ShareFile is a file sharing service that enables users to easily and securely exchange documents. ShareFile Enterprise provides enterprise-class service and includes StorageZones Controller and the User Management Tool.
ShareFile StorageZones Controller extends the ShareFile Software as a Service (SaaS) cloud storage by providing your ShareFile account with private data storage, referred to as StorageZones for ShareFile Data. StorageZones Controller also provides users with secure access to SharePoint sites and network file shares through StorageZone Connectors. The StorageZones for ShareFile Data and StorageZone Connectors features are optional.
Quick links to topic sections:
The following diagram shows the key components in a high-availability deployment.
The components are:
ShareFile control subsystem — Maintained in Citrix Online data centers, the ShareFile control subsystem handles all operations not related to file contents, such as authentication, authorization, file browsing, configuration, metadata handling, sending and requesting files, and load balancing. The control subsystem also performs StorageZones health checks and prevents off-line servers from sending requests.
StorageZones Controller — StorageZones Controller can host a private ShareFile storage subsystem for your data. The ShareFile storage subsystem handles operations related to file contents such as uploads, downloads, and antivirus verification. StorageZones Controller has a Web service that handles all HTTPS operations from end users and the ShareFile control subsystem. A high-availability deployment includes two or more StorageZones Controllers.
StorageZones for ShareFile Data — The StorageZones for ShareFile Data feature provides private data storage: You can store data in an on-premises CIFS share that you manage or in a Windows Azure storage container. Either storage option requires a network share for your private data such as encryption keys, queued files, and other temporary items. Use of Windows Azure storage also uses the network share for a temporary storage cache. Each StorageZones Controller in a zone must use the same CIFS share.
This figure shows the key components when Windows Azure storage is used.
ShareFile Enterprise administrators can choose the per-folder storage location, either ShareFile-managed cloud storage or your private data storage. This feature enables you to optimize performance by locating data close to the users. It also enables you to address data sovereignty and compliance requirements.
StorageZone Connectors — StorageZone Connectors give mobile users secure access to documents on specified network file shares and to SharePoint sites, site collections, and document libraries.
StorageZones Controllers store file share names only, not file share data or credentials.
StorageZone Connectors is enabled on a StorageZones Controller and integrates with ShareFile Enterprise subdomains. You can deploy StorageZone Connectors in the same zone as StorageZones for ShareFile Data. However, StorageZones for ShareFile Data is not required to use StorageZone Connectors.
StorageZone Connectors are available to sites using ShareFile Enterprise or Citrix XenMobile. Permissions for read/write access are determined by the ShareFile plan: ShareFile Enterprise Edition and XenMobile Enterprise Edition support read/write access. XenMobile MDM Edition and XenMobile App Edition support read access only.
By default, ShareFile stores data in the secure ShareFile-managed cloud storage. The StorageZones for ShareFile Data feature enables you to use private data storage, either an on-premises CIFS share that you manage or a Windows Azure storage container. StorageZones Controller enables you to optimize performance by locating data storage close to users and enables you to control storage for compliance purposes.
High availability requires at least two StorageZones Controllers per StorageZone. A StorageZone must use a single file share for all of its StorageZones Controllers.
Based on your organization’s performance and compliance requirements, consider the number of StorageZones you need and where to best locate them. For example, if you have users in Europe, storing the files in a StorageZones Controller located in Europe provides both performance and compliance benefits. In general, assigning users to the StorageZone that is closest to them geographically is the best practice for optimizing performance.
ShareFile offers these storage options:
Your organization may need to meet specific security standards to satisfy regulatory requirements. This topic does not cover this subject, because such security standards change over time. For up-to-date information on security standards and Citrix products, consult http://www.citrix.com/security/, or contact your Citrix representative.
Security best practices:
The authentication method configured for your ShareFile Enterprise account is used to authenticate users accessing data stored in your StorageZones and on network files shares or SharePoint servers made available through StorageZone Connectors.
If a user needs to use different credentials to access connected files, the user must log out of ShareFile and then log on using the alternate credentials.
ShareFile recommends that you integrate your ShareFile account with third-party authentication, such as Active Directory (AD), using one of the following methods.
For more information, refer to the XenMobile documentation.
ShareFile supports the following SAML IdPs:
When you use a third-party SAML-based federation tool, you can provision user accounts and create distribution groups from AD with the ShareFile User Management Tool. You install the User Management Tool on-premises.
Each edition of Citrix XenMobile includes a different set of ShareFile features.