Product Documentation

What's new

Dec 22, 2015

What's new in release 3.0.1

  • Support for user accounts in a trusted Active Directory domain. StorageZones Controller now supports user accounts that are in a different domain from the controller server. When you create a restricted zone, you specify the service account credentials that enable StorageZones Controller to connect to the trusted Active Directory domain server for email address lookup.
  • Performance improvements. Performance has improved for operations in restricted zones.
  • Upgrades from StorageZones Controller 2.x. Upgrades to StorageZones Controller 3.0.1 from StorageZones Controller 2.x and 3.0 are fully supported. (StorageZones Controller 3.0 was intended for new zones only.)

Fixed issues in release 3.0.1

  • You cannot join a secondary StorageZones Controller to a zone in which the primary StorageZones Controller was upgraded from release 21.x to 3.0. [#SFSZP-307]
  • The Get-SfConfig command does not back up SMTP settings for restricted zones. [#SFSZP-94]
  • The Request a File feature fails when the destination folder is part of a restricted StorageZone and the Require recipients to log in option is enabled. [#SFSZP-108]
  • Uploads to StorageZones Controller fail for file names that contain non-English characters. [#SFSZP-133]
  • Successful uploads to a StorageZone Connector from a Windows Phone show a file size of zero. [#SFSZP-147]
  • Authentication to a restricted zone fails if the user account and StorageZones Controller server are in different domains. [#SFSZP-148]
  • When a user requests a file from a restricted zone, the folder name that displays is encrypted. [#SFSZP-244]
  • A File Exists exception occurs if a file that already exists in persistent storage is added to the copy queue. The new file does not overwrite the existing file and remains in the copy queue. [#SFSZP-246]
  • The delete service does not always save the latest version of a file. [#SFSZP-247]
  • Forward slashes in uploaded file names are removed. For example, uploading a file with a local path such as uploads/image.gif results in the file name uploadsimage.gif. [#SFSZP-254]
  • A downloaded file name is corrupted if the file name contains Unicode characters and the file is downloaded using Internet Explorer 11. [#SFSZP-263]
  • The error “Unknown failure” appears if you create a zone without enabling Connectors and then subsequently modify the zone to enable them. [#SFSZP-271]
  • After you specify NTLM authentication in the SMTP server settings for a restricted zone, the error “Invalid URI: The URI scheme is not valid” appears when you send a test email. [#SFSZP-275]
  • The delete service is unable to process the queue when there is a corrupted file in the queue. [#SFSZP-278]

Features not in release 3.0.1

These features are not supported for restricted zones:

  • ShareFile HTML Standard Uploader and Flash Uploader
  • Favorites folders
  • Search results do not include files from restricted zones

Restricted zones do not support the following operations:

  • Copy or move files between standard StorageZones and restricted StorageZones using the ShareFile web interface
  • Copy a folder within a restricted zone using the ShareFile web application
  • Re-upload files
These ShareFile clients do not support restricted zones as of the publication date of this article:
Note: For the latest information about ShareFile client capabilities, see the ShareFile support site or contact your ShareFile support representative.
  • Off-domain use of ShareFile Outlook Plug-in

    The clients must be on a domain-joined Windows desktop that is in the same Active Directory forest as the StorageZones Controller server. Clients can use NTLM or Kerberos for silent authentication to a restricted zone.

  • ShareFile Enterprise Sync Manager
  • ShareFile for BlackBerry
  • ShareFile Desktop Widget
  • Sharefile mobile website

The following alternative account access methods are not supported for use with restricted StorageZones:

  • FTP
  • Powershell
  • ShareFile Command Line Interface (SFCLI)
  • HTTPS API (V1)
  • WebDav
  • SMTP

Known issues in release 3.0.1

For restricted zones

  • A disabled restricted zone does not appear in the ShareFile web interface under Admin > StorageZones. [#SFSZP-277]
  • ShareFile Sync for Windows has these issues when used with restricted zones:
    • New files or folders that you create in Favorites appear instead in the top level folder. [#129180]
    • When a local sync moves a Favorites folder to a new location, the folder continues to appear in its original location. [#128571]
  • You cannot use the ShareFile web application to perform the following actions:
    • Send files directly from the File Box page [#SFWEB-921]
    • Download files from the File Box page [#SFWEB-805]
    • Designate a folder in a restricted StorageZone as a favorite [#SFWEB-789]
    • Create CIFS and SharePoint connectors, if the restricted zone uses a private address [#SFWEB-629]
    • Copy or move files and folders in a restricted StorageZone [#SFWEB-559]
  • Encrypted folder names are shown if an employee's folder access report includes folders from a restricted StorageZone. [#SFWEB-824]
  • You cannot use RightSignature app integration to sign files in a restricted StorageZone. [#SFWEB-785]
  • You cannot store multiple versions per file for files in a restricted StorageZone. [#SFWEB-623]
  • You cannot migrate an employee to a different zone if that employee's default StorageZone is a restricted zone. Existing employees cannot be migrated to a restricted StorageZone. [#SFWEB-547]
  • Uploads to a restricted StorageZone fail when the file name includes special characters. [#SFSZP-142]
  • If the option to enable ShareFile StorageZones data is not enabled during the initial zone registration, a restricted StorageZone cannot be created later. [#SFSZP-20]
  • Items in a restricted StorageZone do not appear in search results. [#SFSRCH-5]
  • Sending or requesting restricted StorageZone files with the ShareFile Outlook Plugin fails if the Require recipients to log in option is enabled. [#SFOLP-78]
  • Files and folders in a restricted StorageZone cannot be deleted if the WebDav module is enabled on the StorageZones Controller. [#SFAPI-319]

General

  • By design, configuration changes to a StorageZones Controller are not propagated to other Controllers in the same StorageZone. After any configuration change, be sure to restart the IIS server on the primary and secondary servers and then log into the configuration page on each server.
  • For allowed and denied paths, long-form URL paths to SharePoint folders are not always enforced. Use the short form instead. [#25318]

    Example short URL path: https://sharepoint2013.sfonprem.com/sites/QATest/_layouts/15/start.aspx#/Doc%20Library%201/Folder one/

    In the long version of that same URL, Folder one is expanded to Forms/AllItems.aspx?RootFolder=%xxx.

  • SharePoint documents are truncated if StorageZones Controller and SharePoint share the same XenServer host and the network adapter setting Large Send Offload is enabled on the SharePoint server. To work around this issue, disable Large Send Offload on the SharePoint server or disable Large Receive Offload on the StorageZones Controller server. [#17103]
  • If your StorageZones Controller is behind a proxy server configured with Basic or Windows Challenge/Response (NTLM) authentication, you cannot set up Azure storage for your ShareFile StorageZone data. To use Azure storage for StorageZone data, configure the proxy server for Anonymous authentication. [#105283]
  • The ShareFileURL registry entry is not updated after you change your ShareFile subdomain. To work around this issue, update the value of the following ShareFileURL entries on each StorageZones Controller server: [#102158]

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\StorageCenter\ShareFileURL

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\StorageZone\ShareFileURL

What's new in StorageZones Controller 3.0

Restricted zones

StorageZones Controller 3 offers an additional level of protection that enables you to keep sensitive data within your organization. You can now create restricted StorageZones, which are private areas accessible only to your employees.

The following table summarizes the differences between standard and restricted zones.

Properties Standard zones Restricted zones
StorageZone servers can be managed by… Citrix or you you
User authentication is handled by… ShareFile.com or ShareFile.eu a combination of ShareFile.com or ShareFile.eu plus your on-premises StorageZones Controller
Files can be shared with… employees and third party users (that is, anyone with an email address) employees or other users who have a domain account
File and folder metadata stored in the ShareFile control plane is… stored in clear text, visible to some Citrix employees encrypted with your private keys, which are not available to Citrix
Email notifications are sent using… ShareFile mail servers or your SMTP servers your SMTP servers
An external address for the zone is… required not required
Important: Existing customers please note:

For restricted StorageZones functionality, you must create a new StorageZone. You cannot currently convert an existing zone to a restricted zone.

Restricted zones have the following features:

  • Zone authentication – In addition to logging on to ShareFile, users must authenticate separately to the StorageZones Controller to access documents stored in a restricted zone. Directory lookup ensures that the user logging on to ShareFile is the same one authenticating to the zone.

    This extra authentication requirement limits sharing. Documents can be shared only with others who have access to the StorageZones Controller and who can authenticate using enterprise credentials. In a restricted zone, files cannot be shared anonymously. Users must be granted permission to view a file and must always log on to receive a shared file.

  • Metadata encryption – All information about files and folders in the zone is encrypted with your key before being sent to ShareFile. As a result, no one outside of your organization can see folder or file names in restricted zones. Access to encryption keys, decrypted files, and metadata is available only through enterprise authentication to StorageZones Controller.
  • Internal address for StorageZones Controller – For a restricted zone, authorization occurs between StorageZones Controller and ShareFile clients instead of between StorageZones Controller and the ShareFile cloud. As a result, a StorageZones Controller that hosts restricted zones does not require an external address or external SSL certificate.

    When StorageZones Controller is configured with an internal-only address, users must connect to the company network or VPN to access documents in the restricted zone.

  • Email notifications from your mail server – When users receive e-mail notifications about shared files and folders in a restricted zone, the e-mail is sent from your internal mail server instead of a ShareFile server.

To configure a restricted zone, install a StorageZones Controller and create the zone, as described in Install StorageZones Controller and create a StorageZone.

Connectors in the ShareFile web interface

Users can now work with StorageZone Connectors for Network File Shares and StorageZone Connectors for SharePoint from the ShareFile web interface: Upload and download files, create and delete connectors, and browse connectors like folders. Web access to Personal Cloud Connectors and Office 365 Connectors is not available.

Connector browsing is disabled by default. To enable it, please contact your ShareFile support representative.

Fixed issues in release 3.0

  • In some situations, the Save button is labeled Register. [#8138]

Features not in release 3.0

These features are not supported for restricted zones:

  • ShareFile HTML Standard Uploader and Flash Uploader
  • Favorites folders
  • Search results do not include files from restricted zones

Restricted zones do not support the following operations:

  • Copy or move files between standard StorageZones and restricted StorageZones using the ShareFile web interface
  • Copy a folder within a restricted zone using the ShareFile web application
  • Re-upload files
These ShareFile clients do not support restricted zones as of the publication date of this article:
Note: For the latest information about ShareFile client capabilities, see the ShareFile support site or contact your ShareFile support representative.
  • Off-domain use of ShareFile Outlook Plug-in

    The clients must be on a domain-joined Windows desktop that is in the same Active Directory forest as the StorageZones Controller server. Clients can use NTLM or Kerberos for silent authentication to a restricted zone.

  • ShareFile Enterprise Sync Manager
  • ShareFile for BlackBerry
  • ShareFile Desktop Widget
  • Sharefile mobile website

The following alternative account access methods are not supported for use with restricted StorageZones:

  • FTP
  • Powershell
  • ShareFile Command Line Interface (SFCLI)
  • HTTPS API (V1)
  • WebDav
  • SMTP

Known issues in release 3.0

For restricted zones

  • To install the Outlook Plug-in on Windows Server 2008 R2 with User Access Control enabled, run the installer as administrator. [#127484]
  • ShareFile Sync for Windows has these issues when used with restricted zones:
    • New files or folders that you create in Favorites appear instead in the top level folder. [#129180]
    • When a local sync moves a Favorites folder to a new location, the folder continues to appear in its original location. [#128571]
  • You cannot use the ShareFile web application to perform the following actions:
    • Send files directly from the File Box page [#SFWEB-921]
    • Download files from the File Box page [#SFWEB-805]
    • Designate a folder in a restricted StorageZone as a favorite [#SFWEB-789]
    • Create CIFS and SharePoint connectors, if the restricted zone uses a private address [#SFWEB-629]
    • Copy or move files and folders in a restricted StorageZone [#SFWEB-559]
  • Encrypted folder names are shown if an employee's folder access report includes folders from a restricted StorageZone. [#SFWEB-824]
  • You cannot use RightSignature app integration to sign files in a restricted StorageZone. [#SFWEB-785]
  • You cannot store multiple versions per file for files in a restricted StorageZone. [#SFWEB-623]
  • You cannot migrate an employee to a different zone if that employee's default StorageZone is a restricted zone. Existing employees cannot be migrated to a restricted StorageZone. [#SFWEB-547]
  • Authentication to a restricted zone fails if the user account and StorageZones Controller server are in different domains. [#SFSZP-148]
  • Uploads to a restricted StorageZone fail when the file name includes special characters. [#SFSZP-142]
  • The Request a File feature fails when the destination folder is part of a restricted StorageZone and the Require recipients to log in option is enabled. [#SFSZP-108]
  • If the option to enable ShareFile StorageZones data is not enabled during the initial zone registration, a restricted StorageZone cannot be created later. [#SFSZP-20]
  • Items in a restricted StorageZone do not appear in search results. [#SFSRCH-5]
  • Sending or requesting restricted StorageZone files with the ShareFile Outlook Plugin fails if the Require recipients to log in option is enabled. [#SFOLP-78]
  • Files and folders in a restricted StorageZone cannot be deleted if the WebDav module is enabled on the StorageZones Controller. [#SFAPI-319]

General

  • By design, configuration changes to a StorageZones Controller are not propagated to other Controllers in the same StorageZone. After any configuration change, be sure to restart the IIS server on the primary and secondary servers and then log into the configuration page on each server.
  • For allowed and denied paths, long-form URL paths to SharePoint folders are not always enforced. Use the short form instead. [#25318]

    Example short URL path: https://sharepoint2013.sfonprem.com/sites/QATest/_layouts/15/start.aspx#/Doc%20Library%201/Folder one/

    In the long version of that same URL, Folder one is expanded to Forms/AllItems.aspx?RootFolder=%xxx.

  • SharePoint documents are truncated if StorageZones Controller and SharePoint share the same XenServer host and the network adapter setting Large Send Offload is enabled on the SharePoint server. To work around this issue, disable Large Send Offload on the SharePoint server or disable Large Receive Offload on the StorageZones Controller server. [#17103]
  • If your StorageZones Controller is behind a proxy server configured with Basic or Windows Challenge/Response (NTLM) authentication, you cannot set up Azure storage for your ShareFile StorageZone data. To use Azure storage for StorageZone data, configure the proxy server for Anonymous authentication. [#105283]
  • The ShareFileURL registry entry is not updated after you change your ShareFile subdomain. To work around this issue, update the value of the following ShareFileURL entries on each StorageZones Controller server: [#102158]

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\StorageCenter\ShareFileURL

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\StorageZone\ShareFileURL