<presenter name>
<presentation month/year>

Agenda
• Introduction to ShareFile Enterprise
• High-Level Architecture
• Availability and Redundancy
• StorageZones
• Security
• Authentication
• Follow-me-data with Citrix CloudGateway & Receiver
• Wrap-up

• Enables file sharing with anyone
• Syncs data across all devices
• Online file sharing spaces for virtual teams
• Selective offline access on mobile devices
• Data protection ᵒ Encryption ᵒ Device lock ᵒ Remote wipe ᵒ Poison-pill

Why ShareFile?
• Enable workforce mobility & BYOD
• Address the “Dropbox-Problem”
• Simple and secure data sharing ᵒ Fellow employees ᵒ Team collaboration ᵒ Clients, 3 rd party collaboration
• Enhanced productivity

Broad Device, Workflow and Protocol Support
Mobile Apps
Mobile
Site
Outlook
Plug-in
Mac OS
Sync iPhone
Desktop Apps
Android BlackBerry
Browser
Windows 7
Phone iPad
Android
Tablet
Automation
Command
Line
Interface*
Alternative Protocol (Cloud SZ)
Windows
Sync

ShareFile – with Citrix managed StorageZones
*.sharefile.com
*.sf-api.com
Control Plane
• Account info
• Brokering
• Reporting
• Access Control
DB
Client
Storage Center (EC2) StorageZones
• Storage Centers
• Backend Storage
• Various
Locations WW
S3

With Citrix managed StorageZones

ShareFile Control Plane
DMZ
Webservers “main app”
Load balancing
Client
No Client Files
File Metadata
Account Data
SQL
Cluster
Load balancing
TLS/SSL
AES-256
Encryption
API Webservers
Replication to
DR Datacenter

ShareFile StorageZones
FTP/FTPS FTP Servers Utility Servers
Client
Storage Centers
Anti Virus &
Thumbnailing
Full Text Index
Backup
Storage
Storage
Storage
TLS/SSL
AES-256
Encryption
AES-256
Encryption
S3 Commit
EBS
EBS
EBS
EBS
Elastic Block Storage
File Processing
Cache
EC2
AES-256
Encryption
S3
S3 99.99% availability and
99.999999999% durability
Encrypted
Backup to 3 rd
Party Datacenter
Backup

ShareFile StorageZones - Download
FTP/FTPS FTP Servers
Client
Storage Centers
Storage
Storage
Storage
TLS/SSL
AES-256
Encryption
EBS
EBS
EBS
EBS
Elastic Block Storage
EC2 S3

Availability Information
• Real-time backup to Citrix data center
• Automatic failover (if necessary)
• Lazy file deletion to support file recovery

ShareFile StorageZones
• Now available for all ShareFile Enterprise accounts
• Store files in customer-managed StorageZones, in Citrix-managed StorageZones or both
• Technology proven in the Cloud
• Seamless user experience

Why StorageZones?
Meet unique compliance and data sovereignty requirements by storing data On-Prem
Optimize end user performance by placing files and folders in close proximity

ShareFile - Citrix managed StorageZones
*.sharefile.com
*.sf-api.com
Control Plane
• Account info
• Brokering
• Reporting
• Access Control
DB
Client
Storage Center (EC2) StorageZones
• Storage Centers
• Backend Storage
• Various
Locations WW
S3

Citrix managed and On-Prem StorageZones
*.sharefile.com
*.sf-api.com
Control Plane
• Account info
•
Brokering
• Reporting
• Access Control
DB
Client
Storage Center (Windows IIS)
CIFS
Customer Datacenter
StorageZones
Storage Center (EC2)
• Storage Centers
• Backend
Storage
• In customer
Datacenter(s)
• Hybrid with cloud
S3

21
Citrix managed StorageZones
Control Plane
Customer managed StorageZones

ShareFile European Control Plane
• https://<subdomain>.sharefile.eu
• Enterprise Accounts available in Q4
• High Performance
• User Proximity
• Government Compliance
• In Citrix Online datacenter in Germany

Using StorageZones
• StorageZones can be set on ᵒ User-level ᵒ Root Folder-level

Using StorageZones

Proof of Concept Deployment https
Public Internet IP 10.0.0.1
https
Storage Center
10.0.0.20

HA Deployment
Public Internet IP 1 https https
Public Internet IP 2 https
10.0.0.1
https
Storage Center
10.0.0.20
Storage Center
Storage Center
10.0.0.21
Storage

Secure DMZ Deployment https
Public
Internet IP
10.0.0.1
http or https http or https
Storage Center
10.0.0.20
Storage Center
10.0.0.21
Storage

On-premise StorageZones Requirements
• Windows 2008 Server R2
• IIS Web Services role with ASP.NET
• Microsoft .NET 4.0
• A public-resolvable internet hostname
• An SSL certificate for the above ᵒ Public, Windows accepted Certificate
Authority ᵒ Self-signed or unsigned certificates are not supported

IIS Configuration
• Install SSL certificate and bind certificate to https port 443 ᵒ Not needed when using DMZ proxy
• ISAPI and CGI Restrictions ᵒ ASP.NET v4.0.x needs to be set to
“Allowed”

Storage Center Installation

Storage Center Configuration

Shared Storage Configuration
• CIFS Share Access
• Storage Centers will access the
Share using the
StorageCenterAppPool user
• Application Pools →
StorageCenterAppPool →
Advanced Setting → Identity
• Additional permission settings documented in eDocs

Basic Troubleshooting
• Ensure you type <external address> without port or https & check for typos on
Configuration Page
• Ensure on Enterprise account with SZ
• Make sure user account has SZ admin permissions
• Check if Storage Center URL is accessible from outside
• Check file share for creation of directories
• Check if SCKeys.txt is created in root of file share
• Logs!

Security Information
• SSAE 16 audited data centers
• SSL Encryption in transit
• AES 256-bit encryption at rest
• All uploaded files scanned for viruses
• Daily scans for McAfee SECURE accreditation
• All ShareFile servers protected by dedicated firewalls

Standard Download Security
Client
1 5 9 6
DB
3 7
2
4
Main App/
API servers
Shared Secret (trust)
Storage Center
8
Storage
1 Client requests a file
2 Prepare message send to Storage Center
3 HMAC is validated
4 Storage Center confirms validity
5 Client receives download URL with HMAC
6 Client requests download
7 HMAC is validated
8 Storage Center gets file from storage
9 Download starts

Trust & Encryption – On-Premise StorageZones
Storage encryption key created when
StorageZone is created
Storage Center
*.sharefile.com
*.sf-api.com
DB
Shared Secret (trust)
Shared Key created when StorageZone is created
Storage
Encryption Key is encrypted by
Passphrase when
Storage Center is configured

Download Security with On-Prem StorageZones
• NetScaler can handle incoming HMAC’s
• Security Best Practice ᵒ Connections with bad requests will not enter the internal network
• Documented in admin guide on eDocs
1 5
2 4
3
Storage Center
1 NetScaler strips HMAC from URI
2 NetScaler sends URI & HMAC to Storage Center
3 HMAC is validated by Storage Center
4 Storage Center sends confirmation to NS
5 Process Completes

ShareFile Authentication Options
• Built-in Authentication ᵒ Uses combination of email address and password ᵒ Passwords are stored hashed in database
• SAML Support ᵒ Broad Identity Provide Support, including ADFS
• CloudGateway ᵒ Offers user provisioning functionality ᵒ Receiver integration ᵒ Recommended, especially for existing Citrix customer

Enterprise Active Directory Options
SAML 2.0 Support
• Requires customer provided and configured SAML provider
• Microsoft ADFS Support
• Also supports popular Identity
Providers such as: ᵒ OneLogin ᵒ CA SiteMinder ᵒ PingIdentity PingFederate ᵒ SalesForce
• Unified storefront for all applications, data and services
• Instant user provisioning and deprovisioning
• Fully integrated with Receiver
• Real-time SaaS application monitoring
• Comprehensive access control policies

SAML Authentication
• User account is still required in ShareFile ᵒ Folder Access Control ᵒ Licensing
• Users will be matched by email address
• Identity Provider Password will never be send to Control Plane
• Password reset can be disabled
• Requires tools to be ‘SAML-aware’ ᵒ ShareFile web site and iPad app are today with other tool support coming

SAML
How it works
7 8 9
Service Provider
(sharefile.com)
Client
4
5
User has access
6
Identity Provider
(e.g. CloudGateway,
ADFS)
1 Client requests ShareFile SSO login URL
2 Client discovers identity provider
3 Client redirected to identify provider
4 Client requests identity provider URL
5 Identity Provider identifies the user
6
User is authenticated and is redirected to
Assertion Consumer Service URL with SAML response
7 User agent requests ACS URL
8
ACS validates SAML response and redirects user agent to ShareFile URL
9 User agent requests ShareFile URL

ShareFile Account Creation
• User creation can be done manually ᵒ One-by-one ᵒ Import from Excel spreadsheet
• User is provisioned through CloudGateway
• User Management Tool

User Management Tool
• Creates ShareFile user accounts and distribution lists based on AD users and groups
• Option to notify users of account creation
• Ability to select default StorageZone for users
• Easy process for keeping AD and SF in sync

Follow-me-data

PC
Mac
Smartphone
Tablet
Thin Client
Access Gateway services
StoreFront™ services
Content Controllers

ShareFile StorageZone Connectors

ShareFile StorageZone Connectors for Network
Shares
ShareFile Personal Folder
ShareFile Team Folder
ShareFile Team Folder
Existing Network Share
56
#CitrixSynergy
Citrix Confidential - Do Not Distribute

Citrix ShareFile
• Robust filesharing technology designed for the Enterprise
• SaaS model with Cloud and On-premise options
• Secure
• AD Authentication options
• CloudGateway Integration available soon

Work better. Live better.