Digicomp Academy AG, profile picture
Uploaded byDigicomp Academy AG
PDF, PPTX2,734 views

Citrix Day 2012: ShareFile

ShareFile Enterprise allows for file sharing with anyone, syncing data across devices, and creating online file sharing spaces for virtual teams. It provides selective offline access on mobile devices and encrypts data for protection. ShareFile addresses issues with services like Dropbox by enabling workforce mobility and simple, secure data sharing between employees, teams, and external collaborators. It enhances productivity through broad device, workflow, and protocol support. ShareFile uses a high-level architecture with control planes and storage zones for managing file storage across various locations worldwide.

Embed presentation

Download as PDF, PPTX
ShareFile Enterprise Roger Bösch Citrix Systems International GmbH
ShareFile Introduction
• Enables file sharing with anyone • Syncs data across all devices • Online file sharing spaces for virtual teams Store Sync • Selective offline access on mobile devices • Data protection ᵒ Encryption ᵒ Device lock ᵒ Remote wipe ᵒ Poison-pill Share
Why ShareFile? • Enable workforce mobility & BYOD • Address the “Dropbox-Problem” • Simple and secure data sharing ᵒ Fellow employees ᵒ Team collaboration ᵒ Clients, 3rd party collaboration • Enhanced productivity
Broad Device, Workflow and Protocol Support Desktop Apps Alternative Protocol / Automation Outlook Desktop Plug-in Widget Desktop Enterprise Command Line Drive Sync Sync Mapping Interface Mobile Apps Mobile Windows 7 Android iPhone Android BlackBerry iPad Site Phone Tablet
ShareFile High-level Architecture
ShareFile – with Citrix managed StorageZones *.sharefile.com *.sf-api.com Control Plane • Account info • Brokering • Reporting • Access Control DB Client Storage Center (EC2) StorageZones • Storage Centers • Backend Storage • Various Locations WW S3
ShareFile – Current Architecture With Citrix managed StorageZones
ShareFile Control Plane DMZ No Client Files File Metadata Webservers “main app” Account Data Load balancing Client SQL Cluster Load balancing TLS/SSL AES-256 Encryption API Webservers Replication to DR Datacenter
S3 99.99% ShareFile StorageZones availability and 99.999999999% durability FTP/FTPS FTP Servers Utility Servers Anti Virus & Client Thumbnailing Full Text Index Storage Centers Backup Encrypted Backup to 3rd Storage Party Datacenter Storage Storage S3 Commit TLS/SSL AES-256 File Processing Encryption EBS EBS EBS Cache EBS AES-256 Encryption Backup Elastic Block Storage AES-256 Encryption EC2 S3
ShareFile StorageZones - Download FTP/FTPS FTP Servers Client Storage Centers Storage Storage Storage TLS/SSL AES-256 Encryption EBS EBS EBS EBS Elastic Block Storage EC2 S3
Availability and Redundancy
Availability Information • Real-time backup to Citrix data center • Automatic failover (if necessary) • Lazy file deletion to support file recovery
ShareFile StorageZones
ShareFile StorageZones • Store files in customer managed StorageZones and/or in the Citrix managed StorageZones • Modified On-Prem version of existing Storage Plane software • Same user experience • Technology Preview available
Why StorageZones? Compliance Performance Meet unique compliance and Optimize end user performance data sovereignty requirements by placing files and folders in by storing data On-Prem close proximity
ShareFile - Citrix managed StorageZones *.sharefile.com *.sf-api.com Control Plane • Account info • Brokering • Reporting • Access Control DB Client Storage Center (EC2) StorageZones • Storage Centers • Backend Storage • Various Locations WW S3
Citrix managed and On-Prem StorageZones *.sharefile.com *.sf-api.com Control Plane • Account info • Brokering • Reporting • Access Control DB Client StorageZones Storage Center (Windows IIS) • Storage Centers • Backend Storage Storage Center (EC2) • In customer Datacenter(s) • Hybrid with cloud NAS CIFS S3 Customer Datacenter
NEW: Control Plane in Germany / Frankfurt Citrix managed StorageZones Control Planes Customer - managed StorageZones
Using StorageZones
Using StorageZones • StorageZones can be set on ᵒ User-level ᵒ Root Folder-level
Using StorageZones
On-Prem Deployment Models
Proof of Concept Deployment https https Firewall Storage Center 10.0.0.20 Public Internet IP 10.0.0.1
HA Deployment Public Internet IP 1 https https Firewall Storage Center 10.0.0.20 https https Storage Center Storage Storage Center Public Internet IP 2 10.0.0.1 10.0.0.21
Secure DMZ Deployment http or https https Firewall Firewall Storage Center 10.0.0.20 http or https Storage Storage Center Public 10.0.0.1 10.0.0.21 Internet IP
StorageZones Setup
On-premise StorageZones Requirements • Windows 2008 Server R2 • IIS Web Services role with ASP.NET • Microsoft .NET 4.0 • A public-resolvable internet hostname • An SSL certificate for the above ᵒ Public, Windows accepted Certificate Authority ᵒ Self-signed or unsigned certificates are not supported at this time
IIS Configuration • Install SSL certificate and bind certificate to https port 443 ᵒ Not needed when using DMZ proxy • ISAPI and CGI Restrictions ᵒ ASP.NET v4.0.x needs to be set to “Allowed”
Storage Center Installation
Storage Center Configuration
Shared Storage Configuration • Tech Preview can use CIFS (UNC) or local or mapped drive/directory • Storage Centers will access the Share using the StorageCenterAppPool user ᵒ Default NetworkService ᵒ Can be changed • Application Pools → StorageCenterAppPool → Advanced Setting → Identity
ShareFile Security
Security Information • SSAE 16 audited data centers • SSL Encryption in transit • AES 256-bit encryption at rest • All uploaded files scanned for viruses • Daily scans for McAfee SECURE accreditation • All ShareFile servers protected by dedicated firewalls
Standard Download Security Client 1 Client requests a file 2 Prepare message send to Storage Center 3 HMAC is validated 1 5 9 6 4 Storage Center confirms validity 5 Client receives download URL with HMAC 3 7 6 Client requests download StorageZones Control Plane 2 4 7 HMAC is validated Main App/ Storage Center 8 Storage Center gets file from storage API servers 8 9 Download starts DB EBS S3 Shared Secret (trust)
Trust & Encryption – On-Premise StorageZones Storage Center *.sharefile.com *.sf-api.com StorageZones Shared Secret (trust) DB Storage Shared Key Created when StorageZone is created Storage encryption based on Passphrase during Storage Center configuration
Download Security with On-Prem StorageZones DMZ 1 5 • NetScaler can handle incoming HMAC’s • Can also work with other 3rd Party products 2 4 • HMAC part of URI: &h=… StoragZone 3 • Shared key not required on NetScaler Storage Center 1 NetScaler strips HMAC from URI 2 NetScaler sends URI & HMAC to Storage Center 3 HMAC is validated by Storage Center 4 Storage Center sends confirmation to NS 5 Process Completes
NetScaler Configuration • For Validation checks, you will need to configure http callouts and a responder policy • http://support.citrix.com/article/CTX133417 • Future version of NetScaler will have pre-configured policies
ShareFile Authentication
ShareFile Authentication Options • Built-in Authentication ᵒ Uses combination of email address and password ᵒ Passwords are stored hashed in database • SAML Support ᵒ Broad Identity Provide Support, including ADFS • CloudGateway ᵒ Offers user provisioning functionality ᵒ Receiver integration ᵒ Recommended, especially for existing Citrix customer
Enterprise Active Directory Options SAML 2.0 Support • Requires customer provided and • Unified storefront for all applications, data configured SAML provider and services • Microsoft ADFS Support • Instant user provisioning and de- • Also supports popular Identity provisioning Providers such as: • Fully integrated with Receiver ᵒ OneLogin ᵒ CA SiteMinder • Real-time SaaS application monitoring ᵒ PingIdentity PingFederate • Comprehensive access control policies ᵒ SalesForce
SAML Authentication • User account is still required in ShareFile ᵒ Folder Access Control ᵒ Licensing • Users will be matched by email address • Identity Provider Password will never be send to Control Plane • Password reset can be disabled • Requires tools to be ‘SAML-aware’ ᵒ ShareFile web site and iPad app are today with other tool support coming
SAML Client 1 Client requests ShareFile SSO login URL How it works 2 Client discovers identity provider 3 Client redirected to identify provider 4 Client requests identity provider URL 5 Identity Provider identifies the user 1 7 2 8 3 9 4 5 User is authenticated and is redirected to 6 Assertion Consumer Service URL with SAML response User has access 7 User agent requests ACS URL ACS validates SAML response and redirects 8 user agent to ShareFile URL 9 User agent requests ShareFile URL 6 Service Provider Identity Provider (sharefile.com) (e.g. CloudGateway, ADFS)
ShareFile Account Creation • User creation can be done manually ᵒ One-by-one ᵒ Import from Excel spreadsheet • User is provisioned through CloudGateway • Employee Creation Tool
Employee Creation Tool • Creates ShareFile user accounts and distribution lists based on AD users and groups • Option to notify users of account creation • Built-in log • Ability to select default StorageZone for users • Users added with the ECT should also be removed with the ECT
Employee Creation Tool Options • Pre-defined user account settings ᵒ Enabled: • Personal File Box • Manage Client Users • My Settings link available • User is added to Company Address Book ᵒ Disabled: • Selection of StorageZones for root-level folders • Ability to change password • Edit Shared Address Book • Root folder creation and email notification through UI • EmployeeCreationTool.exe.config
Citrix CloudGateway & Receiver Follow-me-data
Access Gateway services PC StoreFront™ Mac services Smartphone Tablet Thin Client Content Controllers
Deployment Option & Features Features ShareFile Receiver + ShareFile + CloudGateway Access + Security Multi-device/platform access √ √ Desktop synch √ √ Offline Access √ √ AD + SAML Support √ √ Remote wipe of data √ √ Collaboration Shared Folders with permissions √ √ Outlook plug-in √ √ Simple link sharing √ √ Enterprise Control + Unified Delivery Remote Wipe of apps and data √ SSO across Apps and Data with 2-factor support √ AD based Roles and Provisioning/De-provisioning √ XenApp Integration √ Apps and Data via Single UI (Receiver) √ Unified Admin console for apps and data √ Policy based access* √ Data Encryption with shredding* √
What’s Next
ShareFile StorageZones Connect Tech Preview *.sharefile.com *.sf-api.com Control Plane • Web application • Brokering • Reporting DB • Access Control Client StorageZone Storage Center (Windows IIS) • Provide mobile access to files in existing CIFS shares CIFS NAS Share Customer Datacenter
ShareFile StorageZones Connect Tech Preview ShareFile Personal Folder ShareFile Team Folder ShareFile Team Folder Existing Network Share
Work better. Live better.

More Related Content

PDF
Citrix Day 2014: ShareFile Enterprise
byDigicomp Academy AG
 
PDF
Introducing ShareFile Enterprise Edition
byCitrix
 
PPTX
Citrix ShareFile Storage Presentation Datenspeicher Cloud english
byBarbaros Üstün
 
PPTX
ShareFile vs Box vs Dropbox
byRapidScale
 
PDF
Citirx Day 2013: Citrix Enterprise Mobility
byDigicomp Academy AG
 
PPTX
Office 365: Do’s and Don’ts, Lessons learned from the field
byMicrosoft TechNet - Belgium and Luxembourg
 
PPTX
Securing Intellectual Property using Azure Rights Management Services
bySPC Adriatics
 
PPTX
SoftLayer Storage Services Overview (for Interop Las Vegas 2015)
byMichael Fork
 
Citrix Day 2014: ShareFile Enterprise
byDigicomp Academy AG
 
Introducing ShareFile Enterprise Edition
byCitrix
 
Citrix ShareFile Storage Presentation Datenspeicher Cloud english
byBarbaros Üstün
 
ShareFile vs Box vs Dropbox
byRapidScale
 
Citirx Day 2013: Citrix Enterprise Mobility
byDigicomp Academy AG
 
Office 365: Do’s and Don’ts, Lessons learned from the field
byMicrosoft TechNet - Belgium and Luxembourg
 
Securing Intellectual Property using Azure Rights Management Services
bySPC Adriatics
 
SoftLayer Storage Services Overview (for Interop Las Vegas 2015)
byMichael Fork
 

What's hot

PDF
The Enteprise File Fabric and IBM COS | Solution Guide
byHybrid Cloud
 
PPTX
Office Track: SharePoint Apps for the IT Pro - Thomas Vochten
byITProceed
 
PPTX
Office 365-single-sign-on-with-adfs
byamitchachra
 
PDF
#MFSummit2016 Operate: The race for space
byMicro Focus
 
PDF
Cloud portal business manager product overview
byNuno Alves
 
PDF
The Enterprise File Fabric and IBM COS: S3 Drive and S3 Explorer | Solution B...
byHybrid Cloud
 
PPTX
Cloudciti Enterprise File Share Services
byPT Datacomm Diangraha
 
PPT
Introducing DirectReader
byDirectReader
 
PPTX
OFM AIA FP Implementation View and Case Study
bySreenivasa Setty
 
PDF
Vaultize Cloud Architecture - Enterprise File Sync and Share (EFSS)
byVaultize
 
PDF
Mobility & security Microsoft SPE5 By Bipeen Sinha
byBipeen Sinha
 
PPTX
MCSA 70-412 Chapter 08
byComputer Networking
 
PDF
Is Office 365 Right For You? Aptera Software presentation
byAptera Inc
 
PPTX
Citrix xenapp training
byYuvaraj1986
 
PDF
What's new in Citrix XenApp 7.5 und XenDesktop 7.5?
byDigicomp Academy AG
 
PPTX
The Untethered Enterprise - Synchronizing Content Across Multiple Storage Pla...
byWithumSmith+Brown, formerly Portal Solutions
 
PPT
1 - Why Host on Windows (28).ppt
bywebhostingguy
 
PDF
ECS19 - Jussi Roine - Microsoft 365 Deep Dive
byEuropean Collaboration Summit
 
PPTX
6 Ways to Get More From Your Azure
byHolly Plude
 
PPTX
SharePoint 2016
byElaine Van Bergen
 
The Enteprise File Fabric and IBM COS | Solution Guide
byHybrid Cloud
 
Office Track: SharePoint Apps for the IT Pro - Thomas Vochten
byITProceed
 
Office 365-single-sign-on-with-adfs
byamitchachra
 
#MFSummit2016 Operate: The race for space
byMicro Focus
 
Cloud portal business manager product overview
byNuno Alves
 
The Enterprise File Fabric and IBM COS: S3 Drive and S3 Explorer | Solution B...
byHybrid Cloud
 
Cloudciti Enterprise File Share Services
byPT Datacomm Diangraha
 
Introducing DirectReader
byDirectReader
 
OFM AIA FP Implementation View and Case Study
bySreenivasa Setty
 
Vaultize Cloud Architecture - Enterprise File Sync and Share (EFSS)
byVaultize
 
Mobility & security Microsoft SPE5 By Bipeen Sinha
byBipeen Sinha
 
MCSA 70-412 Chapter 08
byComputer Networking
 
Is Office 365 Right For You? Aptera Software presentation
byAptera Inc
 
Citrix xenapp training
byYuvaraj1986
 
What's new in Citrix XenApp 7.5 und XenDesktop 7.5?
byDigicomp Academy AG
 
The Untethered Enterprise - Synchronizing Content Across Multiple Storage Pla...
byWithumSmith+Brown, formerly Portal Solutions
 
1 - Why Host on Windows (28).ppt
bywebhostingguy
 
ECS19 - Jussi Roine - Microsoft 365 Deep Dive
byEuropean Collaboration Summit
 
6 Ways to Get More From Your Azure
byHolly Plude
 
SharePoint 2016
byElaine Van Bergen
 

Similar to Citrix Day 2012: ShareFile

PPTX
Using Cloud Storage Gateways to Build a Cloud SAN
byTwinStrata, Inc
 
PPTX
Vormetric - Gherkin Event
byintellectsecurity
 
PDF
#VMUGMTL DELL Breakout
by1CloudRoad.com
 
PDF
The Efficient Use of Cyberinfrastructure to Enable Data Analysis Collaboration
byCybera Inc.
 
PDF
AWS Use Cases
bysamof76
 
PPTX
SQLUG event: An evening in the cloud: the old, the new and the big
byMike Martin
 
PDF
Windows Azure Platform
bySoumow Dollon
 
PPTX
Track 2, session 5, aligning security with business kartik shahani
byEMC Forum India
 
PPTX
Personal storage to enterprise storage system journey
bySoumen Sarkar
 
PDF
Enterprise Applications on AWS
byAmazon Web Services LATAM
 
PPTX
17h30 aws enterprise_app_jvaria
byLuiz Gustavo Santos
 
PDF
Data Loss Prevention de RSA
byAEC Networks
 
PPTX
Patterns of Cloud Applications Using Microsoft Azure Services Platform
byDavid Chou
 
PDF
Choosing Your Windows Azure Platform Strategy
bydrmarcustillett
 
PDF
Cloudian at cassandra conference in tokyo
byCLOUDIAN KK
 
PDF
Mach Technology
byOpen Stack
 
PDF
Building reliable systems from unreliable components
byArnon Rotem-Gal-Oz
 
PPTX
Do More with Oracle Environment with Open and Best of breed Technologies
byEMC Forum India
 
PDF
PHP Day 2011 PHP goes to the cloud
bypietrobr
 
PDF
Building Applications with AWS
byAmazon Web Services LATAM
 
Using Cloud Storage Gateways to Build a Cloud SAN
byTwinStrata, Inc
 
Vormetric - Gherkin Event
byintellectsecurity
 
#VMUGMTL DELL Breakout
by1CloudRoad.com
 
The Efficient Use of Cyberinfrastructure to Enable Data Analysis Collaboration
byCybera Inc.
 
AWS Use Cases
bysamof76
 
SQLUG event: An evening in the cloud: the old, the new and the big
byMike Martin
 
Windows Azure Platform
bySoumow Dollon
 
Track 2, session 5, aligning security with business kartik shahani
byEMC Forum India
 
Personal storage to enterprise storage system journey
bySoumen Sarkar
 
Enterprise Applications on AWS
byAmazon Web Services LATAM
 
17h30 aws enterprise_app_jvaria
byLuiz Gustavo Santos
 
Data Loss Prevention de RSA
byAEC Networks
 
Patterns of Cloud Applications Using Microsoft Azure Services Platform
byDavid Chou
 
Choosing Your Windows Azure Platform Strategy
bydrmarcustillett
 
Cloudian at cassandra conference in tokyo
byCLOUDIAN KK
 
Mach Technology
byOpen Stack
 
Building reliable systems from unreliable components
byArnon Rotem-Gal-Oz
 
Do More with Oracle Environment with Open and Best of breed Technologies
byEMC Forum India
 
PHP Day 2011 PHP goes to the cloud
bypietrobr
 
Building Applications with AWS
byAmazon Web Services LATAM
 

More from Digicomp Academy AG

PDF
Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019
byDigicomp Academy AG
 
PDF
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
byDigicomp Academy AG
 
PPTX
Innovation durch kollaboration gennex 2018
byDigicomp Academy AG
 
PDF
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handout
byDigicomp Academy AG
 
PDF
Roger basler meetup_21082018_work-smarter-not-harder_handout
byDigicomp Academy AG
 
PDF
Xing expertendialog zu nudge unit x
byDigicomp Academy AG
 
PDF
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?
byDigicomp Academy AG
 
PDF
IPv6 Security Talk mit Joe Klein
byDigicomp Academy AG
 
PDF
Agiles Management - Wie geht das?
byDigicomp Academy AG
 
PPTX
Gewinnen Sie Menschen und Ziele - Referat von Andi Odermatt
byDigicomp Academy AG
 
PDF
Querdenken mit Kreativitätsmethoden – XING Expertendialog
byDigicomp Academy AG
 
PDF
Xing LearningZ: Digitale Geschäftsmodelle entwickeln
byDigicomp Academy AG
 
PDF
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
byDigicomp Academy AG
 
PDF
UX – Schlüssel zum Erfolg im Digital Business
byDigicomp Academy AG
 
PDF
Minenfeld IPv6
byDigicomp Academy AG
 
PDF
Was ist design thinking
byDigicomp Academy AG
 
PDF
Die IPv6 Journey der ETH Zürich
byDigicomp Academy AG
 
PDF
Zahlen Battle: klassische werbung vs.online-werbung-somexcloud
byDigicomp Academy AG
 
PDF
General data protection regulation-slides
byDigicomp Academy AG
 
PDF
Möglichkeiten der Online-Werbung - Referat von Matteo Schürch
byDigicomp Academy AG
 
Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019
byDigicomp Academy AG
 
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
byDigicomp Academy AG
 
Innovation durch kollaboration gennex 2018
byDigicomp Academy AG
 
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handout
byDigicomp Academy AG
 
Roger basler meetup_21082018_work-smarter-not-harder_handout
byDigicomp Academy AG
 
Xing expertendialog zu nudge unit x
byDigicomp Academy AG
 
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?
byDigicomp Academy AG
 
IPv6 Security Talk mit Joe Klein
byDigicomp Academy AG
 
Agiles Management - Wie geht das?
byDigicomp Academy AG
 
Gewinnen Sie Menschen und Ziele - Referat von Andi Odermatt
byDigicomp Academy AG
 
Querdenken mit Kreativitätsmethoden – XING Expertendialog
byDigicomp Academy AG
 
Xing LearningZ: Digitale Geschäftsmodelle entwickeln
byDigicomp Academy AG
 
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
byDigicomp Academy AG
 
UX – Schlüssel zum Erfolg im Digital Business
byDigicomp Academy AG
 
Minenfeld IPv6
byDigicomp Academy AG
 
Was ist design thinking
byDigicomp Academy AG
 
Die IPv6 Journey der ETH Zürich
byDigicomp Academy AG
 
Zahlen Battle: klassische werbung vs.online-werbung-somexcloud
byDigicomp Academy AG
 
General data protection regulation-slides
byDigicomp Academy AG
 
Möglichkeiten der Online-Werbung - Referat von Matteo Schürch
byDigicomp Academy AG
 

Recently uploaded

PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PDF
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
PPTX
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
PDF
The new book “Marketing in the Metaverse” spotlights Scott M. Graffius’ research
byScott M. Graffius
 
PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
PPTX
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
PPTX
apidays Paris 2025 | Integration is Feminist: Building Peace in Distributed S...
byapidays
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PDF
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PPTX
Computer architecture, Computer architecture ,Computer architecture
bywaheedqazi123
 
PPTX
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
PDF
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 
PPTX
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
PDF
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
The new book “Marketing in the Metaverse” spotlights Scott M. Graffius’ research
byScott M. Graffius
 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
apidays Paris 2025 | Integration is Feminist: Building Peace in Distributed S...
byapidays
 
Workflow and decision Automation with Flowable
bychakib ch
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
Celonis Optimizing your future with process
bydevjeremyappleyard
 
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
Computer architecture, Computer architecture ,Computer architecture
bywaheedqazi123
 
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 

Citrix Day 2012: ShareFile

  • 1.
    ShareFile Enterprise Roger Bösch CitrixSystems International GmbH
  • 2.
  • 3.
    • Enables filesharing with anyone • Syncs data across all devices • Online file sharing spaces for virtual teams Store Sync • Selective offline access on mobile devices • Data protection ᵒ Encryption ᵒ Device lock ᵒ Remote wipe ᵒ Poison-pill Share
  • 4.
    Why ShareFile? • Enableworkforce mobility & BYOD • Address the “Dropbox-Problem” • Simple and secure data sharing ᵒ Fellow employees ᵒ Team collaboration ᵒ Clients, 3rd party collaboration • Enhanced productivity
  • 5.
    Broad Device, Workflowand Protocol Support Desktop Apps Alternative Protocol / Automation Outlook Desktop Plug-in Widget Desktop Enterprise Command Line Drive Sync Sync Mapping Interface Mobile Apps Mobile Windows 7 Android iPhone Android BlackBerry iPad Site Phone Tablet
  • 6.
  • 7.
    ShareFile – withCitrix managed StorageZones *.sharefile.com *.sf-api.com Control Plane • Account info • Brokering • Reporting • Access Control DB Client Storage Center (EC2) StorageZones • Storage Centers • Backend Storage • Various Locations WW S3
  • 8.
    ShareFile – CurrentArchitecture With Citrix managed StorageZones
  • 9.
    ShareFile Control Plane DMZ No Client Files File Metadata Webservers “main app” Account Data Load balancing Client SQL Cluster Load balancing TLS/SSL AES-256 Encryption API Webservers Replication to DR Datacenter
  • 10.
    S3 99.99% ShareFile StorageZones availability and 99.999999999% durability FTP/FTPS FTP Servers Utility Servers Anti Virus & Client Thumbnailing Full Text Index Storage Centers Backup Encrypted Backup to 3rd Storage Party Datacenter Storage Storage S3 Commit TLS/SSL AES-256 File Processing Encryption EBS EBS EBS Cache EBS AES-256 Encryption Backup Elastic Block Storage AES-256 Encryption EC2 S3
  • 11.
    ShareFile StorageZones -Download FTP/FTPS FTP Servers Client Storage Centers Storage Storage Storage TLS/SSL AES-256 Encryption EBS EBS EBS EBS Elastic Block Storage EC2 S3
  • 12.
  • 13.
    Availability Information • Real-timebackup to Citrix data center • Automatic failover (if necessary) • Lazy file deletion to support file recovery
  • 14.
  • 15.
    ShareFile StorageZones • Storefiles in customer managed StorageZones and/or in the Citrix managed StorageZones • Modified On-Prem version of existing Storage Plane software • Same user experience • Technology Preview available
  • 16.
    Why StorageZones? Compliance Performance Meet unique compliance and Optimize end user performance data sovereignty requirements by placing files and folders in by storing data On-Prem close proximity
  • 17.
    ShareFile - Citrixmanaged StorageZones *.sharefile.com *.sf-api.com Control Plane • Account info • Brokering • Reporting • Access Control DB Client Storage Center (EC2) StorageZones • Storage Centers • Backend Storage • Various Locations WW S3
  • 18.
    Citrix managed andOn-Prem StorageZones *.sharefile.com *.sf-api.com Control Plane • Account info • Brokering • Reporting • Access Control DB Client StorageZones Storage Center (Windows IIS) • Storage Centers • Backend Storage Storage Center (EC2) • In customer Datacenter(s) • Hybrid with cloud NAS CIFS S3 Customer Datacenter
  • 19.
    NEW: Control Planein Germany / Frankfurt Citrix managed StorageZones Control Planes Customer - managed StorageZones
  • 20.
  • 21.
    Using StorageZones • StorageZonescan be set on ᵒ User-level ᵒ Root Folder-level
  • 22.
  • 23.
  • 24.
    Proof of ConceptDeployment https https Firewall Storage Center 10.0.0.20 Public Internet IP 10.0.0.1
  • 25.
    HA Deployment Public Internet IP 1 https https Firewall Storage Center 10.0.0.20 https https Storage Center Storage Storage Center Public Internet IP 2 10.0.0.1 10.0.0.21
  • 26.
    Secure DMZ Deployment http or https https Firewall Firewall Storage Center 10.0.0.20 http or https Storage Storage Center Public 10.0.0.1 10.0.0.21 Internet IP
  • 27.
  • 28.
    On-premise StorageZones Requirements •Windows 2008 Server R2 • IIS Web Services role with ASP.NET • Microsoft .NET 4.0 • A public-resolvable internet hostname • An SSL certificate for the above ᵒ Public, Windows accepted Certificate Authority ᵒ Self-signed or unsigned certificates are not supported at this time
  • 29.
    IIS Configuration • InstallSSL certificate and bind certificate to https port 443 ᵒ Not needed when using DMZ proxy • ISAPI and CGI Restrictions ᵒ ASP.NET v4.0.x needs to be set to “Allowed”
  • 30.
  • 31.
  • 32.
    Shared Storage Configuration •Tech Preview can use CIFS (UNC) or local or mapped drive/directory • Storage Centers will access the Share using the StorageCenterAppPool user ᵒ Default NetworkService ᵒ Can be changed • Application Pools → StorageCenterAppPool → Advanced Setting → Identity
  • 33.
  • 34.
    Security Information • SSAE16 audited data centers • SSL Encryption in transit • AES 256-bit encryption at rest • All uploaded files scanned for viruses • Daily scans for McAfee SECURE accreditation • All ShareFile servers protected by dedicated firewalls
  • 35.
    Standard Download Security Client 1 Client requests a file 2 Prepare message send to Storage Center 3 HMAC is validated 1 5 9 6 4 Storage Center confirms validity 5 Client receives download URL with HMAC 3 7 6 Client requests download StorageZones Control Plane 2 4 7 HMAC is validated Main App/ Storage Center 8 Storage Center gets file from storage API servers 8 9 Download starts DB EBS S3 Shared Secret (trust)
  • 36.
    Trust & Encryption– On-Premise StorageZones Storage Center *.sharefile.com *.sf-api.com StorageZones Shared Secret (trust) DB Storage Shared Key Created when StorageZone is created Storage encryption based on Passphrase during Storage Center configuration
  • 37.
    Download Security withOn-Prem StorageZones DMZ 1 5 • NetScaler can handle incoming HMAC’s • Can also work with other 3rd Party products 2 4 • HMAC part of URI: &h=… StoragZone 3 • Shared key not required on NetScaler Storage Center 1 NetScaler strips HMAC from URI 2 NetScaler sends URI & HMAC to Storage Center 3 HMAC is validated by Storage Center 4 Storage Center sends confirmation to NS 5 Process Completes
  • 38.
    NetScaler Configuration • ForValidation checks, you will need to configure http callouts and a responder policy • http://support.citrix.com/article/CTX133417 • Future version of NetScaler will have pre-configured policies
  • 39.
  • 40.
    ShareFile Authentication Options •Built-in Authentication ᵒ Uses combination of email address and password ᵒ Passwords are stored hashed in database • SAML Support ᵒ Broad Identity Provide Support, including ADFS • CloudGateway ᵒ Offers user provisioning functionality ᵒ Receiver integration ᵒ Recommended, especially for existing Citrix customer
  • 41.
    Enterprise Active DirectoryOptions SAML 2.0 Support • Requires customer provided and • Unified storefront for all applications, data configured SAML provider and services • Microsoft ADFS Support • Instant user provisioning and de- • Also supports popular Identity provisioning Providers such as: • Fully integrated with Receiver ᵒ OneLogin ᵒ CA SiteMinder • Real-time SaaS application monitoring ᵒ PingIdentity PingFederate • Comprehensive access control policies ᵒ SalesForce
  • 42.
    SAML Authentication • Useraccount is still required in ShareFile ᵒ Folder Access Control ᵒ Licensing • Users will be matched by email address • Identity Provider Password will never be send to Control Plane • Password reset can be disabled • Requires tools to be ‘SAML-aware’ ᵒ ShareFile web site and iPad app are today with other tool support coming
  • 43.
    SAML Client 1 Client requests ShareFile SSO login URL How it works 2 Client discovers identity provider 3 Client redirected to identify provider 4 Client requests identity provider URL 5 Identity Provider identifies the user 1 7 2 8 3 9 4 5 User is authenticated and is redirected to 6 Assertion Consumer Service URL with SAML response User has access 7 User agent requests ACS URL ACS validates SAML response and redirects 8 user agent to ShareFile URL 9 User agent requests ShareFile URL 6 Service Provider Identity Provider (sharefile.com) (e.g. CloudGateway, ADFS)
  • 44.
    ShareFile Account Creation •User creation can be done manually ᵒ One-by-one ᵒ Import from Excel spreadsheet • User is provisioned through CloudGateway • Employee Creation Tool
  • 45.
    Employee Creation Tool •Creates ShareFile user accounts and distribution lists based on AD users and groups • Option to notify users of account creation • Built-in log • Ability to select default StorageZone for users • Users added with the ECT should also be removed with the ECT
  • 46.
    Employee Creation ToolOptions • Pre-defined user account settings ᵒ Enabled: • Personal File Box • Manage Client Users • My Settings link available • User is added to Company Address Book ᵒ Disabled: • Selection of StorageZones for root-level folders • Ability to change password • Edit Shared Address Book • Root folder creation and email notification through UI • EmployeeCreationTool.exe.config
  • 47.
  • 48.
    Access Gateway services PC StoreFront™ Mac services Smartphone Tablet Thin Client Content Controllers
  • 51.
    Deployment Option &Features Features ShareFile Receiver + ShareFile + CloudGateway Access + Security Multi-device/platform access √ √ Desktop synch √ √ Offline Access √ √ AD + SAML Support √ √ Remote wipe of data √ √ Collaboration Shared Folders with permissions √ √ Outlook plug-in √ √ Simple link sharing √ √ Enterprise Control + Unified Delivery Remote Wipe of apps and data √ SSO across Apps and Data with 2-factor support √ AD based Roles and Provisioning/De-provisioning √ XenApp Integration √ Apps and Data via Single UI (Receiver) √ Unified Admin console for apps and data √ Policy based access* √ Data Encryption with shredding* √
  • 52.
  • 53.
    ShareFile StorageZones ConnectTech Preview *.sharefile.com *.sf-api.com Control Plane • Web application • Brokering • Reporting DB • Access Control Client StorageZone Storage Center (Windows IIS) • Provide mobile access to files in existing CIFS shares CIFS NAS Share Customer Datacenter
  • 54.
    ShareFile StorageZones ConnectTech Preview ShareFile Personal Folder ShareFile Team Folder ShareFile Team Folder Existing Network Share
  • 55.