ShareFile Restricted Zones

The views, opinions expressed are those by the author of this entry only.

What are ShareFile Restricted Zones?
Citrix ShareFile recently introduced a feature known as restricted zones which now allows CTX Mobility Admins (SysAdmins) with the ability to encrypt there ShareFile metadata with on-prem keys prior to uploading your On-Prem StorageZone (SZ) metadata to the ShareFile SaaS tier often referred to as the ShareFile Control Plane. Historically you could not encrypt your ShareFile metadata but you always been able to encrypt your ShareFile data within your On-Prem SZ as described at – http://support.citrix.com/proddocs/topic/sharefile-storagezones-31/sf-install-sz-controller.html.
ShareFile data is where your actual files and folders are stored e.g Word documents, Images, PowerPoint presentations etc. within your SZ. ShareFile metadata contains data about data (e.g user & file info) and read a full detailed overview on page 7 of the ShareFile security whitepaper available at – https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/sharefile-enterprise-security-whitepaper.pdf. Finally it is very important to understand when you enable a restricted zone that only employee’s within your Active Directory (AD) are able to access this SZ and this feature is only available with on-prem customer managed ShareFile SZ.

System Requirements & Installation
You require StorageZones Controller 3.1 or higher which can be downloaded at – http://www.citrix.com/content/citrix/en_us/downloads/sharefile.html and a full list of the system requirements is available at – http://support.citrix.com/proddocs/topic/sharefile-storagezones-31/sf-storagezones-sys-reqs.html. Once you’ve downloaded the software then begin preparing Windows Server, networking & certificate requirements following these instruction’s detailed at – http://support.citrix.com/proddocs/topic/sharefile-storagezones-31/sf-install-storagezones.html/

Standard vs. Restricted Zones
It is important to understand that the traffic flows between a tradition standard and restricted SZ are different so be sure to spend time reviewing each diagram at – http://support.citrix.com/proddocs/topic/sharefile-storagezones-31/sf-deploy.html. It is also important to note that any/all e-mail notifications sent for a configured restricted zones are sent via your organisations local SMTP servers instead of the ShareFile SMTP servers.