ShareFile Technical Presentation

Similar documents
Welcome! Securely Sync, Store & Share with Citrix ShareFile

StorageZones Controller 3.4

StorageZones Controller 3.3

VMware EUC a competitor to Citrix? 2010 VMware Inc. All rights reserved

How to Access Protected Health Information from Anywhere and Stay Compliant

1Y0-371 Q&As. Designing, Deploying and Managing Citrix XenMobile 10 Enterprise Solutions. Pass home 1Y0-371 Exam with 100% Guarantee

StorageZones Controller 3.1

StorageZones Controller 3

1Y0-371.exam. Number: 1Y0-371 Passing Score: 800 Time Limit: 120 min. Citrix 1Y0-371

Citrix ShareFile Share, store, sync, and secure data on any device, anywhere

1Y Citrix. Designing Deploying and Managing Citrix XenMobile 10 Enterprise Solutions

Citrix 1Y0-371 Exam. Exam: 1Y Title : Designing, Deploying and Managing Citrix XenMobile 10 Enterprise Solutions

AppController :21:56 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Citrix Exam 1Y0-371 Designing, Deploying and Managing Citrix XenMobile 10 Enterprise Solutions Version: 6.0 [ Total Questions: 143 ]

XenMobile Technology Overview

Vendor: Citrix. Exam Code: 1Y Exam Name: Designing, Deploying and Managing Citrix XenMobile Solutions. Version: Demo

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

StorageZones Controller 4.0

Citrix is the Cloud Computing company that Enables Mobile Workstyles

StorageZones Controller 2.1

Citrix Mobile Solutions technology overview

Anchor Competitive Sheet May 2015

Citrix ShareFile Enterprise: a technical overview citrix.com

Citrix.Certkey.1Y0-370.v by.JAMIE.60q. Exam Code: 1Y Exam Name: Designing, Deploying and Managing Citrix XenMobile Solutions

Use EMS to protect your mobile data and mobile app

ShareFile Enterprise Security White Paper

VMware AirWatch Content Gateway for Windows. VMware Workspace ONE UEM 1811 Unified Access Gateway

Secure File Sharing and Real-Time Mobile Access to Business Data with Citrix ShareFile

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

Configuration Guide. BlackBerry UEM. Version 12.9

DATACENTER MANAGEMENT Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz

Box Competitive Sheet January 2014

ARCHITECTURAL OVERVIEW REVISED 6 NOVEMBER 2018

Enterprise file sync and share using Citrix ShareFile and IBM Storwize V7000 Unified system

IT Certification Exams Provider! Weofferfreeupdateserviceforoneyear! h ps://

Citrix Workspace Cloud

Augmenting security and management of. Office 365 with Citrix XenMobile

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Configuration Guide. BlackBerry UEM. Version 12.7 Maintenance Release 2

SAP Security in a Hybrid World. Kiran Kola

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

Safeguard protected health information with ShareFile

CNS-207-2I Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

Citrix Exam 1Y0-253 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions Version: 6.0 [ Total Questions: 186 ]

VMware AirWatch Content Gateway Guide for Windows

About This Document 3. Overview 3. System Requirements 3. Installation & Setup 4

BlackBerry UEM Configuration Guide

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

Configuring and Delivering Salesforce as a managed application to XenMobile Users with NetScaler as the SAML IDP (Identity Provider)

Setting Up Resources in VMware Identity Manager

XenApp, XenDesktop and XenMobile Integration

Citrix Workspace. Lausanne Laurent Strauss Christophe Beaugrand

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Colligo Briefcase. for Good Technology. Administrator Guide

NetScaler Gateway 10.5

VMware AirWatch Content Gateway Guide for Linux For Linux

VMware AirWatch Content Gateway Guide for Windows

Exam Questions 1Y0-371

VMware AirWatch Content Gateway Guide for Windows

VMware AirWatch Content Gateway Guide for Windows

Five9 Plus Adapter for Agent Desktop Toolkit

VMware AirWatch Content Gateway Guide For Linux

Maximize your investment in Microsoft Office 365 with Citrix Workspace

Customer Name. Citrix Cloud XenMobile Service Onboarding Handbook

AppController :20:49 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Citrix Education Learning Journey

A comprehensive security solution for enhanced mobility and productivity

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

Top. Reasons Legal Teams Select kiteworks by Accellion

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

VMware Browser Admin Guide Configuring and deploying the VMware Browser

BEST PRACTICES GUIDE MFA INTEGRATION WITH OKTA

Phil Schwan Technical

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

SSO Integration Overview

Office 365: Modern Workplace

Exam : 1Y Citrix XenApp and XenDesktop 7.15 Assessment, Design and Advanced Configurations. Title : Version : V8.02

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

VMware Browser Admin Guide Configuring and deploying the VMware Browser

Azure MFA Integration with NetScaler

1Y0-402.exam.42q.

VMware Identity Manager Administration

Storage Made Easy. Providing an Enterprise File Fabric for INVESTOR NEWSLETTER ISSUE N 3

Control and secure sensitive data while empowering business mobility with ShareFile

Cloud Secure Integration with ADFS. Deployment Guide

Office 365 and Azure Active Directory Identities In-depth

O365 Solutions. Three Phase Approach. Page 1 34

Use Microsoft EMS. to Protect your Mobile Data and Mobile Apps. Chris Nackers Nackers Consulting

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. PingIdentity PingFederate 8

Secure XenApp and XenDesktop, Embrace the Flexibility

Workspace ios Content Locker. UBC Workspace 2.0: VMware Content Locker v4.12 for ios. User Guide

Vendor: Citrix. Exam Code: 1Y Exam Name: Implementing Citrix NetScaler 10.5 for App and Desktop Solutions. Version: Demo

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

Assess: This section discusses common use cases and questions to consider when planning your deployment.

Transcription:

ShareFile Technical Presentation Joerg Vosse Senior Systems Engineer - Citrix ShareFile CEE joerg.vosse@citrix.com

ShareFile Enterprise Architecture Overview

ShareFile Document Cloud ShareFile.com ShareFile.eu SaaS application Clients Documents

ShareFile Document Cloud ShareFile.com ShareFile.eu SaaS application Business logic Web application Reporting Clients Mobile, Windows, Outlook, OS X, Web XenDesktop / XenApp Mobile Office Editor XenMobile DLP Policies Documents Citrix-managed Customer-managed Existing repositories

ShareFile Document Cloud Architecture Clients Authentication Sharefile integrated SAML 2.0 IdP Authorization Authorization SaaS Application USA or Europe Business Logic Web Application Reporting Document Storage Citrix-Managed Customer-Managed Existing Repositories

ShareFile Enterprise Clienttools Overview

Files & Folders available on any device

ShareFile Web User Interface

ShareFile Windows Synctool (Explorer)

ShareFile Mac Synctool (Finder)

ShareFile Outlook Plug-in Send or request files from Outlook using ShareFile plug-in Control attachment policy, link expiration, and access

ShareFile Mobile Client Personal Folders Shared Folders Favorite Folders Network Drives (R/W) SharePoint Document Libraries (R/W)

ShareFile Mobile Client (new design)

Built-in Mobile Content Editor

Microsoft Office Web Apps Integration HTML rendering of Microsoft Office and Adobe PDF documents Supported with Citrixmanaged StorageZones (only) today Rich file interaction without requiring download Leverages Microsoft web app viewer ᵒ PowerPoint animations ᵒ Excel calculations ᵒ MS Word & PDF rendering

ShareFile Enterprise In Virtual Environments

XenDesktop / XenApp integration Use Citrix Receiver to access published application or desktop Open ShareFile documents from a published application

XenDesktop / XenApp integration Use Citrix Receiver to access published application or desktop Open ShareFile documents from a published desktop

Without On-Demand Sync Every login to non-persistent desktop Full file download of ᵒ My Files & Folders ᵒ Shared Folders (if configured) Likely to cause a capacity issue on PVS or MCS differencing disk Increased write IO during sync

With On-Demand Sync Designed for XenDesktop and XenApp Same look & feel as normal Windows Sync 4 KB placeholder for each file Only brings over files when required ᵒ Copy ᵒ Opening/editing in application Files are uploaded when changed During next login the locally sync d files are deleted

Before & After On-Demand Sync Without On-Demand Sync - 20 MB With On-Demand Sync 4 KB

ShareFile Enterprise Secure File Sharing

Anonymous - Download

Contact Info Request - Download

Require Client Login - Download

ShareFile Enterprise Enterprise Security Controls

ShareFile Mobile Device Security Encryption at rest / in-transit Offline / Online access to files Device Restrictions File Self Destruct (Poison Pill) Passcode / Pin Code Modified Device Detection External Applications

ShareFile Mobile Device Security Encryption at rest Requires passcode Poison Pill Lost device protection / data expiration Remote Wipe Wipes only ShareFile app data Disable External Applications Prevent Open In 3rd party apps Provided by ShareFile Poison Pill Require password Data retention Encrypt files at rest Passcode lock Device lock Jail-break detection Remote wipe Wipe status and auditing Disable external applications Secure Sharing Network IP restrictions Session inactivity timeout

Mobile DLP Controls with XenMobile Provided by ShareFile Disable download Require password Data retention Encrypt files at rest Passcode lock Device lock Jail-break detection Remote wipe Wipe status and auditing Disable external applications Secure Sharing Network IP restrictions Session inactivity timeout Constrain clipboard cut and copy Constrain clipboard paste Constrain external applications Constrain URL Schemes Block camera Block microphone Block screen capture Block email compose Disable print Require Citrix Worx Home authentication Provided by MDX Wrapping Define maximum offline period Require regular re-authentication Wipe data after security event Online access only Constrain Wi-Fi networks Require internal network Constrain network access App update grace period Require device encryption Require device pattern screen lock

Mobile Device Deployment Public App Store Mobile Application Management (MAM) Mobile Device Management (MDM)

Mobile Device Deployment Public App Store Mobile Application Management (MAM) Mobile Device Management (MDM)

Windows / OS X Device Registration Restricts login to devices only with a valid access key

Sharing Controls Blacklist / Whitelist Prohibit sharing with specific email domains Restrict sharing to only specific email domains Require Client Login Disables anonymous sharing of documents Restricts ability for recipients to forward shared documents to someone else Client 2-step verification 2-step verification on untrusted devices using SMS messages, Google Authenticator

ShareFile Enterprise Storage Zones

ShareFile with StorageZones Choose where your data is stored Cloud On-Prem Best economics, most elastic Meet compliance & security requirements

ShareFile with StorageZones Choose where your data is stored Cloud On-Prem Existing Systems Best economics, most elastic Meet compliance & security requirements StorageZone Connectors Mobile productivity with existing data sources

ShareFile with Citrix-managed StorageZones ShareFile.com Object Store

ShareFile with customer-managed StorageZones Object Store

ShareFile StorageZones ShareFile.com Object Store Citrix-managed Customer-managed Network Shares StorageZone Connectors Existing Systems

ShareFile StorageZone options Object Store Cloud-optimized storage technology Either Citrix-managed or customer-managed Full ShareFile feature set (Sync, Send/Share, retention, versioning, etc.) Existing Systems Network shares, SharePoint Typically in customer datacenter Feature set determined by repositories capabilities

ShareFile Enterprise Authentication Options

Authentication Options ShareFile Managed Customer IdP Uses email address and a ShareFile password Passwords are stored hashed in the ShareFile Control Plane Admin portal supports password policy management Requires customer provided and configured SAML 2.0 identity provider Supports Forms, Basic, and Windows Integrated protocols Tested with ADFS 2.0, PingFederate, SiteMinder, Okta Supported only with Enterprise tools Unified storefront for all applications, data and services Instant user provisioning and deprovisioning Single sign-on with Citrix Worx Real-time SaaS application monitoring Comprehensive access control policies

SAML Authentication Employee account is still required in ShareFile Folder Access Control Licensing Employees will be matched by email address Employee password will never be sent to SaaS Application Tier ShareFile Authentication can be blocked for Employee users Basic, Integrated Windows Authentication, and Forms are supported for all Enterprise clients

SAML How it works Client 1 Client requests ShareFile SSO login URL 2 Client discovers identity provider 3 Client redirected to identify provider 4 Client requests identity provider URL 71 82 93 4 5 User has access 5 Identity Provider identifies the user 6 User is authenticated and is redirected to Assertion Consumer Service URL with SAML response 7 User agent requests ACS URL 8 ACS validates SAML response and redirects user agent to ShareFile URL 6 9 User agent requests ShareFile URL Service Provider (sharefile.com) Identity Provider (e.g. XenMobile, ADFS)

IdP / SP Authentication ShareFile.com SAML Service Provider (SP) Trust SAML Identity Provider (IdP) LDAP Customer Active Directory Rights Claims Signed

So how do we get the Identity? <NameID Format="urn:oasis:names:tc:SAML:1.1:nameidformat:emailAddress">joel.stocker@citrix.com</NameID>... Attribute Store (AD) Rule Transform Claims

SAML: IDP-Initiated Sign-On SAML Identity Provider (IDP) ShareFile.com Service Provier (SP) Go to sharefile.com 302 + Claims https://account.sharefile.com/saml/acs + Claims

SAML: SP-Initiated Sign-On SAML Identity Provider (IDP) ShareFile.com Service Provider (SP) https://account.sharefile.com/saml/login 302 + Request../adfs/ls + Request 401(Auth Challenge)../adfs/ls + Request + 302 + Claims https://account.sharefile.com/saml/acs + Claims

ShareFile Enterprise User Provisioning

Manual

Bulk Import

User Management Tool

XenMobile AppController

ShareFile Enterprise API

Solutions Through Platforms Clients Platform V3 API ShareFile Connectors SDK (Data Sources) Partners

Web SharePoint Desktop Apps Mobile Apps Network Shares Personal Cloud ShareFile Platform.NET SDK Objective-C SDK Java SDK Javascript SDK Connectors SDK PowerShell SDK RESTful API ShareFile

ShareFile Developer

ShareFile Enterprise Communications & Diagrams

Client Communication Clients Mobile, Windows, Outlook, OS X, Web XenDesktop / XenApp ShareFile.com SAML IdP XenMobile Microsoft ADFS v2 CA SiteMinder Ping Federate/Identity SaaS Application Tier *.sharefile.com *.sharefile.eu 173.199.5.0/24 78.108.127.0/24 S Z C Documents StorageZones Controller Amazon, Azure, on-premises

StorageZones Controller Req & Communication StorageZones Controller Windows Server 2008 R2 or 2012 R2 IIS Services with ASP.NET.NET Framework 4.5 2 vcpu, 4GB RAM Public IP address with DNS Public SSL certificate SZC SZ C ShareFile.com Object Store SaaS Application Tier *.sharefile.com 173.199.5.0/24 *.sharefile.eu 78.108.127.0/24 ShareFile Data CIFS/SMB file share Service account SharePoint http/https Network Shares Network Shares CIFS/SMB Internal

External Firewall Internal Firewall ShareFile StorageZones Networking Diagram FQDN on External DNS with valid Public SSL cert Port 443 Port 80 or 443 (recommended) ShareFIle StorageZone Controller(s) (physical or virtual) DMZ Proxy (e.g. NetScaler) Port 80 on localhost health check Inbound from * on Port 443 Outbound to *.sharefile.com 173.199.5.0/24 *.sharefile.eu 78.108.127.0/24 Port 443 Port 80 on localhost health check

Optional Internet & Remote Users DMZ Internal Network Port 443 Worx Mail Worx Web Worx Home App Controller SZC.company.com ShareFile Client Device Manager Port 80 or 443 NetScaler StorageZone Controller Port 443 Port 443 App Controller User Provisioning Port 80 or 443 SharePoint SMB Optional Port 443 File Server Port 389 or 636 Port 389 or 636 Citrix-Managed Customer- Managed Active Directory

Optional Internet & Remote Users DMZ Internal Network Port 80 or 443 IdP SZC.company.com ShareFile Port 80 or 443 NetScaler StorageZone Controller Port 443 Port 443 App Controller User Provisioning Port 80 or 443 SharePoint SMB Optional Port 443 File Server Port 389 or 636 Port 389 or 636 Citrix-Managed Customer- Managed Active Directory

App Communication /saml/login SSO URL Download / Upload URL ShareFile.com Identity Provider SSO Data / Connectors NetScaler SZC C StorageZone Controller Internet DMZ Internal Network

ShareFile & XenMobile AppController ShareFile Docs.mdx ShareFile_SAML_SP Netscaler AppController

Inserting NetScaler ShareFile.com NetScaler Hash Validation StorageZones Controllers StorageZone request Load Balancing vserver StorageZone request / Content Switching vserver CIFS/SharePoint request Load Balancing vserver w/auth CIFS request /cifs LDAP SharePoint request /sp Authentication

NetScaler ShareFile Data Flow NetScaler StorageZone Controllers ShareFile.com Hash Validation Content Switching vserver StorageZone request StorageZone Load request Balancing vserver /

NetScaler ShareFile Data Flow NetScaler StorageZone Controllers ShareFile.com AAA Authentication CIFS request /cifs Content Switching vserver CIFS or SharePoint request LDAP Load Balancing vserver SharePoint request /sp

Q & A

Work better. Live better.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback