Storage zones controller

Create and manage storage zone connectors

Storage zone connectors provide access to documents and folders in:

Users with permission to view a connected resource can browse connected SharePoint sites, SharePoint libraries, and network file shares from the ShareFile web interface and ShareFile clients.

By default, connector browsing is disabled for the ShareFile web interface. To enable connector browsing, contact ShareFile Support.

Additional settings are available that allow users to specify which Domain controller to use for Active Directory look-ups. Please refer to the Authentication section of this article. This setting requires SZ 4.1 or later.

Connector System Requirements

Storage zone connectors do not support document sharing or folder sync across devices.

Connectors must have a unique display name. Users are blocked from using a connector name that is currently in use elsewhere on the account.

Permissions to create storage zone connectors

To create and manage connectors, your Admin or Employee user must have the following permissions:

  • Create and Manage connectors
  • Create root-level folders

To create a storage zone connector for SharePoint

Prerequisites

  • If you are using storage zones for ShareFile Data, create the zone to be used for the connector.

The following steps describe how to create a storage zone connector from the ShareFile web interface. ShareFile users can also create a connector from supported devices by typing the URL of the SharePoint site.

  1. Sign in to your ShareFile account as an administrator with the Create and Manage connectors permission.

  2. Navigate to Admin Settings > connectors.

  3. Click Add for the SharePoint connector type.

  4. If you are using storage zones for ShareFile Data, choose a Zone for the connector.

    The zone for a connector must either be in the same domain as the SharePoint server or must have a trust relationship with it. If you have SharePoint servers in multiple domains and cannot configure trusts between the domains, create a storage zones controller for each domain.

  5. For Site, specify the URL of a SharePoint root-level site, site collection, or document library, in the following forms.

    • Example connection to a SharePoint root-level site: https://sharepoint.company.com

      A connection to a root-level site gives users access to all sites (but not site collections) and document libraries under the root-level. ShareFile hides SharePoint system folders from users.

    • Example connection to a SharePoint site collection: https://sharepoint.company.com/site/SiteCollection

      A connection to a site collection gives users access to all subsites within that collection.

    • Example connection to a SharePoint 2010 document library:

      • https://mycompany.com/sharepoint/
      • https://mycompany.com/sharepoint/sales-team/Shared Documents/
      • https://mycompany.com/sharepoint/sales-team/Shared Documents/Forms/AllItems.aspx
    • Example connection to a SharePoint 2013 document library:

      The default SharePoint 2013 URL (when Minimal Download Strategy is enabled) is in the form: https://sharepoint.company.com/\_layouts/15/start.aspx\#/Shared%20Documents/.

    • Example connection that redirects to the NetBIOS name of an authenticated user:

      Use the variable %UserDomain% to substitute the logon name of the authenticated user with the NetBIOS name of that user. The new variable enables you to create a site-level connector to a URL such as https://example.com/%UserDomain%\_%UserName%/Documents.

    • Example connection when connecting to “My Site” or OneDrive for Business:

      Use the variable %URLusername% to automatically resolve select special characters when connecting to SharePoint personal sites. This variable replaces spaces with %20 and periods with underscores. Usage of the %URLusername% variable requires SZ v3.4.1.

      If the user’s “domain\username” is “acme\rip.van winkle” then

      https://sharepoint.acme.com/personal/%URLusername% will be resolved to: https://sharepoint.acme.com/personal/rip van%20winkle

  6. Type a user-friendly name for the connector.

    The name is used to identify the SharePoint site to users. The name should be brief so it displays well on mobile devices with small screens.

  7. Click Add connector. The View/Edit Folder Access dialog box appears.

  8. To make connectors visible to others: In View/Edit Folder Access, add users and distribution groups and then click Save Changes.

    This step determines only whether a connector is visible to users. Storage zone connectors inherit access permissions from the SharePoint server.

To enable SharePoint metadata tagging

When configuring the storage zones controller, ensure that SharePoint connectors are enabled.

Metadata tagging is supported for SharePoint 2013 and later mobile clients.

Note:

For en-us only.

To create a storage zone connector for network file shares

Prerequisites

  • If you are using storage zones for ShareFile Data, create the zone to be used for the connector.

  • In order for network share connectors to work with the latest versions of Chrome, Edge, and Firefox browsers, apply the latest .NET update for your environment. For more information, see KB articles that support SameSite in .NET Framework. Apply this to all of your storage zone connectors. This is necessary to allow the SameSite attribute to be set for cookies considering the latest version of the browsers.

  • If you use version 5.10.1 or lower, add <httpCookies sameSite="None" requireSSL="true"/ within <system.web> tag of C:\inetpub\wwwroot\Citrix\StorageCenter\cifs\Web.config file in all storage zone connectors. This is necessary to allow the SameSite attribute to be set for cookies considering the latest version of the browsers.

The following steps describe how to create a connector from the ShareFile Web interface. ShareFile users can also create a connector from supported devices by typing the path of a file share.

  1. Log on to your ShareFile account as an administrator with the Create and Manage connectors permission.

  2. Navigate to Admin Settings > Connectors.

  3. Click Add for the Network Shares connector type.

  4. If you are using storage zones for ShareFile Data, choose a Zone for the connector.

    The zone for a connector must either be in the same domain as the file share or must have a trust relationship with it. If you have file shares in multiple domains and cannot configure trusts between the domains, create a storage zones controller for each domain.

  5. For Path, type the UNC path.

    Example with FQDN: \\fileserver.acme.com\shared

    You can use the following variables in the UNC path:

    • %UserName%

      Redirects to a user’s home directory. Example path: \\myserver\homedirs\%UserName%

    • %HomeDrive%

      Redirects to a user’s home folder path, as defined in the Active Directory property Home-Directory. Example path: %HomeDrive%

    • %TSHomeDrive%

      Redirects to a user’s Terminal Services home directory, as defined in the Active Directory property ms-TS-Home-Directory. The location is used when a user logs on to Windows from a terminal server or Citrix XenApp server. Example path: %TSHomeDrive%

      In the Active Directory Users and Computers snap-in, the ms-TS-Home-Directory value is accessible on the Remote Desktop Services Profile tab when editing a user object.

    • %UserDomain%

      Redirects to the NetBIOS domain name of the authenticated user. For example, if the authenticated user logon name is “abc\johnd”, the variable is substituted with “abc”. Example path: \\myserver\%UserDomain%_%UserName%

    The variables are not case sensitive.

    Important: Do not create a connector to the ShareFile Data storage location. Depending on user permissions, doing so can enable users to remove all ShareFile Data.

  6. Type a user-friendly Name for the connector.

    The name is used to identify the file share to users. The name should be brief so it displays well on mobile devices with small screens.

  7. Click Add connector. The View/Edit Folder Access dialog box appears.

  8. To make connectors visible to others: In View/Edit Folder Access, add users and distribution groups and then click Save Changes.

    This step determines only whether a connector is visible to users. Storage zone connectors inherit access permissions from the network share. Permissions for read/write access are determined by the security settings of the network share and are also affected by the ShareFile plan.

To enable file checkin and checkout for network file shares

Prerequisites

Storage zones controller version 5.8 and Network File Shares connector must be configured.

Steps

  1. Sign in to Storage Center. The configuration page appears.
  2. Click Modify on the configuration page.
  3. Select the check box Enable check in and check out for network file shares.
  4. Type the name of the domain where the users and network shares are located.
  5. Type the user name and password of the service account. This service account is required to have read and write access on all files and folders present in the network share location.

To create a storage zone connector for Documentum

Note:

Only Basic Authentication is supported for Documentum connector setup. The Documentum Content Server is case sensitive, so the user name entered during authentication should match the case-sensitive credentials, unless case sensitivity is disabled on the Documentum content server.

Prerequisites

  1. Storage zones controller 5.3 or later
  2. Documentum ECM Setting enabled by ShareFile Customer Support.
  3. The Documentum Rest service must be deployed on your Documentum server. Click here for additional information on the Documentum Rest Service.
  4. If using Citrix ADC, certain configuration changes are required. Those changes are detailed further down this article.

Once this feature has been enabled by ShareFile Customer Support, navigate to your storage zone controller and locate the storage zones connector menu. Click the check box for “Enable access to existing Enterprise Content Management (ECM) data sources.” Save your changes.

Next, sign into the ShareFile web application and navigate to Admin Settings > Connectors.

Click the Add button beside the Documentum connector type.

Specify the Path of your EMC server and enter a Name for your connector. Continue.

Next, grant users access to the Documentum connector.

Once the connector has been created, you can access it from the web and mobile apps.

Supported actions

Mobile (iOS/Android/Universal Windows Platform):

  • Browsing
  • File Uploads/Downloads
  • File and Folder Creation/Deletion
  • Offline editing

WebApp

  • connector Creation
  • Browsing
  • File Uploads/Downloads
  • Folder Creation/Deletion

Not supported

  • Sharing files stored within a Documentum connector
  • Whitelisting/Blacklisting of paths

Note:

The Documentum Content Server is case sensitive, so the user name entered during authentication should match the case-sensitive credentials, unless case sensitivity is disabled on the Documentum content server.

Citrix ADC configuration for Documentum connector

If utilizing a Citrix ADC with your environment, make the following change to your Citrix ADC configuration:

  1. Append the following to the _SF_CIFS_SP policy under Content Switching > Policies:

    HTTP.REQ.URL.CONTAINS("/cifs/") || HTTP.REQ.URL.CONTAINS("/sp/") || HTTP.REQ.URL.CONTAINS("/documentum/") || HTTP.REQ.URL.CONTAINS("/ProxyService/")

  2. Append the following to the _SF_SZ_CSPOL policy under Content Switching > Policies:

    HTTP.REQ.URL.CONTAINS("/cifs/").NOT && HTTP.REQ.URL.CONTAINS("/sp/").NOT && HTTP.REQ.URL.CONTAINS("/ProxyService/").NOT && HTTP.REQ.URL.CONTAINS("/documentum/").NOT

To change a connector name

A connector name is used to identify a SharePoint site or network file share to users.

  1. Sign in to your ShareFile account as an administrator and then click the connectors tab.
  2. In the Title column, click the connector name.
  3. Type a user-friendly name for the connector and then click Save.

To delete a connector

Deleting a connector does not remove data from SharePoint or a network file share.

  1. Sign in to your ShareFile account as an administrator and then click the connectors tab.
  2. Select the check box for the connector, click Delete, and then click OK.

Connector authentication

Admin users can now utilize the following setting to specify which Domain controller to use when performing AD look-ups for CIFS or SP authentication.

<add key="Domaincontrollers" value="DC01,dc02.domain.com,123.456.789.1" />

The “Value=” above can be set to a single DC or multiple DCs identified by host name, FQDN, or IP Address. Multiple DCs should be separated by commas or semicolons.

If multiple DCs are specified, the look-up will be executed against the first DC. If an error occurs, the second DC is utilized, and so on.

The above property can be added to C:\inetpub\wwwroot\Citrix\StorageCenter\AppSettingsRelease.config so that it will be inherited by all storage zones controller IIS apps (including CIFS, SP, and ProxyService).

If the new app setting is not present, the default behavior of automatically selecting a DC continues.

Users can now “Get a Direct Link” from Network Share / SharePoint connectors while using the latest version of the ShareFile app for iOS or Android.

If the Admin would like to disable this feature, they can do so by adding:

<add key="disable-direct-link" value="1"/>

The above can be added to C:\inetpub\wwwroot\Citrix\StorageCenter\sps\AppSettingsRelease.config.

Basic authentication and localized user names

Basic Authentication does not support non-ASCII characters. If using localized user names, it is suggested that users utilize NTLM and Negotiate.