Transcript of "WebDav The Interoperable Protocol for file and data access"
Storage Made Easy
WebDav the interoperable protocol for
ﬁle and data access
WebDav is an acronym for Web Distributed Authoring andVersioning and can also be referred to as just
plain old DAV.
WebDav is an extension of the HTTP protocol that was originally designed by Jim Whitehead from the
University of California at Santa Cruz in 1996 when he was working at the World Wide Web
consortium and it later became an Internet Engineering Task Force (IETF) standard.
WebDav was built as an interoperable standard to support remote collaborative authoring of Web sites
and individual documents, as well as remote access to document based systems.
Today it It is the most popular network ﬁle-system protocol for use across the Internet, and although it
has been integrated as a interoperable layer into many existing product implementations it is also
notably missing as an interoperable API standard from many, such as DropBox, Google Drive, Amazon
S3 and more.
The SME WebDav Gateway
SME provide a way to access any mapped cloud by secure WebDav irrespective of whether the
underlying Cloud Supports the WebDav protocol natively. As WebDav is so well supported in many
desktop and mobile Apps this means that Cloud Data can easily be integrated and accessible without
having to move it to access the features of a particular Application that is WebDav enabled.
Cloud File Server
Cloud Control Gateway
Connecting to WebDav Servers and Windows Shares
SME can also be conﬁgured to connect to servers that support the WebDav protocol. This use of
WebDav from a SME perspective is using WebDav as a back end cloud to store data rather than
exposing existing clouds to be accessible using the WebDav protocol.
Many existing NAS or SAN devices such as those as the NetGear ReadyNAS and the Synology devices
range already provide WebDav as an access protocol to access data. Also existing web servers such as
Apache can also be conﬁgured to use WebDav using the Mod Dav extension.
Many users of SME want to expose windows ﬁle shares and make them directly available through the
SME service to all devices. The most appropriate and secure way to do this is not to expose such
shares directly but to conﬁgure Microsoft Internet Information Server to expose these shares over
Cloud File Server
Cloud Control GatewayThis has the following advantages:
- Seamless integration with the IIS Manager
- A secondary protocol provides a security DMZ with regards to direct access to windows shares
- IIS WebDAV can be enabled at the site level, allowing IT administrators to restrict WebDAV access to
speciﬁc sites on a server.
- IIS WebDAV supports per-URL authoring rules, allowing administrators to specify custom WebDAV
security settings on a per-URL basis. This ﬁne-grained control gives administrators the ability to
maintain one set of security settings for normal HTTP requests and a separate set of security settings
- IIS WebDAV supports both shared and exclusive locks to prevent lost updates due to overwrites
- WebDAV supports secure connection as well. By enabling HTTPS over all WebDAV connections,
security is fortiﬁed. SSL certiﬁcates can also be installed to increases security measures
Advantages of WebDav for Windows File Sharing
WebDAV is an optimized protocol for document access over http. It is proven as being latency
independent and is efﬁcient over wide area networks especially in contrast to ﬁle protocols such as
NFS and CIFS.
Using secure WebDAV ensures the data is encrypted during transmission and due to the optimizations
that data is stored efﬁciently and quickly .
Why WebDav as a Cloud Connector
Cloud File Server
Cloud Control GatewayCIFS is the standard way that windows users share ﬁles across corporate intranets and the Internet
with a secureVPN connection.
To expose such shares directly to the internet or to other none windows PC’s it is needed to use a
bridging technology. Samba is often used as such as technology.With Samba, the ports 139/tcp and 445/
tcp are exposed over a public IP Address. Once this is done such shares are accessible.
The drawbacks of this are:
- The CIFS protocol used by Windows ﬁle sharing does not provide data encryption
- The protocol itself is quite chatty.
- No level of security indirection
CIFS is is an optimized protocol for access to data over a network that has been extended by VPN and
has been used in this context by many companies for a long time. The disadvantage of this is that all
devices have to support , be setup, and work with theVPN. preventing access by some devices and Apps
and making Adhoc ‘on the ﬂy’ access difﬁcult.
Why Not The Common Internet File System (CIFS)
It is beyond the scope of this white paper to go into great detail on the steps required to secure
WebDav servers but Microsoft has a very good guide on how to secure the IIS WebDav Service.This
can be accessed at:
In addition to this you should note the following best practices:
Folder Permissions: Use non-anonymous authentication. Modify the NTFS permissions on the
folder to only allow the access necessary to the users who require such access
Prevent File Execution: If you are only using WebDAV as a ﬁle store and not using it to display
web pages, then execute permissions should be removed from that site or folder.
Apache WebDav servers can be conﬁgured to use LDAP authentication and also two factor
authentication and any deployments should consider implementing these.
Securing WebDav Servers
First Floor Unit 1
26-28 Mulgrave Road
+448006899094 ext. 1 for Sales
One Reservoir Corporate Centre
4 Research Drive, Suite 402
Shelton, CT 06484
+41 (0) 43 818 46 74
Enterprise File Share and Sync (EFSS)
Cloud Control Gateway
OTHER METHODS OF CONTACT
Website: Live Sales feature. Just click to chat
UK HEAD OFFICE ADDRESS AND LOCATION