You can store your software in the Remository file store. Access can be controlled by setting the groups that can access a container. Remository provides a module to show users their ID string needed to enable updates. The Remository multi-module can help you to construct the download link for the XML. More details can be found at https://docs.black-sheep-research.com/remository:joomlaupdate.
Currently, there are three options:
1. The default is the site database. Uploaded files are always stored in the database prior to approval. Storing files in the database is very secure, as no matter what they contain, they cannot be executed. (Obviously you still need to take care not to host files that could be harmful to your users). The repository can be migrated simply by transferring the database.
2. The file system. Although database is recommended for most uses, you may want to store the file repository in the file system. You can set a default location and also set individual locations for each container. Ideally, you should locate the files outside the web server document root for security. Remository will insert an ID number into the file name if you wish, so as to allow multiple files with the same name. This is not visible to users.
3. Another alternative is Amazon's S3 storage service. That allows for unlimited storage (subject to cost) and high speed delivery of files. The files cannot present any risk to your web site.
You can find more information on file storage in the Remository documentation
If a Joomla update of Remository fails, and you visit the link shown by Joomla for downloading the software, you are likely to get this failure message. It is followed by more text. If the upgrade fails, attempting to download the link is also likely to fail. What the message is trying to tell you is that you must have a current subscription, and have entered your user token into Remository. The user token can be found on the profile page when you are logged in. It is stored by going to the Remository Options (in the admin interface). The user token is the first item in the options.