Configure storage zones controller for Web App previews, thumbnails, and view-only sharing

On-premises file previews are rendered by your on-premises Microsoft Office Web Apps (OWA) Server. When previewing files stored on a Citrix-managed storage zone, previews will be rendered by Citrix-managed or Microsoft-managed OWA servers.

Important:

Whitelisting requirements:

*.sf-api.com must be accessible by your Office Online Server for previewing and editing to function properly on storage zones version 5.0 or later.

Requirements

Supported filetypes for on-premises file preview

  • doc, .docm, .docx, .dot, .dotm, .dotx, .odt
  • .ods, .xls, .xlsb, .xlsm, .xlsx
  • .odp, .pot, .potm, .potx, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx
  • .pdf
  • Image Files (bmp, gif, jpg, jpeg, png, tif, tiff)

Supported file types for on-premises file edit

  • .docm, .docx, .odt
  • .ods, .xlsb, .xlsm, .xlsx
  • .odp, .ppsx, .pptx

Supported environments

  • Standard Zones
  • Multitenant Zones
  • Web Application

Whitelisting / network considerations

  • OOS Server should be able to reach https://\*.sf-api.com (or .eu)
  • SZC Server should be able to reach https://\*.sf-api.com and https://\*.sharefile.com (or .eu)
  • SZC Server should be able to reach OOS Server https://\<Customer OOS / OWA Endpoint\>/hosting/discovery (for example, https://oos.sharefileexample.com/hosting/discovery)

To edit on-premises files, File Versioning must be enabled on your ShareFile account.

The setting for turning on Microsoft Office Online Editing within the ShareFile Web App Advanced Preferences menu does not impact the ability to edit on-premises files. That specific toggle will not control your ability to edit on-premises files, but will apply to the editing of any files stored in a public cloud. Enabling the editing of on-prem files is exclusively controlled by the storage zones controller Admin using the steps outlined below.

Microsoft server compatibility

  • Microsoft Server 2016: supports the ability to both edit and preview files. Editing can also be disabled.

  • Microsoft Server 2013: only supports the ability to preview files.

Architectural and network diagram

ShareFile preview flow

  1. Authenticated user requests a file preview in ShareFile.
  2. ShareFile issues a redirect to the client device with Office Online Server FQDN
  3. Client device redirects to Office Online Server FQDN. Note: HTTPS connection, DNS should either have A Record for internal server IP, or A Record for Load Balancer VIP, with applicable routing between client device and any firewall on port 443.
  4. Office Online Server processes request, makes API calls to storage zones controller server. Note: HTTPS Connection, DNS should either have A Record for internal server IP, or A Record for Load Balancer VIP, with applicable routing between client device and any firewall on port 443.
  5. Storage zones controller checks https://\<DNSname\>/hosting/discovery is reachable. Only when reachable, SZC sends API responses back to Office Online Server. Note: storage zone controller must connect to the Office Online Server. HTTPS connection between both internally hosted servers.
  6. Storage zones controller connects outbound to ShareFile API (sf-api.com). Note: This is a mandatory outbound connection through any firewall, proxy, or outbound routing appliance. Ensure the storage zones controller server can communicate outbound via HTTPS/443 to the documented IP Addresses above.
  7. Office Online Server connects outbound to ShareFile API. Note: This is a mandatory outbound connection through any firewall, proxy, or outbound routing appliance. Ensure the Office Online Server can communicate outbound via HTTPS/443 to the documented IP addresses above.
  8. Preview occurs.

To have storage zones controller stream file bytes to OOS rather than OOS calling ShareFile control plane for downloading the contents: We need to update a key in one of the config files on the storage zones controller.

The C:\inetpub\wwwroot\Citrix\StorageCenter\WopiServer\AppSettingsReleaseOnPrem.config needs to be updated.

This config file has a key downloadFileFromSC which is currently false. Change the key to true and restart IIS.

Doing so updates the configuration. OOS also no longer calls the ShareFile control plane to download the file contents.

When using this option, would it be correct in stating there would be no inbound traffic from the control plane to OOS?

If the above option is used, OOS no longer makes outbound connections to ShareFile control plane.

However, ShareFile control plane still makes outbound connections to OOS, irrespective of whether the above option is used or not.

Are there pros or cons of using one method vs. the other?

In this approach, OOS isn’t downloading file contents directly. Storage zones controller downloads and streams the file bytes to OOS. Thus, it will increase load on the storage zones controller servers.

Downloading and streaming file bytes is a resource-intensive task. Depending on the number of users and number of preview and editing operations, the load increases on storage zones controller servers.

Enable on-premises previewing and editing

To support in-browser document and image preview, thumbnails, view-only sharing of data stored in customer-managed storage zones, and on-premises file editing, configure the storage zones controller as follows:

  1. In the storage zones controller console, click the ShareFile Data tab.

  2. In the Local Network Share Configuration section, enable Configure office web apps previews.

  3. Enter the external URL of your Microsoft Office Web Apps (OWA) server.
    • Users must download and configure the OWA server software via their Microsoft Office MSDN subscription.
  4. Select Enable Office Online Editing (if needed)

  5. Verify that the OWA URL is externally accessible.

  6. Verify that your Office Online Servers can communicate with *.sf-api.com.

  7. In the storage zones controller Console, click the Monitoring tab.

  8. Verify that OWA Server Connectivity has a green checkmark.

Note:

Editing on-premises files will require File Versioning to be enabled for the ShareFile account. If File Versioning is disabled for the account, on-premises Editing will not work.

Important:

Configure Clock Synchronization:

Modifying the OWA URAL or Disabling Previews:

  • Either of the above actions requires that the IIS service be restarted for each Primary and Secondary controller.

Limitations

  • Mobile apps do not support in-browser editing.
  • Connectors do not support in-browser previews.

WOPI Previews are not supported for VDR accounts.

For information on how to configure your Citrix ADC for View-Only Sharing, see Configure Citrix ADC for storage zones controller.

Troubleshooting OWA and OOS issues

If you are experiencing issues previewing or editing on-prem files, the following steps will assist in the identification and correction of specific problems.

To troubleshoot your configuration, first sign into the OWA or OOS machine.

  1. Verify that the Office WebApps or OfficeOnline Windows services are running within services.msc.

  2. In a new browser, open the http://localhost/hosting/discovery page. If this page successfully loads, an XML response should be returned.

  3. Run PowerShell as an Administrator and execute the following command:

Get-OfficeWebAppsFarm

If you receive a WARNING or ERROR message in the response, review your configuration settings for any errors or mistakes.

Network considerations:

  • OOS Server should be able to reach https://*.sf-api.com (or .eu)
  • SZC Server should be able to reach https://*.sf-api.com and https://*.sharefile.com (or .eu)
  • SZC Server should be able to reach OOS Server https://<CustomerOOS/OWAEndpoint\>/hosting/discovery. For example, https://oos.sharefileexample.com/hosting/discovery.