Tag Archives: StorageZone

ShareFile StorageZone Controller 2.2

Leave a Reply

The following content is a brief and unofficial prerequisites guide to setup, configure and test ShareFile StorageZone Controller 2.2 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
STORAGEZONE CONTROLLER – szc
CERTIFICATE SIGNING REQUEST – csr
SHAREFILE – sf
FULLY QUALIFIED DOMAIN NAME – fqdn
SECURE LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL – (s)ldap
CERTIFICATE – cert
COMMON INTERNET FILE SYSTEM – cifs
XENMOBILE APPCONTROLLER – xac

What’s New
1:This release coupled with prior versions now integrates both the Storage Center and Controller server software packages into one unified software package now called the “ShareFile StorageZone Controller 2.2”.
2: Access your organisations trusted existing or new network CIFS shares and SharePoint sites via a ShareFile On-Prem SZC which always users to securely connect via a FQDN over 443 (HTTPS) this ensuring secure and encrypted communication between the users device and the On-Prem SZC. It is worth mentioning that your organisations datasets do not traverse the ShareFile Control Plane in any way ref – http://support.citrixonline.com/en_US/ShareFile/all_files/SF090015.
3: ShareFile also introduced an EMEA Control Plane for organisations to meet local, regional and geo requirements and or restrictions one basic example could be Safe Harbor – http://export.gov/safeharbor/ as well as preferring to have localised data centre’s within the EU to manage and handle user requests and more. Note this feature was already widely available prior to this WordPress post/blog entry.
4: For information regarding what else is new please check out – http://support.citrix.com/proddocs/topic/sharefile-storagezones-22/sf-storagezones-about-22.html.

ShareFile Security Whitepaper PDF
http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/sharefile-enterprise-security-whitepaper.pdf

Synergy SYN310: Deep Dive into ShareFile Enterprise Functionality

Deploying an On-Prem SZC (DRAFT & MAY CONTAIN ERROR(S))
1: Initially would suggest that your read/review the following CTX Article – http://support.citrix.com/article/CTX138041 and http://blogs.citrix.com/2012/03/19/saml-authentication-with-sharefile-using-ad-fs-2-0/ which covers numerous technical FAQ and may answer a number of your questions.
2: Setup a ShareFile Enterprise Account and request that On-Prem SZC be enabled against your account when setting up your account or if you already have one request that SZC be enabled by sending a email to ShareFile support – http://www.sharefile.com/company/contact-us.aspx and online help & support including videos is available at – http://support.citrixonline.com/sharefile. Verify that StorageZones are available under the Admin tab when you sign into your ShareFile sub-domain e.g xendc.sharefile.eu or axendatacentre.sharefile.com prior to continuing with the installation and configuration.
3: Prepare a Windows Server 2008 R2 and install IIS (include dependencies ASP, Basic Authentication if you want to connect to existing network shares for a PoC).
4: Setup and configure your external DNS A record e.g sharefile.axendacentre.com or sf.thedurbannatal-sharks.co.za and ensure that you can successful connect to the default IIS page on TCP Port 80.
5: Generate a CSR on the intended ShareFile On-Prem SZC for your FQDN and sign it with an external CA e.g http://www.verisign.co.uk or http://www.thawte.com e.t.c. Your are required to use an external CA as IIS self-signed or Enterprise CA certificates are not permitted and will not work with the ShareFile Control Plane. Download and install the cert response from your chosen external CA and Complete The Certificate Response in IIS.
6: Once the cert is successfully imported bind it to HTTPS (443) and the restart IIS and navigate to the FQDN via HTTPS externally to ensure that you can connect to it without any SSL cert mismatches, errors e.t.c
7: * Create a ShareFile service account within and assign full r/w access it to the intended On-Prem SZ folder located either on the local disk or secondary disk of the VM or remotely. Please do the same for your PoC Shared Area that you intend to access as an existing network share.
8: *Install the ShareFile Storage Zone Controller 2.2 software package and leave the checkbox to launch the Configuration Web Page. Once the page launches sign in with your Super Admin ShareFile Admin access details.
9: Follow the onscreen instructions which are fairly self explanatory however should you require any further help & support re the exact requirements please navigate to – http://support.citrix.com/proddocs/topic/sharefile-storagezones-22/sf-install-storagezones.html and http://support.citrix.com/proddocs/topic/sharefile-storagezones-22/sf-manage-connectors.html.
10: Please stop and ensure that you safely backup the SCKeys.txt file within the root of On-Prem SZ CIFS share to a alternative and secure location that is also backed up.
11: Provision a test user that resides within your domain and has also been created within the ShareFile Control Plane. For help with setting up users please take a look at – .
12: Ensure that your test user has permission to your intended CIFS Shared Area e.g your SZC that you setup and configured within the ShareFile Control Plane.
13: Now that you have successfully setup and configured your On-Prem SZ and SZC proceed to download a ShareFile mobile app from e.g iTunes – iPad https://itunes.apple.com/gb/app/sharefile-for-ipad-by-citrix/id440596621?mt=8, iPhone https://itunes.apple.com/gb/app/sharefile-mobile-by-citrix/id434391375?mt=8 or Google Play – https://play.google.com/store/apps/developer?id=ShareFile+by+Citrix&hl=en_GB. Once downloaded enter in your test users account details and test uploading and downloading a picture taken from within the ShareFile iOS app as an example.
14: Once you test that your On-Prem SZ

SZ Controller Management
This eDocs node will help you to proactively manage your On-Prem SZ Controller environment covering on to add/remove controllers for H/A as well as how-to promote, demote and disable SZ Controller – http://support.citrix.com/proddocs/topic/sharefile-storagezones-22/sf-manage-storagezone-controller.html. These eDoc articles are essential for the ongoing management and routine scheduled maintenance task(s).

Two-Step Verification = Stronger Security
http://support.citrixonline.com/en_US/sharefile/help_files/SF060010?title=Two-Step+Verification

ShareFile Storage Center 1.1

Leave a Reply

The following content is a brief and unofficial prerequisites guide to setting up Citrix ShareFile Storage Center (On-Prem StorageZone, StorageZone Connector) by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
SHAREFILE – sf
STORAGEZONE – sz
STORAGEZONECONNECTOR – szc
FULLY QUALIFIED DOMAIN NAME – fqdn
ON-PREMISE – on-prem

Certificates
1: You’ll need a publicly signed SSL certificate DO NOT use an Enterprise CA as the ShareFile storage center server connects externally to the ShareFile control plane via HTTPS and ShareFile checks to ensure that your SSL certificate is publiclly signed otherwise communicates between the Control Plane and SZ will fail.
2: Remember the higher the certificate encryption strength means you may need to consider adjusting the computing power resources applied to the VM hosted and delivering the ShareFile On-Prem service.

ShareFile Storage Center 1.1
1: Ensure that you have a ShareFile Enterprise account with StorageZones enabled.
2: You need to create and test your external FQDN records and open up port 443 in/out over TCP for your FQDN e.g sharefile.yourcompany.co.uk and once you’ve installed the IIS role + ASP.NET + .NET Framework 4.0 and bound the publicly SSL cert to your Windows Server 2008 R2 you should be able to navigate to the FQDN on HTTPS and see the default IIS landing page . NOTE: The SSL cert should match the FQDN otherwise your receive mismatch errors.
3: Navigate to http://www.sharefile.com with your super-admin credentials once your logged in select the “Admin” tab and select the “” option from the menu on the right hand-side and create a sub-domain. ShareFile offers a maximum of 3 per organisation.
4: Install the ShareFile storage center 1.1 software and follow the on-screen instructions.
5: Open up IIS Manager under the server’s ISAPI and CGI Restrictions, set the ASP.NET 4.0 Restrictionsh value to Allow.
6: Provision a CIFS share either locally on the ShareFile storage center on the C drive or attach another drive e.g and apply the appropriate permissions or ensure access over the necessary VLAN’s+ports to your organisations CIFS share on a NAS or SAN.
7: Launch the configuration page on the server locally and sign in with the ShareFile super-admin credentials now follow the on-screen instructions to complete the ShareFile storage center configuration.

Users
1: You can manually create users in control plane or upload a *.csv file to provision users
2: Download the ShareFile UMT Bit.ly link to http://www.sharefile.com and follow the on-screen installation instructions.
3: You can provide users with SAML based access via ADFS 2.0 for the Citrix XenMobile AppController Bit.ly link to http://axendatacentre.com/blog/?p=7

Troubleshooting Tips
1: The control plane www.sharefile.com will NOT accept SSL certificates that ARE NOT signed by a public CA installed on the Storage Center server offering up your On-Prem SZ to the Control Plane.