Customers utilizing StorageZones Controller (version 3 or later) can utilize Restricted Zones to better control employee access to data.
Not all features and apps may be utilized with data stored on a Restricted Zone.
Additional RZ Info
Restricted Zone Features
Zone Authentication: In addition to logging on to ShareFile, users must authenticate separately to the StorageZones Controller to access documents stored in a restricted zone. Directory lookup ensures that the user logging on to ShareFile is the same one authenticating to the zone. This extra authentication requirement limits sharing. Documents can be shared only with others who have access to the StorageZones Controller and who can authenticate using enterprise credentials. In a restricted zone, files cannot be shared anonymously. Users must be granted permission to view a file and must always log on to receive a shared file.
Metadata Encryption: All information about files and folders in the zone is encrypted with your key before being sent to ShareFile. As a result, no one outside of your organization can see folder or file names in restricted zones. Access to encryption keys, decrypted files, and metadata is available only through enterprise authentication to StorageZones Controller.
Internal address for StorageZones Controller: For a restricted zone, authorization occurs between StorageZones Controller and ShareFile clients instead of between StorageZones Controller and the ShareFile cloud. As a result, a StorageZones Controller that hosts restricted zones does not require an external address or external SSL certificate. When StorageZones Controller is configured with an internal-only address, users must connect to the company network or VPN to access documents in the restricted zone.
Email notifications from your mail server: When users receive e-mail notifications about shared files and folders in a restricted zone, the e-mail is sent from your internal mail server instead of a ShareFile server.
Differences between standard and restricted zones
|Properties||Standard zones||Restricted zones|
|StorageZone servers can be managed by…||Citrix or you||you|
|User authentication is handled by…||
||a combination of
|Files can be shared with…||employees and third party users (that is, anyone with an email address)||employees or other users who have a domain account|
|File and folder metadata stored in the ShareFile control plane is…||stored in clear text, visible to some Citrix employees||encrypted with your private keys, which are not available to Citrix|
|Email notifications are sent using…||ShareFile mail servers or your SMTP servers||your SMTP servers|
|An external address for the zone is…||required||not required|