Enterprises store large volumes of data in platforms such as Microsoft SharePoint, network drives and virtual desktop environments. Enabling effortless and secure access to this data from outside of corporate networks or from mobile devices has been a major challenge for IT.
“Navigating existing firewalls and integrating with legacy systems and applications remain huge hurdles for true enterprise mobility,” said Alan Pelz-Sharpe, research director, 451 Research. “Solutions like ShareFile StorageZone Connectors that integrate seamlessly with existing systems and applications are the way to go.”
Citrix ShareFile StorageZone Connectors help organizations leverage and mobilize existing enterprise data platforms. This feature, available in the ShareFile mobile app for iPhone, iPad and Android devices, allows mobile users to create a secure connection to existing CIFS network shares and SharePoint document libraries. Additionally, with the built-in document editing capabilities in the ShareFile mobile apps, users can be highly productive while on the go.
- No data migration required – IT does not have to first migrate data to the cloud because StorageZone Connectors provide direct and secure connection to data in its original location
- Enhanced mobility – Mobile workers enjoy effortless access to data stored in corporate network shares and SharePoint libraries from tablets and smartphones. Users can also access documents residing in home drives (network drives) in virtual desktop environments, including those powered by Citrix XenApp and Citrix XenDesktop.
- Offline access – Documents residing in SharePoint document libraries and network shares can be securely downloaded on the mobile device for offline access
- Mobile editing – Rich editing for Microsoft Office documents and PDF annotation capabilities are available through the built-in mobile content editor, which is available to users even when offline with standard SharePoint functions like checkout and check-in. Any changes made to the documents can be saved
- Retain existing security policies – Administrators can also retain and extend the capabilities of their existing (e-discovery, legal hold) tools by enabling user access to existing CIFS shares through StorageZone Connectors for network shares and SharePoint
StorageZone Connectors Architecture
Figure 1 provides a graphical representation of the StorageZone Connectors architecture, which consists of three components: ShareFile Control Plane, StorageZone Controller and StorageZone Connectors.
ShareFile Control Plane
Hosted in Citrix datacenters and managed as a service by Citrix, the ShareFile Control Plane performs tasks such as managing web applications, pushing feature updates and reporting. Customers can choose the U.S. or the European Control Plane to address performance and compliance requirements. With StorageZone Connectors, all data is stored in the customer’s datacenter; the Control Plane does not store user files, user data or corporate data.
The StorageZone Controller is used to enable StorageZone Connectors. It is a web service installed on a Windows Server 2008 R2 server that handles all HTTPS operations from users and the ShareFile Control Plane.
StorageZones Controller software supports:
- SharePoint 2010 and 2013
- SharePoint nested libraries – browse sub-sites and document libraries beneath a SharePoint root URL or site collection
- Home drive discovery – use the homedrive variable as a CIFS connector to the user’s Active Directory-defined home drive path
The IT administrator can pre-populate the list of SharePoint sites and file shares that users will be permitted to access, as shown in Figure 2. Administrators can also allow users to self-provision access to internal resources.
User authentication process
Users are required to download the ShareFile mobile app from the app store or XenMobile and run it on their mobile device. This step is only required once to set up the Connectors. A two-step authentication process will then be initiated:
- The first step will require the user to enter their ShareFile password .The mobile application will then contact the user’s subdomain on ShareFile.com to verify their credentials. A user will only be required to enter their ShareFile credentials when configuring the mobile application; thereafter, these credentials can be stored on the mobile device.
- The second authentication step happens after the user selects a network share or SharePoint Connector. Once this is completed, the user will be prompted to enter their Active Directory credentials, which will be sent to the ShareFile StorageZone Controller for verification. After the credentials are verified, the user can access the data securely from their mobile device.
All authentication requests and user credentials are securely sent over HTTPS. After the authentication process is complete, the mobile client communicates directly with the StorageZone Controller and all files are securely accessed directly through the Controller within the customer’s datacenter. Files are never sent through the ShareFile control plane when using StorageZone Connectors.
Users with appropriate access will see a connected SharePoint library or network file share in the ShareFile client interface under Folders > SharePoint or Folders > Network Shares referenced in Figure 3.
Mobile access to enterprise data is a critical component of full productivity for mobile workers. While workers demand a delightful experience, organizations are concerned about secure and seamless access to internal resources. ShareFile StorageZone Connectors help enterprises provide secure mobile access to data residing behind the corporate firewall. This solution extends the value of SharePoint and network drives in a BYO world and enables enterprises to fully mobilize data.