Slide 1

ShareFile Technical Overview Slide 2 Agenda Slide 3 Introduction to ShareFile Enterprise High-Level Architecture Availability and Redundancy StorageZones Security Authentication Follow-me-data with Citrix CloudGateway & Receiver Wrap-up Slide 4 ShareFile Introduction Slide 5 Enables file sharing with anyone Syncs data across all devices Online file sharing spaces for virtual teams Selective offline access on mobile devices Data protection Encryption Device lock Remote wipe Poison-pill Slide 6 Why ShareFile? Enable workforce mobility & BYOD Address the Dropbox-Problem Simple and secure data sharing Fellow employees Team collaboration Clients, 3 rd party collaboration Enhanced productivity Slide 7 Alternative Protocol (Cloud SZ) Broad Device, Workflow and Protocol Support Desktop Apps Automation Mobile Apps Mobile Site iPhoneAndroid BlackBerry Windows 7 Phone iPad Android Tablet Outlook Plug-in Mac OS Sync Browser Windows Sync Command Line Interface* Slide 8 ShareFile High-level Architecture Slide 9 ShareFile with Citrix managed StorageZones DB *.sharefile.com *.sf-api.com Storage Center (EC2) S3 Account info Brokering Reporting Access Control Account info Brokering Reporting Access Control Control Plane Storage Centers Backend Storage Various Locations WW Storage Centers Backend Storage Various Locations WW StorageZones Client Slide 10 ShareFile Current Architecture With Citrix managed StorageZones Slide 11 ShareFile Control Plane SQL Cluster SQL Cluster Load balancing Webservers main app API Webservers Replication to DR Datacenter TLS/SSL AES-256 Encryption DMZ No Client Files File Metadata Account Data No Client Files File Metadata Account Data Load balancing Client Slide 12 Storage EBS ShareFile StorageZones Storage Centers TLS/SSL AES-256 Encryption Client Storage EC2 S3 Utility Servers AES-256 Encryption Cache File Processing Anti Virus & Thumbnailing Full Text Index Backup Anti Virus & Thumbnailing Full Text Index Backup Elastic Block Storage S3 Commit AES-256 Encryption FTP Servers FTP/FTPS Encrypted Backup to 3 rd Party Datacenter Backup S3 99.99% availability and 99.999999999% durability Slide 13 Storage EBS ShareFile StorageZones - Download Storage Centers TLS/SSL AES-256 Encryption Client Storage EC2 S3 Elastic Block Storage FTP Servers FTP/FTPS Slide 14 Availability and Redundancy Slide 15 Availability Information Real-time backup to Citrix data center Automatic failover (if necessary) Lazy file deletion to support file recovery Slide 16 ShareFile StorageZones Slide 17 Now available for all ShareFile Enterprise accounts Store files in customer-managed StorageZones, in Citrix-managed StorageZones or both Technology proven in the Cloud Seamless user experience Slide 18 Why StorageZones? Meet unique compliance and data sovereignty requirements by storing data On-Prem Optimize end user performance by placing files and folders in close proximity Compliance Performance Slide 19 ShareFile - Citrix managed StorageZones DB *.sharefile.com *.sf-api.com Storage Center (EC2) S3 Account info Brokering Reporting Access Control Account info Brokering Reporting Access Control Control Plane Storage Centers Backend Storage Various Locations WW Storage Centers Backend Storage Various Locations WW StorageZones Client Slide 20 Storage Center (EC2) S3 Citrix managed and On-Prem StorageZones Account info Brokering Reporting Access Control Account info Brokering Reporting Access Control Control Plane Client Customer Datacenter Storage Center (Windows IIS) CIFS Storage Centers Backend Storage In customer Datacenter(s) Hybrid with cloud Storage Centers Backend Storage In customer Datacenter(s) Hybrid with cloud StorageZones DB *.sharefile.com *.sf-api.com Slide 21 Citrix managed StorageZones Control Plane Customer managed StorageZones 21 Slide 22 ShareFile European Control Plane https://.sharefile.eu Enterprise Accounts available in Q4 High Performance User Proximity Government Compliance In Citrix Online datacenter in Germany Slide 23 Using StorageZones Slide 24 StorageZones can be set on User-level Root Folder-level Slide 25 Using StorageZones Slide 26 On-Prem Deployment Models Slide 27 Proof of Concept Deployment Firewall Storage Center https Public Internet IP10.0.0.1 10.0.0.20 Slide 28 HA Deployment Storage Center https Public Internet IP 210.0.0.1 Storage Center https 10.0.0.21 Storage Center 10.0.0.20 Storage https Public Internet IP 1 Firewall Slide 29 Secure DMZ Deployment http or https https Public Internet IP 10.0.0.1 Storage Center 10.0.0.21 Storage Center 10.0.0.20 Storage Firewall http or https Slide 30 StorageZones Setup Slide 31 On-premise StorageZones Requirements Windows 2008 Server R2 IIS Web Services role with ASP.NET Microsoft.NET 4.0 A public-resolvable internet hostname An SSL certificate for the above Public, Windows accepted Certificate Authority Self-signed or unsigned certificates are not supported Slide 32 IIS Configuration Install SSL certificate and bind certificate to https port 443 Not needed when using DMZ proxy ISAPI and CGI Restrictions ASP.NET v4.0.x needs to be set to Allowed Slide 33 Storage Center Installation Slide 34 Storage Center Configuration Slide 35 Shared Storage Configuration CIFS Share Access Storage Centers will access the Share using the StorageCenterAppPool user Application Pools StorageCenterAppPool Advanced Setting Identity Additional permission settings documented in eDocs Slide 36 Troubleshooting StorageZones Slide 37 Basic Troubleshooting Ensure you type without port or https & check for typos on Configuration Page Ensure on Enterprise account with SZ Make sure user account has SZ admin permissions Check if Storage Center URL is accessible from outside Check file share for creation of directories Check if SCKeys.txt is created in root of file share Logs! Slide 38 Demonstration of StorageZones Slide 39 ShareFile Security Slide 40 Security Information SSAE 16 audited data centers SSL Encryption in transit AES 256-bit encryption at rest All uploaded files scanned for viruses Daily scans for McAfee SECURE accreditation All ShareFile servers protected by dedicated firewalls Slide 41 Standard Download Security Client Control Plane StorageZones 1 1 Client requests a file 2 Prepare message send to Storage Center 3 HMAC is validated 5 Client receives download URL with HMAC 6 Client requests download 7 HMAC is validated 8 Storage Center gets file from storage 9 Download starts 2 Storage Center Storage Main App/ API servers DB Shared Secret (trust) 3 5 6 7 8 9 4 4 Storage Center confirms validity Slide 42 Trust & Encryption On-Premise StorageZones StorageZones Storage Center Shared Secret (trust) DB *.sharefile.com *.sf-api.com Storage Shared Key created when StorageZone is created Storage encryption key created when StorageZone is created Encryption Key is encrypted by Passphrase when Storage Center is configured Slide 43 DMZ Download Security with On-Prem StorageZones NetScaler can handle incoming HMACs Security Best Practice Connections with bad requests will not enter the internal network Documented in admin guide on eDocs StoragZone Storage Center 1 NetScaler strips HMAC from URI 2 NetScaler sends URI & HMAC to Storage Center 3 HMAC is validated by Storage Center 5 Process Completes 4 Storage Center sends confirmation to NS 15 2 4 3 Slide 44 ShareFile Authentication Slide 45 ShareFile Authentication Options Built-in Authentication Uses combination of email address and password Passwords are stored hashed in database SAML Support Broad Identity Provide Support, including ADFS CloudGateway Offers user provisioning functionality Receiver integration Recommended, especially for existing Citrix customer Slide 46 Enterprise Active Directory Options Requires customer provided and configured SAML provider Microsoft ADFS Support Also supports popular Identity Providers such as: OneLogin CA SiteMinder PingIdentity PingFederate SalesForce Unified storefront for all applications, data and services Instant user provisioning and de- provisioning Fully integrated with Receiver Real-time SaaS application monitoring Comprehensive access control policies SAML 2.0 Support Slide 47 SAML Authentication User account is still required in ShareFile Folder Access Control Licensing Users will be matched by email address Identity Provider Password will never be send to Control Plane Password reset can be disabled Requires tools to be SAML-aware ShareFile web site and iPad app are today with other tool support coming Slide 48 7 8 9 1 2 3 Service Provider (sharefile.com) Identity Provider (e.g. CloudGateway, ADFS) 4 5 6 1 Client requests ShareFile SSO login URL 2 Client discovers identity provider 3 Client redirected to identify provider 4 Client requests identity provider URL 5 Identity Provider identifies the user 6 User is authenticated and is redirected to Assertion Consumer Service URL with SAML response 7 User agent requests ACS URL 8 ACS validates SAML response and redirects user agent to ShareFile URL 9 User agent requests ShareFile URL User has access SAML How it works Client Slide 49 ShareFile Account Creation User creation can be done manually One-by-one Import from Excel spreadsheet User is provisioned through CloudGateway User Management Tool Slide 50 Creates ShareFile user accounts and distribution lists based on AD users and groups Option to notify users of account creation Ability to select default StorageZone for users Easy process for keeping AD and SF in sync Slide 51 Citrix CloudGateway & Receiver Follow-me-data Slide 52 PC Mac Smartphone Tablet Thin Client StoreFront services Content Controllers Access Gateway services Slide 53 Slide 54 Slide 55 Technology Preview ShareFile StorageZone Connectors Slide 56 #CitrixSynergy ShareFile StorageZone Connectors for Network Shares 56 ShareFile Personal Folder ShareFile Team Folder Existing Network Share Citrix Confidential - Do Not Distribute Slide 57 Wrap Up Slide 58 Citrix ShareFile Robust filesharing technology designed for the Enterprise SaaS model with Cloud and On-premise options Secure AD Authentication options CloudGateway Integration available soon Slide 59 Work better. Live better.