Citrix ShareFile Enterprise: a technical overview citrix.com

Similar documents
Secure File Sharing and Real-Time Mobile Access to Business Data with Citrix ShareFile

Citrix Education Learning Journey

Safeguard protected health information with ShareFile

Guide to Deploying NetScaler as an Active Directory Federation Services Proxy

Empower a Mobile Workforce with Secure App Delivery

Citrix Education Learning Journey

Citrix CloudBridge Product Overview

Windows Server 2003 Migration with Citrix App and Desktop Delivery

Desktop virtualization for all

Welcome to the new Citrix Product Documentation site

Deploying NetScaler with Microsoft Exchange 2016

How to Access Protected Health Information from Anywhere and Stay Compliant

Accelerate Graphics in Virtual Environments

Design and deliver cloud-based apps and data for flexible, on-demand IT

A comprehensive security solution for enhanced mobility and productivity

XenMobile Technology Overview

Control and secure sensitive data while empowering business mobility with ShareFile

Top three reasons to deliver web apps with application virtualization

What is an application delivery controller?

Adding XenMobile Users to an Existing XenDesktop Environment

Secure app and data delivery across devices, networks and locations

Maximize your investment in Microsoft Office 365 with Citrix Workspace

Top Five Requirements for Secure Enterprise File Sync and Sharing

DaaS Market Report Workspace Services and Desktops-as-a-Service Global Market Trends: The Service Provider Perspective

Secure XenApp and XenDesktop, Embrace the Flexibility

Citrix Mobile Solutions technology overview

Security in Higher Education: A Model for the Modern Institution

Remote access to enterprise PCs

XenApp, XenDesktop and XenMobile Integration

Citrix ShareFile Share, store, sync, and secure data on any device, anywhere

White Paper. Deployment Practices and Guidelines for NetScaler 10.1 on Amazon Web Services. citrix.com

ShareFile Technical Presentation

White Paper Taking Windows Mobile on Any Device Taking Windows Mobile on Any Device

Citrix Consulting. Guide to Consulting Methodology and Services

Enterprise file sync and share using Citrix ShareFile and IBM Storwize V7000 Unified system

Deliver a seamless user experience for Windows apps on Chromebooks

Oracle PeopleSoft 9.2 with NetScaler for Global Server Load Balancing

Five reasons to choose Citrix XenServer

Mobilize with Enterprise Security and a Productive User Experience

Augmenting security and management of. Office 365 with Citrix XenMobile

Client virtualization secrets of a savvy IT director

Mobilizing Windows apps

Unified Endpoint Management: Security and productivity for the digital workspace

Solutions Brief. Unified Communications with XenApp and XenDesktop. citrix.com

Storage Made Easy. Providing an Enterprise File Fabric for INVESTOR NEWSLETTER ISSUE N 3

StorageZones Controller 3.3

Highly scalable enterprise file sync and share using Citrix ShareFile and IBM Spectrum Scale

SOLUTION BRIEF Fulfill the promise of the cloud

Features. HDX WAN optimization. QoS

Citrix SD-WAN for Optimal Office 365 Connectivity and Performance

Providing an Enterprise File Share and Sync Solution for

StorageZones Controller 3.4

Balancing BYOD and Security. A Guide for Secure Mobility in Today s Digital Era

Storage Made Easy. Mirantis

Welcome to your Citrix User Adoption Kit

Storage Made Easy. SoftLayer

Citrix XenDesktop White Paper. How to provide unmatched availability, performance and security for Citrix XenDesktop.

Safeguard Application Uptime and Consistent Performance

Citrix Tech Zone Citrix Product Documentation docs.citrix.com November 13, 2018

Azure MFA Integration with NetScaler

Datasheet. Only Workspaces delivers the features users want and the control that IT needs.

Maximize your move to Microsoft in the cloud

White Paper. Why choose NetScaler. Discover 9 ways NetScaler outperforms the competition. citrix.com

WHITEPAPER. Security overview. podio.com

High availability and disaster recovery with Microsoft, Citrix and HP

Top. Reasons Legal Teams Select kiteworks by Accellion

Citrix Workspace. Lausanne Laurent Strauss Christophe Beaugrand

VMware vcloud Networking and Security Overview

DEPLOYMENT GUIDE Amazon EC2 Security Groups. Deployment Guide. Security Groups Amazon EC2.

Welcome! Securely Sync, Store & Share with Citrix ShareFile

The Nasuni Security Model

Centrify Identity Services for AWS

Microsoft IT deploys Work Folders as an enterprise client data management solution

Powering the world s largest clouds with an open approach

SECURE, FLEXIBLE ON-PREMISE STORAGE WITH EMC SYNCPLICITY AND EMC ISILON

Citrix XenMobile and Windows 10

User Management Tool

Improve the XenApp or XenDesktop experience for branch and mobile workers with CloudBridge

Cisco Cloud Services Router 1000V and Amazon Web Services CASE STUDY

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

#1 Enterprise File Share, Sync, Backup and Mobile Access for Business

Windows 7 made easier with Citrix XenDesktop

Your Adoption Kit for Citrix Workspace Standard

Configuring and Delivering Salesforce as a managed application to XenMobile Users with NetScaler as the SAML IDP (Identity Provider)

Cisco ACI and Citrix NetScaler: Opening the Way to Data Center Agility

Installation Guide. Citrix License Server VPX v1.01

MDM and beyond: Rethinking mobile security in a BYOD world

EBOOK: VMware Cloud on AWS: Optimized for the Next-Generation Hybrid Cloud

Improve the XenApp and XenDesktop experience for branch and mobile workers with NetScaler SD-WAN

#1 Enterprise File Share, Sync, Backup and Mobile Access for Business

Deployment Guide. Policy Engine (PE) Deployment Guide. A Technical Reference

Virtual desktop acquisition cost analysis

Evolved Backup and Recovery for the Enterprise

Centrify for Dropbox Deployment Guide

ShareFile Enterprise Security White Paper

An Enterprise Approach to Mobile File Access and Sharing

SECURE DATA EXCHANGE

Addressing Today s Endpoint Security Challenges

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

Providing an Enterprise File Share and Sync Solution for

Transcription:

Citrix ShareFile Enterprise: a technical overview White Paper Citrix ShareFile Enterprise: a technical overview

2 The role of IT organizations is changing rapidly as the forces of consumerization pose new challenges. IT is transitioning from the sole provider of user services to an aggregator and administrator for both in-house and third-party services, devices and applications. In the wake of this transition, IT must be prepared for everything that employees are bringing to work, including personal devices and applications. Mobile workstyles the notion that employees should be able to work from the most optimal location prompted IT to look for solutions that could support flexible working while ensuring employees remained productive. Employees also started using personal devices at work, which led some IT organizations to adopt a formal bring your own device (BYOD) strategy. These trends, along with continued growth in dispersed and global workforces, clientele and operations, drove the need for instant access to data for easy collaboration. However, the lack of an IT-managed data sharing and syncing service led employees to turn to unsecure, consumer-style file sharing products for self-service access to their files, as well as the ability to share those files with others within and outside their organization. Such solutions, unfortunately, put sensitive corporate data, regulated data and intellectual property at risk. Simply blocking these unsecure services without providing a secure and ITmanaged alternative will result in user frustration and lower productivity. It will also be regressive for IT, which is emerging as a strategic organization that fosters change to increase business productivity. To help IT regain control over employee file sharing, Citrix offers Citrix ShareFile an enterprise-class, IT-managed, followme-data service. ShareFile Enterprise ShareFile is a secure and robust enterprise follow-me data solution that enables IT to meet the mobility and collaboration needs of all users. ShareFile empowers users to securely share files with anyone and to sync files across all of their devices. ShareFile seamlessly integrates with workflow tools such as Microsoft Outlook and provides a rich user experience on any device to enhance productivity. Unlike consumer-style file sync and sharing tools, ShareFile provides management and control functionality that allows IT to deliver a secure service and store enterprise data in the optimal locations to meet corporate data policies and unique compliance requirements. ShareFile is a powerful service that is simple for IT to implement and manage, requires no additional investment and can be fully integrated with existing security infrastructure and policies.

3 With ShareFile, IT can: Empower users with instant access to data in sync across all of their devices Improve collaboration and business productivity through secure file sharing with people inside and outside the organization Meet corporate data security and compliance standards via a secure service and the flexibility to store data on or off premises, or both Deliver an enterprise-class service that seamlessly integrates with the IT environment and meets mobility requirements to provide a rich experience on any device. Deliver a managed service that helps IT retain control over the way corporate data is accessed, stored and shared Product architecture The current ShareFile product architecture is a pure Software as a Service (SaaS) model and consists of two key components: Control Plane and StorageZones. The client device can request access to the follow-me data service through a native ShareFile application or tool, Citrix Receiver or any browser. Figure 1: Citrix Managed StorageZones Control Plane The Control Plane stores all user files, folders and account information and performs functions such as user authentication, access control and all other brokering functions. The Control Plane is hosted in Citrix datacenters and managed by Citrix as a service.

4 Following are the components of the Control Plane: Web servers for ShareFile web interface/web portal access. The web servers are also known as Main App. Web servers for client devices using the HTTPS API, including all native ShareFile apps and tools The clustered database stores user account information, access right information for all file and folder metadata and hashed user passwords.the database in the Control Plane does not contain any user files or user/corporate data. The database is also securely replicated to a secondary datacenter location for backup and recovery in case of a failover. Citrix NetScaler appliances are used to load balance all client requests across the web servers. The NetScaler appliances and web servers run in the demilitarized zone (DMZ) and the database cluster runs in the production network behind the firewall. All traffic from a client device, the web interface or a native tool connects to the Control Plane using 256-bit encryption. The NetScaler appliances then begin to load balance the traffic/requests across the various web servers. Once the connection with the web servers is made, they communicate with the clustered database for retrieval of requested information. Citrix-managed StorageZones StorageZones are where the customer data and files are hosted. The Citrixmanaged StorageZones are hosted in Amazon Web Services (AWS) datacenters today, with an option to store data in various AWS worldwide locations including the United States, Ireland (EU), Brazil, Japan and Singapore. The actual storage servers run on Amazon EC2 while the backend storage resides in Amazon S3. The data is stored on EC2 servers as elastic block storage (EBS) for caching and on S3 servers for persistent storage. Amazon EC2 hosts various components of StorageZones. ShareFile Storage Center is the main component managing all file operations. Other components include the utility servers responsible for antivirus, thumbnailing, full text index and backup functions. To support file transfer using FTP and FTPS, the Citrix-managed StorageZones also host dedicated FTP servers. Uploading and downloading data When a user uploads a file to his or her account, the client device first requests authorization from the Control Plane and then connects to the Storage Center using 256-bit encryption. If a file is being uploaded through FTP or FTPS, the client first connects to one of the FTP servers, which then communicates with a Storage Center server. Thereafter, the Storage Center server encrypts the file and places it in its local cache. Simultaneously, the file is put in queue for persistent storage in S3 servers. The file remains encrypted during this entire process.

5 The utility servers communicate with the Control Plane and learn about the new file that is being uploaded. They begin to fill up their respective queues for the files that require antivirus scans, thumbnail creation, full-text indexing and backup. All files on S3 are processed according to their position in the queue. When a client device requests a file, the file is delivered from the local EBS if it is in cache; otherwise it is delivered from the S3 storage. The file is decrypted by Storage Center and delivered to the client over an encrypted connection. If the downloaded file is requested through FTP or FTPS, it is delivered to the client through the FTP servers. Citrix has a service level agreement (SLA) with AWS to ensure high availability for ShareFile even in the case of hardware failures. ShareFile also creates a backup of all encrypted file data that resides in a third-party datacenter. This backup server communicates with special backup utility servers in EC2 and with backup files from S3. It is important to note that client devices communicate with both the Control Plane and the StorageZones and there is interaction between the Control Plane and the StorageZones; however, customer files never travel from the StorageZones to the Control Plane. On-Premises StorageZones Thanks to an innovative new capability, IT will soon have the flexibility to leverage On-Premises StorageZones within a private cloud, as well as to use Citrixmanaged StorageZones in multiple worldwide locations. IT will also be able to build its own solution with a customized storage model leveraging the benefits of both Citrix managed and On-Premises StorageZones. The On-Premises StorageZones option will allow IT to store data within the datacenter to meet compliance and data sovereignty requirements. With the flexibility to store data both on and off premises, IT can optimize user performance by storing data in desired proximity. Multiple storage options allow IT to build the most cost-effective solution. With the on-premises option, Citrix envisions being able to support any sort of CIFS- or NFS-based network storage system and enable access to existing on-premises file stores, such as Windows network shares and Microsoft SharePoint, to eliminate cumbersome data migration.

6 Figure 2: On-Premises StorageZones Regardless of the customer s choice of StorageZones, the Control Plane will reside in Citrix-managed secure datacenters, making this a hybrid model. The On-Premises StorageZones can have one or more Storage Center servers running on Windows Server 2008 with Internet Information Services (IIS) and can utilize local network-attached storage (NAS). The StorageZones components run inside the customer s datacenter, allowing IT to build a fully customized solution. The ability to store highly regulated data in their own datacenters and the rest in Citrixmanaged StorageZones will help organizations meet compliance requirements while benefiting from secure and effortless administration. Client connectivity and communication run the same way as for the Citrixmanaged StorageZones: customer data will not go through the Control Plane. With On-Premises StorageZones, IT can also generate encryption keys. StorageZones can be set at the user level or root folder level, allowing IT to store data based on user profile or type of data. The On-Premises StorageZones feature is now available in tech preview at StorageZones Tech Preview and will soon be generally available. Security features ShareFile architecture is secure by design. It also provides additional robust features that IT can use to control, manage and audit the use of data. Secure architecture All datacenters containing ShareFile servers are certified to SSAE 16, demonstrating high standards for security. The servers are firewall protected and regularly updated to ensure that all of the latest security patches and updates are in place. Files are transferred to and from ShareFile servers using 256-bit SSL encryption and all files are stored with AES 256-bit encryption at rest.

7 Comprehensive disaster recovery mechanisms protect against loss of data. Files are frequently backed up to a disaster recovery datacenter and mirrored in real time to a secondary server location to ensure that service can be quickly resumed in case of a disruption at the primary server location. In the event of accidental deletion of files by a user, the files can be recovered within 28 days through the lazy file deletion option. Additional security features In addition to providing a secure architecture, ShareFile offers IT a granular level of control over sensitive corporate data. Remote wipe: This feature allows both users and IT to wipe all ShareFile stored data and passwords on any device in case it is lost or stolen. In the event of a security breach, IT can remove the device from the list of devices that can access ShareFile accounts, lock the device to restrict use for a specified period or completely wipe all ShareFile data that resides on that device. End-user and IT reporting: Users can receive reports on file sharing activity within their workspaces. IT can also track and log all user activity. Users and IT can create custom reports on account usage and access. Poison pill: The poison pill feature enables IT to prescribe data expiration policies for mobile devices and activate audit controls to track user logging activity. This feature is now available in the new ShareFile app for ipad. Provisioning and authentication ShareFile offers multiple options for seamless integration with Microsoft Active Directory. CloudGateway integration: Enterprise directory integration with Citrix CloudGateway is recommended for all Citrix customers. The integration simplifies and accelerates role-based: provisioning and de-provisioning and enforces two-factor authentication with NetScaler Access Gateway. It also provides Citrix Receiver integration for a rich content editing experience through hosted applications and helps monitor service levels and license usage. SAML 2.0 support: Support for Security Assertion Markup Language (SAML) 2.0 integration is available to customers with existing SAML solutions such as Microsoft ADFS. This integration allows users to authenticate using their Active Directory credentials without passing those credentials through ShareFile. Citrix Receiver integration The combination of ShareFile, CloudGateway and Receiver provides a seamless experience as users move from device to device. These components together provide a single pane of glass along with single sign-on to all enterprise resources (apps and data). Enterprise directory integration with CloudGateway and Receiver is recommended for all Citrix customers. The integration simplifies and accelerates role-based account provisioning and de-provisioning, enforces two-factor authentication with NetScaler Access Gateway and provides a rich content editing experience on mobile devices through virtualized applications.

8 Conclusion To embrace workforce mobility and users demands for instant access to data, ShareFile Enterprise helps IT organizations retain control while improving collaboration, mobile workstyles and productivity. Citrix has long provided IT the power to deliver a rich and powerful follow-me desktops and apps experience. Now, ShareFile completes the mobility story with a rich, enterprise-ready, follow-me data solution. Enterprise follow-me data service: ShareFile Enterprise offers best-in-class follow-me data service with features that enterprise IT and users expect Flexible storage options: The innovative StorageZones feature gives IT the flexibility to choose between using Citrix-managed, secure StorageZones in multiple worldwide locations and leveraging On-Premises StorageZones within their private cloud, or to combine the two options. Managed and secure data sharing: ShareFile Enterprise is a secure, managed service with robust security features that allow IT to determine how sensitive data is stored, accessed and shared Optimized for mobile workstyles: ShareFile Enterprise helps IT embrace user mobility requirements by enabling employees to work and collaborate from anywhere, on any device Citrix understands the importance of data from the perspectives of the end user and the IT organization. Citrix continues to drive innovation by investing in new features that make the user experience more delightful and support IT goals by simplifying management, enhancing control and helping IT retain its strategic role in the organization.

9 Corporate Headquarters Fort Lauderdale, FL, USA Silicon Valley Headquarters Santa Clara, CA, USA EMEA Headquarters Schaffhausen, Switzerland India Development Center Bangalore, India Online Division Headquarters Santa Barbara, CA, USA Pacific Headquarters Hong Kong, China Latin America Headquarters Coral Gables, FL, USA UK Development Center Chalfont, United Kingdom About Citrix Citrix Systems, Inc. (NASDAQ:CTXS) is the company transforming how people, businesses and IT work and collaborate in the cloud era. With market-leading cloud, collaboration, networking and virtualization technologies, Citrix powers mobile workstyles and cloud services, making complex enterprise IT simpler and more accessible for 260,000 enterprises. Citrix touches 75 percent of Internet users each day and partners with more than 10,000 companies in 100 countries. Annual revenue in 2011 was $2.21 billion. Learn more at www.. 2012 Citrix Systems, Inc. Citrix, NetScaler, Citrix ShareFile, Citrix Receiver, CloudGateway and NetScaler Access Gateway are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are property of their respective owners. 0712/PDF

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback