年代ystem requirements

年代torage zones controller

• A dedicated physical or virtual machine with 2 CPUs and 4 GB RAM
• Windows Server 2012 R2 (Datacenter, Standard, or Essentials)
• Windows Server 2016
• Windows Server 2019

For standard storage zones:

• Use a publicly resolvable Internet host name (not an IP address).
• Enable SSL for communications with ShareFile.
  • The SSL certificate on the storage zones controller must be trusted by user devices and ShareFile web servers. If you use SSL directly with IIS, refer tohttp://support.microsoft.com/kb/298805for information about configuring SSL.
• Allow inbound TCP requests on port 443 through your firewall.
• Allow outbound TCP requests to the ShareFile control plane on port 443 through your firewall.
  • Click here for a detailed list of IP ranges and domains.

For the server health check used only for storage zones for ShareFile Data:

• Open port 80 on the localhost.

For a high availability production environment:

• A minimum of two servers with storage zones controller installed.

• If you are not using DMZ proxy servers, install an SSL certificate on the IIS service.

  For information about supported certificates, see the certificate requirements for standard zones above.

For a DMZ proxy deployment:

• One or more DMZ proxy servers, such as Citrix ADC VPX instances.

• For a DMZ proxy server that terminates the client connection and uses HTTP, install an SSL certificate on the proxy server.

  如果DMZ中代理服务器之间的通信the storage zones controller are secure, you can use HTTP. However, HTTPS is recommended as a best practice. If you use HTTPS, you can use a private (Enterprise) certificate on the storage zones controller if it is trusted by the DMZ proxy. The external address exposed by the DMZ proxy must use a commercially trusted certificate. For information about supported certificates, see the certificate requirements for standard zones above.

Other requirements

• The storage zones controller installer requires administrative privileges.
• For remote administration of storage zones controller, use a remoting protocol, such as RDP or Citrix ICA, to connect to the server and then open the storage zones controller console.

年代upported third-party storage systems

• Amazon Simple Storage Service (Amazon S3)
• Microsoft Azure

年代upported Data Loss Prevention solutions

• 年代torage zones controller integrates with any ICAP-compliant DLP solution, including:
  • 年代ymantec Data Loss Prevention
  • McAfee DLP Prevent
  • Websense TRITON AP-DATA
  • RSA Data Loss Prevention

年代torage zones for ShareFile Data

年代torage zones for ShareFile Data is an optional feature that you enable on a storage zones controller.

Requirements:

• 年代hareFile Enterprise account, with the storage zone feature enabled
• A ShareFile user account that includes permission to create and manage zones
• A CIFS share for private data storage

If you plan to store ShareFile files in a supported third-party storage system, the CIFS share is used for temporary files (encryption keys, queued files) and as a temporary storage cache.

• The Web Server (IIS) role and ASP.NET 4.x. For more information, seePrepare your server for ShareFile data.

Note: Access to a ShareFile account from an FTP client is not compatible with storage zones for ShareFile Data.

年代torage zone connector for SharePoint

年代torage zone connector for SharePoint is an optional feature that you enable on a storage zones controller.

Requirements:

• 年代hareFile Enterprise account, with the storage zone feature enabled, or Citrix Endpoint Management.
• OnlyMicrosoft SharePoint Server 2010 and newerare supported.
• The storage zones controller server must be a domain member, in the same forest as the SharePoint server.
• The Web Server (IIS) role and ASP.NET 4.x. For more information, seePrepare your server for ShareFile data.
• 年代harePoint policies:
  • The default maximum upload file size for a Web application in SharePoint 2013 is 250 MB and in SharePoint 2010 is 50 MB. To change the default: In SharePoint Central Administration, go to the Web Application General Settings page and change the Maximum Upload Size. The upload file size limit for SharePoint is 2 GB.
  • 年代hareFile clients always attempt to check in a major version (publish) of a file. However, SharePoint policies determine whether a file is checked in as a major or minor version.
  • The SharePoint View-Only permission does not enable a user to download files. To read a file from a ShareFile client, a SharePoint user must have Read permission.
• User devices: For the latest information about user device support for storage zone connectors, refer to the年代hareFile Knowledge Base.

年代torage zone connector for SharePoint authentication

After authenticating the user, the storage zones controller server makes connections to the SharePoint server on the authenticated user’s behalf and responds to authentication challenges presented by the SharePoint server. Storage zone connector for SharePoint supports the following authentication methods on the SharePoint server.

• Basic

  Requires that you add<添加关键= " CacheCredentials " value = " 1 " \ >toC:\inetpub\wwwroot\Citrix\StorageCenter\sp\AppSettingsRelease.config.

• Negotiate (Kerberos)

• Windows Challenge/Response (NTLM)

ShareFile移动客户端使用基本身份验证over HTTPS to authenticate to the storage zones controller or DMZ proxy. Single sign-on to SharePoint is governed by the authentication requirements set on the SharePoint server. To use Kerberos or NTLM authentication on the SharePoint server:Configure the domain controller to trust the storage zones controller for delegation.

If your SharePoint server is configured for Kerberos authentication: Configure a service principal name (SPN) for the named user service accounts for the SharePoint server application pool. For more information, see “Configure trust for delegation for Web parts” inhttp://support.microsoft.com/kb/832769.

For deployments with Citrix ADC, it is possible to terminate basic authentication at the Citrix ADC and then perform other types of authentication to the storage zones controller.

年代torage zone connector for Network File Shares

年代torage zone connector for Network File Shares is an optional feature that you enable on a storage zones controller.

Requirements:

• 年代hareFile Enterprise or Citrix Endpoint Management account.
• The storage zone connector server must be a domain member, in the same forest as the network file servers.
• The Web Server (IIS) role and ASP.NET 4.x. For more information, seePrepare your server for ShareFile data.
• User devices: For the latest information about user device support for storage zone connectors, see the年代hareFile Knowledge Base.

Connector for Network File Shares authentication

After authenticating the user, the storage zones controller server makes connections to the network file server on the authenticated user’s behalf and responds to authentication challenges presented by the file server. Storage zone connector for Network File Shares supports the following authentication methods on the file server.

• Negotiate (Kerberos)
• Windows Challenge/Response (NTLM)

To use Kerberos or NTLM authentication on the storage zones controller:Configure the domain controller to trust the storage zones controller for delegation.

For deployments with Citrix ADC: To provide users with a single sign-on experience when Citrix ADC is configured for basic authentication, configure the connector for both Negotiate (Kerberos) and NTLM authentication.

PowerShell scripts and commands

The storage zones controller installation includes several PowerShell scripts and commands, located inC:\inetpub\wwwroot\Citrix\StorageCenter\Tools\.

• Run the scripts in the 32-bit (x86) version of PowerShell.

• For best results, upgrade to PowerShell 4.0, included withWindows Management Framework.

  PowerShell 2.0 causes significant problems due to compatibility issues with .NET Framework 4.