Product Documentation

Create and manage StorageZone Connectors

StorageZone Connectors provide access to documents and folders in:

Users with permission to view a connected resource can browse connected SharePoint sites, SharePoint libraries, and network file shares from the ShareFile web interface and ShareFile clients.

By default, connector browsing is disabled for the ShareFile web interface. To enable connector browsing, contact ShareFile Support.

Additional settings are available that allow users to specify which Domain Controller to use for Active Directory look-ups. Please refer to the Authentication section of this article. This setting requires SZ 4.1 or later.

Connector System Requirements

StorageZone Connectors do not support document sharing or folder sync across devices.

Connectors must have a unique display name. Users will be blocked from using a connector name that is currently in use elsewhere on the account.

Permissions to create StorageZone Connectors

To create and manage Connectors, your Admin or Employee user must have the following permissions:

  • Create and Manage Connectors
  • Create root-level folders

To create a StorageZone Connector for SharePoint

Pre-requisite:

  • If you are using StorageZones for ShareFile Data, create the zone to be used for the connector.

The following steps describe how to create a StorageZone Connector from the ShareFile web interface. ShareFile users can also create a connector from supported devices by typing the URL of the SharePoint site.

  1. Log on to your ShareFile account as an administrator with the Create and Manage Connectors permission.

  2. Navigate to Admin Settings > Connectors.

  3. Click Add for the SharePoint Connector type.

  4. If you are using StorageZones for ShareFile Data, choose a Zone for the connector.

    The zone for a connector must either be in the same domain as the SharePoint server or must have a trust relationship with it. If you have SharePoint servers in multiple domains and cannot configure trusts between the domains, create a StorageZones Controller for each domain.

  5. For Site, specify the URL of a SharePoint root-level site, site collection, or document library, in the following forms.

    • Example connection to a SharePoint root-level site: https://sharepoint.company.com

      A connection to a root-level site gives users access to all sites (but not site collections) and document libraries under the root-level. ShareFile hides SharePoint system folders from users.

    • Example connection to a SharePoint site collection: https://sharepoint.company.com/site/SiteCollection

      A connection to a site collection gives users access to all subsites within that collection.

    • Example connection to a SharePoint 2010 document library:

      • https://mycompany.com/sharepoint/
      • https://mycompany.com/sharepoint/sales-team/Shared Documents/
      • https://mycompany.com/sharepoint/sales-team/Shared Documents/Forms/AllItems.aspx
    • Example connection to a SharePoint 2013 document library:

      The default SharePoint 2013 URL (when Minimal Download Strategy is enabled) is in the form: https://sharepoint.company.com/\_layouts/15/start.aspx\#/Shared%20Documents/.

    • Example connection that redirects to the NetBIOS name of an authenticated user:

      Use the variable %UserDomain% to substitute the logon name of the authenticated user with the NetBIOS name of that user. The new variable enables you to create a site-level connector to a URL such as https://example.com/%UserDomain%\_%UserName%/Documents.

    • Example connection when connecting to “My Site” or OneDrive for Business:

      Use the variable %URLusername% to automatically resolve select special characters when connecting to SharePoint personal sites. This variable replaces spaces with %20 and periods with underscores. Usage of the %URLusername% variable requires SZ v3.4.1.

      If the user’s “domain\username” is “acme\rip.van winkle” then

      https://sharepoint.acme.com/personal/%URLusername% will be resolved to: https://sharepoint.acme.com/personal/rip van%20winkle

  6. Type a user-friendly Name for the connector.

    The name is used to identify the SharePoint site to users. The name should be brief so it displays well on mobile devices with small screens.

  7. Click Add Connector. The View/Edit Folder Access dialog box appears.

  8. To make connectors visible to others: In View/Edit Folder Access, add users and distribution groups and then click Save Changes.

    This step determines only whether a connector is visible to users. StorageZone Connectors inherits access permissions from the SharePoint server.

To Enable SharePoint Metadata Tagging

When configuring the StorageZones Controller, ensure that SharePoint Connectors are enabled.

Metadata tagging is supported for SharePoint 2013 and later mobile clients.

Note:

en-US only.

To create a StorageZone Connector for network file shares

Pre-requisite:

  • If you are using StorageZones for ShareFile Data, create the zone to be used for the connector.

The following steps describe how to create a connector from the ShareFile Web interface. ShareFile users can also create a connector from supported devices by typing the path of a file share.

  1. Log on to your ShareFile account as an administrator with the Create and Manage Connectors permission.

  2. Navigate to Admin Settings > Connectors.

  3. Click Add for the Network Shares Connector type.

  4. If you are using StorageZones for ShareFile Data, choose a Zone for the connector.

    The zone for a connector must either be in the same domain as the file share or must have a trust relationship with it. If you have file shares in multiple domains and cannot configure trusts between the domains, create a StorageZones Controller for each domain.

  5. For Path, type the UNC path.

    Example with FQDN: \\fileserver.acme.com\shared

    You can use the following variables in the UNC path:

    • %UserName%

      Redirects to a user’s home directory. Example path: \\myserver\homedirs\%UserName%

    • %HomeDrive%

      Redirects to a user’s home folder path, as defined in the Active Directory property Home-Directory. Example path: %HomeDrive%

    • %TSHomeDrive%

      Redirects to a user’s Terminal Services home directory, as defined in the Active Directory property ms-TS-Home-Directory. The location is used when a user logs on to Windows from a terminal server or Citrix XenApp server. Example path: %TSHomeDrive%

      In the Active Directory Users and Computers snap-in, the ms-TS-Home-Directory value is accessible on the Remote Desktop Services Profile tab when editing a user object.

    • %UserDomain%

      Redirects to the NetBIOS domain name of the authenticated user. For example, if the authenticated user logon name is “abc\johnd”, the variable is substituted with “abc”. Example path: \\myserver\%UserDomain%_%UserName%

    The variables are not case sensitive.

    Important: Do not create a connector to the ShareFile Data storage location. Depending on user permissions, doing so can enable users to remove all ShareFile Data.

  6. Type a user-friendly Name for the connector.

    The name is used to identify the file share to users. The name should be brief so it displays well on mobile devices with small screens.

  7. Click Add Connector. The View/Edit Folder Access dialog box appears.

  8. To make connectors visible to others: In View/Edit Folder Access, add users and distribution groups and then click Save Changes.

    This step determines only whether a connector is visible to users. StorageZone Connectors inherits access permissions from the network share. Permissions for read/write access are determined by the security settings of the network share and are also affected by the ShareFile plan.

To create a StorageZone Connector for Documentum

Note:

Only Basic Authentication is supported for Documentum Connector setup. The Documentum Content Server is case sensitive, so the username entered during authentication should match the case-sensitive credentials, unless case sensitivity is disabled on the Documentum content server.

Prerequisites:

  1. StorageZones Controller 4.1 or later
  2. Documentum ECM Setting enabled by ShareFile Customer Support.
  3. The Documentum Rest service must be deployed on your Documentum server. Click here for additional information on the Documentum Rest Service.
  4. If using Netscaler, certain configuration changes are required. Those changes are detailed further down this article.

Once this feature has been enabled by ShareFile Customer Support, navigate to your StorageZone Controller and locate the StorageZones Connector menu. Click the checkbox for “Enable access to existing Enterprise Content Management (ECM) data sources”. Save your changes.

Next, sign into the ShareFile web application and navigate to Admin Settings > Connectors.

Click the Add button beside the Documentum Connector type.

Specify the Path of your EMC server and enter a Name for your Connector. Continue.

Next, grant users access to the Documentum Connector.

Once the Connector has been created, you can access it from the web and mobile apps.

Supported Actions:

Mobile (iOS/Android/Universal Windows Platform):

  • Browsing
  • File Uploads/Downloads
  • File and Folder Creation/Deletion
  • Offline editing

Web App

  • Connector Creation
  • Browsing
  • File Uploads/Downloads
  • Folder Creation/Deletion

Not supported:

  • Sharing files stored within a Documentum Connector
  • Whitelisting/Blacklisting of paths

Note:

The Documentum Content Server is case sensitive, so the username entered during authentication should match the case-sensitive credentials, unless case sensitivity is disabled on the Documentum content server.

NetScaler Configuration for Documentum Connector

If utilizing a NetScaler with your environment, make the following change to your NetScaler configuration:

1. Append the following to the _SF_CIFS_SP policy under Content Switching -> Policies:

HTTP.REQ.URL.CONTAINS(“/cifs/”)   HTTP.REQ.URL.CONTAINS(“/sp/”)   HTTP.REQ.URL.CONTAINS(“/documentum/”)   HTTP.REQ.URL.CONTAINS(“/ProxyService/”)

2. Append the following to the _SF_SZ_CSPOL policy under Content Switching -> Policies:

HTTP.REQ.URL.CONTAINS(“/cifs/”).NOT && HTTP.REQ.URL.CONTAINS(“/sp/”).NOT && HTTP.REQ.URL.CONTAINS(“/ProxyService/”).NOT && HTTP.REQ.URL.CONTAINS(“/documentum/”).NOT

To change a connector name

A connector name is used to identify a SharePoint site or network file share to users.

  1. Log on to your ShareFile account as an administrator and then click the Connectors tab.
  2. In the Title column, click the connector name.
  3. Type a user-friendly Name for the connector and then click Save.

To delete a connector

Deleting a connector does not remove data from SharePoint or a network file share.

  1. Log on to your ShareFile account as an administrator and then click the Connectors tab.
  2. Select the check box for the connector, click Delete, and then click OK.

Connector Authentication

Admin users can now utilize the following setting to specify which Domain Controller to use when performing AD look-ups for CIFS or SP authentication, or for Restricted Zone authentication.

<add key=”DomainControllers” value=”DC01,dc02.domain.com,123.456.789.1” />

The “Value=” above can be set to a single DC or multiple DCs identified by hostname, FQDN, or IP Address. Multiple DCs should be separated by commas or semicolons.

If multiple DCs are specified, the look-up will be executed against the first DC; if an error occurs, the second DC will be utilized, and so on.

The above property can be added to “C:\inetpub\wwwroot\Citrix\StorageCenter\AppSettingsRelease.config” so that it will be inherited by all SZC IIS apps (including CIFS, SP, and ProxyService).

If the new app setting is not present, the default behavior of automatically selecting a DC will continue.

Users can now “Get a Direct Link” from Network Share / SharePoint Connectors while using the latest version of the ShareFile app for iOS or Android.

If the Admin would like to disable this feature, they may do so by adding:

<add key=”disable-direct-link” value=”1”/>

The above can be added to “c:\inetpub\wwwroot\Citrix\StorageCenter\sp\AppSettingsRelease.config”.

Basic Authentication and Localized Usernames

Basic Authentication does not support non-ASCII characters. If using localized usernames, it is suggested that users utilize NTLM and Negotiate.