //, make sure that the DS has access to the root//
Create the shared folder on a server in your internal network:
  1. File storage can reside on a separate server or the same server as one of the other Workspace ONE UEM application servers in your internal network. It is only accessible to components that require access to it, such as the Console and Device Services servers.
  2. If the Device Services server, Console server, and the server hosting the shared folder are not in the same domain, then supply the domain when configuring the service account in the format <domain\username>. Domain Trust can also be established to avoid an authentication failure.
Configure the network requirements:
  1. If using Samba/SMB – TCP: 445, 137, 139. UDP: 137, 138
  2. If using NFS – TCP and UDP: 111 and 2049

Allocate sufficient hard disk capacity:

Your specific storage requirements can vary depending on how you plan to use file storage. The file storage location must have enough space to accommodate the internal applications, managed content, or reports you intend to use. Take into the account the following considerations.

  1. If you enable caching for internal applications or content, then a best practice is to size the Device Services server for 120 percent of the cumulative size of all the apps/content you must publish.
  2. For storing reports, your storage requirements depend on the number of devices, the daily number of reports, and the frequency with which you purge them. As a starting point, allocate at least 50 GB for deployment sizes up to 250,000 devices running about 200 daily reports. Adjust these numbers based on the actual amount you observe in your deployment. Apply this sizing to your Console server as well if you enable caching.
Create a service account with correct permissions:
  1. Create an account in the domain of the shared storage directory.
  2. Give the local user read/write/modify permissions to the file share that is being used for the File Storage Path.
  3. Configure File Storage Impersonation User in Workspace ONE UEM with the domain account in the format <domain\username>.
  4. If the shared storage directory is not on a domain, create an identical local user and password on the server being used for File Storage, Console, and Device Services server. In this case, supply the local user account in the format <username>.

Configure the file storage at the global organization group:

  1. Configure file storage settings at the Global organization group level in the UEM Console.


  1. At the Global organization group level, navigate to Groups & Settings > All Settings > Installation > File Path and scroll to the bottom of the page.
  2. Select the File Storage Enabled slider and configure the settings.
    When file storage is enabled, you can configure an external repository in which files are stored. A disabled setting means that files are stored as binary large objects in the database.
    Setting Description
    File Storage Path Enter the path files are to be stored in the following format: \\{Server Name}\{Folder Name}, where Folder Name is the name of the shared folder you create on the server.
    File Storage Caching Enabled

    When enabled, a local copy of files requested for download is stored on the Device Services server as a cache copy. Subsequent downloads of the same file retrieve it from the Device Services server as opposed to file storage.

    When enabled, files are cached locally on the DS server when accessed for the first time. Subsequent requests are served using the file cached on the DS server instead of streaming from the file storage location.

    If you enable caching, consider accommodating for the amount of space needed on the server.

    If you integrate with a CDN, then apps and files are distributed through the CDN provider, and a local copy is not stored on the Device Services server. For more information, refer to the VMware Workspace ONE UEM CDN Integration Guide (

    File Storage Impersonation Enabled Select to add a service account with the correct permissions.
    File Storage Impersonation Username Provide a valid service account user name to obtain both read and write permissions to the shared storage directory.
    Password Provide a valid service account password to obtain both read and write permissions to the shared storage directory.
  3. Select the Test Connection button to test the configuration.