ShareFile Enterprise – to Mobility and beyond!

With so many customers looking at ShareFile I often get asked how it works and where does the data get saved and sync’d. In this blog, I will give you a quick overview of ShareFile Enterprise and some of the useful tools you can use for accessing, sharing and syncing your files and data to a secure location in your data centre.

ShareFile is a Citrix product that competes directly with Dropbox, Google Drive and other online file sync tools of which there are now dozens available – all with cloud storage, some with on premise and varying security standards. With ShareFile you can store data in the cloud and in your data centre as well as getting access to your existing file server resources and NAS drives in your secure network.  For full details, check out the Citrix web site – but here is a quick overview for now. 

sf1

The StorageZone Controller provides users with secure access to SharePoint document libraries and network file drives through Storage Zones Connectors. Users log onto ShareFile from their mobile device and retrieve a list of enterprise data repositories, which may include network drives and SharePoint document libraries.

After choosing an enterprise resource, the user authenticates with the StorageZone Controller using their company credentials, and is then able to enumerate and securely transfer files between the mobile device and the customer data center.

sf2

 

All  folders here – except Internal NovoShare – are hosted on Citrix ShareFile cloud. We have a 20gb cloud store. By default, all users’ folders are on the internal storage.

The Internal NovoShare is an iSCSI attached NAS with 3TB data available to staff. This is called a StorageZone, and runs on an internal Windows 2008 R2 server and gives our users about 20Gb each.

sf3

Being ISO certified, all our key data resides in a secure data center with very controlled access. Only our BCP documents would be stored in the Citrix cloud for emergencies.

Below – Connectors – links into your existing NTFS shares and SharePoint document repositories. New connectors can link into DropBox and other storage to enable migration or two way collaboration.

sf4

All of these folders are residing in our secure hosted data center. None of the files get sent to the Citrix Cloud – which only acts as a broker and authentication.

Single Sign-On from AD

Logging into the MDM portal on a browser, allows you to click on ShareFile – and seamlessly login to the ShareFile web site.

sf5

SAML single sign-on can also be enabled for using the /SAML/login extension to the normal web portal.

Outlook Plugin

sf6

 

 

 

 

This is very useful and allows files to be attached easily from ShareFile –  and to attach new files, that are then sent into ShareFile instead of emailed to multiple recipients.

Desktop Widget

Allows you to browse into your files and folders from a Windows/Mac desktop.

sf7

Sync Tool

Sync Tools allows you to sync local folders up to your ShareFile storage.

sf8

So, if your local laptop drive is encrypted as it should be , you can sync all or some of the data files to the Sharefile cloud folders.

Citrix World Wide ShareFile

sf9

Citrix ShareFile uses a “Control Plane” – sharefile.com and sharefile.eu, are used for broker authentication and location of data when hosted.  For example, European customers can choose to have the data in .eu. The Control Plane provides users with a list of files and folders, but doesn’t hold them in the Citrix cloud if they are onsite – instead, the device is directed to the on premise store.

sf10

Guest users and other contacts can be given access to shares and files very easily for single download or time restricted periods. FTP service? – no problem. Customizing your web portal is also very easy and provides a nice familiar interface for users. Various administrative rights can be delegated, and folder permissions granted so you can allow other users to control access and content.

ShareFile Enterprise is available as a separate product. However, if you are also considering an enterprise mobile device management (MDM) solution  Citrix XenMobile Enterprise includes ShareFile Enterprise for just a few dollars more than ShareFile on its own. Definitely worth checking that out. Free 30 days trial also available on request.

 

Some useful links:

Main product information

http://www.sharefile.com/

ShareFile for Health

http://www.sharefile.com/industries/Healthcare/?src=direct&v=e&cat=1

Security

http://www.citrix.com/products/sharefile/features/secure-by-design.html

Choose where data is stored

http://www.citrix.com/products/sharefile/features/storagezones.html

Planning your XenMobile MDM Pilot

Mobile Device Management has been around for a few years now for iPads and Androids devices, and of course BlackBerry has been doing BES for much longer. I have been doing a few MDM installs recently with Citrix XenMobile MDM. This is now in version 8.6 and was already in version 7 when Citrix purchased Zenprise, one of the market leaders in December 2012.

If you’re looking at deploying Citrix XenMobile MDM in a pilot make sure you check through the installation guide, the References Architecture and the MDM Deployment kit if you can get your hands on one. These will help you plan for the infrastructure you need to put in place.

You also need to decide the limits of your POC. Do you just want to look at the device management, security and inventory? Or do you want the whole Enterprise solution with your own corporate app store, micro-vpn into the LAN and secure apps that you can sandbox and have full control over?

For Enterprise MDM, Citrix have bundled ShareFile Enterprise which make the whole solution even more appealing if you want to enable secure file access into your corporate shares and encrypted ShareFile repository. Indeed, the combined features of XenMobile MDM, Worx corporate app store and ShareFile make the enterprise solution very appealing as it would take 2-3 other vendors’ products to do all of these.

Some questions to start you off..

  • What infrastructure servers will I need?
  • Have I got external IPs?
  • What type of devices will I need to control? (Apple, Android, Windows Mobile etc)
  • What users will I target for the pilot?
  • Will I let them use their own device?
  • Have you updated any use policies and got users to sign?
  • What are the implications for controlling personnel devices?
  • Will the project include ShareFile?
  • What SSL certs will I need?
  • Is there a budget for installation and licensing?
  • Have I got a project plan and success criteria sorted?

 

Pre-Requisites

Once you have worked out the answer to the questions above..you’ll need to get the following sorted out well in advance of installation.

  • External IP/ports – get your change control submitted to Firewall manager in good time.
  • DNS – make sure you have external DNS records for CAG,MDM and ShareFile.
  • SSL – You will need at least two external SSL certs or wildcard. You will also need another 2-3 internal certs for App Controller and StoreFront internally.
  • DUNS Number – Dun and Bradstreet ID from www.dnb.co.uk/ – for Apple Dev Kit
  • Apple Enterprise Developer Kit from Apple at $299 + APNS Certificate
  • NetScaler – you will need a NetScaler with virtual CAG

The last two go together, and you need to get that DUNS number 4-5 weeks before you apply for the Apple Ent. Dev kit.

When Applying for that Apple Dev Kit, make sure you are the project manager or someone who can say they have authority to purchase the kit from Apple – otherwise they won’t talk to you if you need to call support.

The Apple kit is required for pushing secure apps to iOS devices and for packaging the Worx app son iOS and Android. The Apple Push Notification Service (APNS) is required for installation. This is a certificate for your MDM server that you need to email to Citrix, then post into your Apple account to generate an APNS certificate. This is required just to install the MDM software.

If you don’t already have one –you’ll need NetScaler to provide secure access into the Worx Store which resides on the App Controller component, and the StoreFront server for XenApp/XenDesktop access. It also provides the micro-vpn for access to internal web and mail.

Devices

Beware of any documentation or sales blurb that promises that any MDM solution will work on every device with every OS. The dream of BYOD for everyone may be possible, just –  but probably with some limitations to certain functionality.

For example, HTC Desire X and 500 models with android 4.1.2 simply won’t load the Citrix Worx Mail client, while a Samsung model with 4.1.2 works perfectly. All the MDM policies work fine. Documentation for the various components in the Enterprise MDM has different supported levels of Android OS and Android SDK API for Worx apps and the micro-vpn so worth checking.

If possible, make sure your Android device has latest build and is at least in support and not End Of Life in terms of downloads and updates to core OS components.

Apple devices are easier to support as there is only one hardware platform, albeit with 2-3 iOS version out there. MDM 8.6 has support for latest iOS 7.

References:

Citrix, (2013) MDM Editions Data Sheet [Online] Available from: http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-xenmobile-the-revolutionary-way-to-mobilize-your-business.pdf

Citrix (2013) Reference Architecture for Mobile Device and App Management [Online] Available from: http://www.citrix.com/content/dam/citrix/en_us/documents/products/citrix-reference-architecture-for-mobile-device-and-app-management.pdf

Citrix (2013) Compare XenMobile to the competition [Online] Available from: http://www.citrix.com/products/xenmobile/how-it-helps/compare.html

Dun and Bradstreet (2013) DUNS Number [Online] Available from: http://www.dnb.co.uk/dandb-duns-number

Apple (2013) iOS Developer Enterprise Program [Online] Available from: https://developer.apple.com/programs/ios/enterprise/