Presentation is loading. Please wait.

Presentation is loading. Please wait.

ShareFile Technical Overview. Agenda Introduction to ShareFile Enterprise High-Level Architecture Availability and Redundancy StorageZones Security Authentication.

Similar presentations


Presentation on theme: "ShareFile Technical Overview. Agenda Introduction to ShareFile Enterprise High-Level Architecture Availability and Redundancy StorageZones Security Authentication."— Presentation transcript:

1 ShareFile Technical Overview

2 Agenda

3 Introduction to ShareFile Enterprise High-Level Architecture Availability and Redundancy StorageZones Security Authentication Follow-me-data with Citrix CloudGateway & Receiver Wrap-up

4 ShareFile Introduction

5 Enables file sharing with anyone Syncs data across all devices Online file sharing spaces for virtual teams Selective offline access on mobile devices Data protection  Encryption  Device lock  Remote wipe  Poison-pill

6 Why ShareFile? Enable workforce mobility & BYOD Address the “Dropbox-Problem” Simple and secure data sharing  Fellow employees  Team collaboration  Clients, 3 rd party collaboration Enhanced productivity

7 Alternative Protocol (Cloud SZ) Broad Device, Workflow and Protocol Support Desktop Apps Automation Mobile Apps Mobile Site iPhoneAndroid BlackBerry Windows 7 Phone iPad Android Tablet Outlook Plug-in Mac OS Sync Browser Windows Sync Command Line Interface*

8 ShareFile High-level Architecture

9 ShareFile – with Citrix managed StorageZones DB *.sharefile.com *.sf-api.com Storage Center (EC2) S3 Account info Brokering Reporting Access Control Account info Brokering Reporting Access Control Control Plane Storage Centers Backend Storage Various Locations WW Storage Centers Backend Storage Various Locations WW StorageZones Client

10 ShareFile – Current Architecture With Citrix managed StorageZones

11 ShareFile Control Plane SQL Cluster SQL Cluster Load balancing Webservers “main app” API Webservers Replication to DR Datacenter TLS/SSL AES-256 Encryption DMZ No Client Files File Metadata Account Data No Client Files File Metadata Account Data Load balancing Client

12 Storage EBS ShareFile StorageZones Storage Centers TLS/SSL AES-256 Encryption Client Storage EC2 S3 Utility Servers AES-256 Encryption Cache File Processing Anti Virus & Thumbnailing Full Text Index Backup Anti Virus & Thumbnailing Full Text Index Backup Elastic Block Storage S3 Commit AES-256 Encryption FTP Servers FTP/FTPS Encrypted Backup to 3 rd Party Datacenter Backup S % availability and % durability

13 Storage EBS ShareFile StorageZones - Download Storage Centers TLS/SSL AES-256 Encryption Client Storage EC2 S3 Elastic Block Storage FTP Servers FTP/FTPS

14 Availability and Redundancy

15 Availability Information Real-time backup to Citrix data center Automatic failover (if necessary) Lazy file deletion to support file recovery

16 ShareFile StorageZones

17 Now available for all ShareFile Enterprise accounts Store files in customer-managed StorageZones, in Citrix-managed StorageZones or both Technology proven in the Cloud Seamless user experience

18 Why StorageZones? Meet unique compliance and data sovereignty requirements by storing data On-Prem Optimize end user performance by placing files and folders in close proximity Compliance Performance

19 ShareFile - Citrix managed StorageZones DB *.sharefile.com *.sf-api.com Storage Center (EC2) S3 Account info Brokering Reporting Access Control Account info Brokering Reporting Access Control Control Plane Storage Centers Backend Storage Various Locations WW Storage Centers Backend Storage Various Locations WW StorageZones Client

20 Storage Center (EC2) S3 Citrix managed and On-Prem StorageZones Account info Brokering Reporting Access Control Account info Brokering Reporting Access Control Control Plane Client Customer Datacenter Storage Center (Windows IIS) CIFS Storage Centers Backend Storage In customer Datacenter(s) Hybrid with cloud Storage Centers Backend Storage In customer Datacenter(s) Hybrid with cloud StorageZones DB *.sharefile.com *.sf-api.com

21 Citrix managed StorageZones Control Plane Customer managed StorageZones 21

22 ShareFile European Control Plane https://.sharefile.eu Enterprise Accounts available in Q4 High Performance User Proximity Government Compliance In Citrix Online datacenter in Germany

23 Using StorageZones

24 StorageZones can be set on  User-level  Root Folder-level

25 Using StorageZones

26 On-Prem Deployment Models

27 Proof of Concept Deployment Firewall Storage Center https Public Internet IP

28 HA Deployment Storage Center https Public Internet IP Storage Center https Storage Center Storage https Public Internet IP 1 Firewall

29 Secure DMZ Deployment http or https https Public Internet IP Storage Center Storage Center Storage Firewall http or https

30 StorageZones Setup

31 On-premise StorageZones Requirements Windows 2008 Server R2 IIS Web Services role with ASP.NET Microsoft.NET 4.0 A public-resolvable internet hostname An SSL certificate for the above  Public, Windows accepted Certificate Authority  Self-signed or unsigned certificates are not supported

32 IIS Configuration Install SSL certificate and bind certificate to https port 443  Not needed when using DMZ proxy ISAPI and CGI Restrictions  ASP.NET v4.0.x needs to be set to “Allowed”

33 Storage Center Installation

34 Storage Center Configuration

35 Shared Storage Configuration CIFS Share Access Storage Centers will access the Share using the StorageCenterAppPool user Application Pools → StorageCenterAppPool → Advanced Setting → Identity Additional permission settings documented in eDocs

36 Troubleshooting StorageZones

37 Basic Troubleshooting Ensure you type without port or https & check for typos on Configuration Page Ensure on Enterprise account with SZ Make sure user account has SZ admin permissions Check if Storage Center URL is accessible from outside Check file share for creation of directories Check if SCKeys.txt is created in root of file share Logs!

38 Demonstration of StorageZones

39 ShareFile Security

40 Security Information SSAE 16 audited data centers SSL Encryption in transit AES 256-bit encryption at rest All uploaded files scanned for viruses Daily scans for McAfee SECURE accreditation All ShareFile servers protected by dedicated firewalls

41 Standard Download Security Client Control Plane StorageZones 1 1 Client requests a file 2 Prepare message send to Storage Center 3 HMAC is validated 5 Client receives download URL with HMAC 6 Client requests download 7 HMAC is validated 8 Storage Center gets file from storage 9 Download starts 2 Storage Center Storage Main App/ API servers DB Shared Secret (trust) Storage Center confirms validity

42 Trust & Encryption – On-Premise StorageZones StorageZones Storage Center Shared Secret (trust) DB *.sharefile.com *.sf-api.com Storage Shared Key created when StorageZone is created Storage encryption key created when StorageZone is created Encryption Key is encrypted by Passphrase when Storage Center is configured

43 DMZ Download Security with On-Prem StorageZones NetScaler can handle incoming HMAC’s Security Best Practice  Connections with bad requests will not enter the internal network Documented in admin guide on eDocs StoragZone Storage Center 1 NetScaler strips HMAC from URI 2 NetScaler sends URI & HMAC to Storage Center 3 HMAC is validated by Storage Center 5 Process Completes 4 Storage Center sends confirmation to NS

44 ShareFile Authentication

45 ShareFile Authentication Options Built-in Authentication  Uses combination of address and password  Passwords are stored hashed in database SAML Support  Broad Identity Provide Support, including ADFS CloudGateway  Offers user provisioning functionality  Receiver integration  Recommended, especially for existing Citrix customer

46 Enterprise Active Directory Options Requires customer provided and configured SAML provider Microsoft ADFS Support Also supports popular Identity Providers such as:  OneLogin  CA SiteMinder  PingIdentity PingFederate  SalesForce Unified storefront for all applications, data and services Instant user provisioning and de- provisioning Fully integrated with Receiver Real-time SaaS application monitoring Comprehensive access control policies SAML 2.0 Support

47 SAML Authentication User account is still required in ShareFile  Folder Access Control  Licensing Users will be matched by address Identity Provider Password will never be send to Control Plane Password reset can be disabled Requires tools to be ‘SAML-aware’  ShareFile web site and iPad app are today with other tool support coming

48 Service Provider (sharefile.com) Identity Provider (e.g. CloudGateway, ADFS) Client requests ShareFile SSO login URL 2 Client discovers identity provider 3 Client redirected to identify provider 4 Client requests identity provider URL 5 Identity Provider identifies the user 6 User is authenticated and is redirected to Assertion Consumer Service URL with SAML response 7 User agent requests ACS URL 8 ACS validates SAML response and redirects user agent to ShareFile URL 9 User agent requests ShareFile URL User has access SAML How it works Client

49 ShareFile Account Creation User creation can be done manually  One-by-one  Import from Excel spreadsheet User is provisioned through CloudGateway User Management Tool

50 Creates ShareFile user accounts and distribution lists based on AD users and groups Option to notify users of account creation Ability to select default StorageZone for users Easy process for keeping AD and SF in sync

51 Citrix CloudGateway & Receiver Follow-me-data

52 PC Mac Smartphone Tablet Thin Client StoreFront™ services Content Controllers Access Gateway services

53

54

55 Technology Preview ShareFile StorageZone Connectors

56 #CitrixSynergy ShareFile StorageZone Connectors for Network Shares 56 ShareFile Personal Folder ShareFile Team Folder Existing Network Share Citrix Confidential - Do Not Distribute

57 Wrap Up

58 Citrix ShareFile Robust filesharing technology designed for the Enterprise SaaS model with Cloud and On-premise options Secure AD Authentication options CloudGateway Integration available soon

59 Work better. Live better.


Download ppt "ShareFile Technical Overview. Agenda Introduction to ShareFile Enterprise High-Level Architecture Availability and Redundancy StorageZones Security Authentication."

Similar presentations


Ads by Google