Configure ShareFile in Citrix Cloud with storage located on-premises.

In this article, we will review how to configure Citrix ShareFile(Content & Collaboration) in Citrix Cloud with StorageZones located on-premises.

Make sure to catch up this series' previous posts first!

 

What is ShareFile in Citrix Cloud?

ShareFile is a cloud-based file sharing service that enables users to easily and securely exchange documents. ShareFile is now integrated with Citrix Cloud, which means that you can manage ShareFile directly from the Citrix Cloud admin console. With ShareFile, Citrix provides and manages a default storage location hosted in Azure. It is also possible to manage your own storage locations. Those locations are called StorageZones for ShareFile Data. The StorageZones that you maintain can reside in your on-premises single-tenant storage system or in supported third-party cloud storage, such as Amazon S3 or Microsoft Azure. In this lab, we are going to setup ShareFile to connect to our on-premises storage to be able to access our corporate data from the GUI without having to move it to the Cloud.

Note: this setup is the most common in the Enterprise world because large organizations are reluctant to move data to the Cloud.

Architecture

Configure Citrix ShareFile with on-premises StorageZone - Architecture Lab 36
Configure Citrix ShareFile with on-premises StorageZone – Architecture Lab 36

Getting started

For this part of the lab, you will need to following:

  • Citrix Cloud account
  • Local infrastructure with an empty network share
  • Local server running Windows Server with IIS7 installed and DOTNET4.5 to host the Citrix Storage Zone Controller software
  • Citrix StorageZones must be available from Internet. You must have a valid SSL certificate to install in IIS7. Here we will use an existing certificate (created for lab.citrixguru.com) and use the port 5000 for Sharefile.
  • NetScaler installed and configured. We will use NetScaler to proxy the connection to ShareFile StorageZones Controller located on premises.
  • AAA – Application Traffic feature must be enabled
  • AD Service Account for Sharefile with Enterprise Admins permissions and the permissions on the network share

You will learn:

  • How to request a trial for ShareFile
  • How to install Citrix StorageZone Controller software
  • How to configure NetScaler for ShareFile
  • How to configure an alternative port for the communication between Citrix Cloud and your StorageZone Controller
  • How to customize ShareFile
  • How to create new users and admins in ShareFile
  • How to configure LDAPS in the ShareFile NetScaler configuration
  • How to configure SSL for the StorageZone Controller

Configure ShareFile in Citrix Cloud

Go to Citrix Cloud, select ShareFile and request a trial.

Select your region (here: USA) check the box to confirm that you know you can’t change that later.

ShareFile GEO location - USA or EU
ShareFile GEO location – USA or EU

Then pick a subdomain for sharefile. Here we will use citrixguru.sharefile.com.

Note: you can change that later.

You will have to wait a little, and then you are going to get an email to confirm that the trial has been approved.

In Citrix Cloud, click on Manage under ShareFile.

ShareFile Trial
ShareFile Trial

You are IN!

Welcome to ShareFile
Welcome to ShareFile

Here is the ShareFile dashboard in Citrix Cloud.

ShareFile Dashboard
ShareFile Dashboard

The first thing to do is to create a new admin account. Go to People > Manage Users Home.

Then select Create Employee.

ShareFile - create a new user
ShareFile – create a new user

Enter name, password and an email address.

ShareFile - create a new user - basic info
ShareFile – create a new user – basic info

No need to assign folders yet.

ShareFile - create a new user - folder assignment
ShareFile – create a new user – folder assignment

Assign full permissions to this user.

ShareFile - create a new user - permissions
ShareFile – create a new user – permissions

New sharefile user is created.

ShareFile - create a new user - created
ShareFile – create a new user – created

Citrix ShareFile StorageZones Controller

The next step is to download Citrix ShareFile StorageZones Controller software.

Go to Citrix Downloads and download Citrix StorageZones Controller. The latest version available at this time is 5.3.1.

Citrix ShareFile StorageZones Controller download
Citrix ShareFile StorageZones Controller download

Note: you need to install IIS7 and ASP.NET role for IIS to be able to install the software from Citrix.

Citrix ShareFile StorageZones Controller requirements
Citrix ShareFile StorageZones Controller requirements

Here is the install procedure.

Citrix ShareFile StorageZones Controller setup 01
Citrix ShareFile StorageZones Controller setup 01
Citrix ShareFile StorageZones Controller setup 02
Citrix ShareFile StorageZones Controller setup 02
Citrix ShareFile StorageZones Controller setup 03
Citrix ShareFile StorageZones Controller setup 03

Last step of the install is to reboot.

Citrix ShareFile StorageZones Controller setup 04
Citrix ShareFile StorageZones Controller setup 04

You can now access the UI with this link : http://localhost/ConfigService/login.aspx.

Install SSL certificate for Citrix ShareFile StorageZones Controller

We need to secure the StorageZones Controller with a SSL certificate.

You just need to import your internally trusted SSL/TLS certificate in IIS on the server where StorageZones Controller is installed.

Here I have imported a wildcard certificate trusted by my citrixguru.lab CA. Easier!

Citrix ShareFile StorageZones Controller - Secure with SSL
Citrix ShareFile StorageZones Controller – Secure with SSL

Then you should be able to reach the website using HTTPS with no warning.

Citrix ShareFile StorageZones Controller - Secured with SSL
Citrix ShareFile StorageZones Controller – Secured with SSL

Create a new Zone

Go to the StorageZones Controller UI, ex: https://dmzco01.citrixguru.lab/ConfigService/login.aspx.

Logon with an admin account and enter your ShareFile Account URL.

Citrix ShareFile StorageZones Controller - Create a new Zone
Citrix ShareFile StorageZones Controller – Create a new Zone

Select Create new zone. The name of the zone will appear in Citrix Cloud.

Citrix ShareFile StorageZones Controller - Configure a new Zone
Citrix ShareFile StorageZones Controller – Configure a new Zone

The external address is the public URL to reach your StorageZone. We are going to create the setup in NetScaler later in this article.

Next, enable StorageZone for ShareFile Data.

Enter the location of your share, and the AD account ShareFile will use to perform actions.

Citrix ShareFile StorageZones Controller - Configure the network share
Citrix ShareFile StorageZones Controller – Configure the network share

Enable StorageZone Connector for Network File Shares.

Citrix ShareFile StorageZones Controller - Configure the network share 2
Citrix ShareFile StorageZones Controller – Configure the network share 2

Enter a password for the encryption of the share.

Citrix ShareFile StorageZones Controller - Configure encryption password
Citrix ShareFile StorageZones Controller – Configure encryption password

Then click Register. The StorageZone has been created.

Citrix ShareFile StorageZones Controller - Zone created
Citrix ShareFile StorageZones Controller – Zone created

You can check in Citrix Cloud. There is a new StorageZone available. The StorageZone is not reachable from Citrix Cloud yet. Therefore there is no data available in the Dashboard.

Citrix ShareFile StorageZones Controller - Zone available in Citrix Cloud
Citrix ShareFile StorageZones Controller – Zone available in Citrix Cloud

ShareFile will modify the share for encryption and the zone configuration.

Citrix ShareFile StorageZones Controller - Share modified
Citrix ShareFile StorageZones Controller – Share modified

The monitoring tab contains more details about the health of the zone.

Citrix ShareFile StorageZones Controller - Monitoring
Citrix ShareFile StorageZones Controller – Monitoring

Configure NetScaler for ShareFile

Note: for this part AAA – Application Traffic feature must be enabled.

As mentioned before in this article, StorageZones must be reachable from Internet. There is no Cloud Connector here to bridge with Citrix Cloud. By default, ShareFile requires HTTPS on the port 443, but for this lab we are going to configure ShareFile to use the port 5000.

Go to your NetScaler(s) managing external connections and browse to Traffic Management.

Then select Setup NetScaler for ShareFile.

NetScaler for ShareFile - Setup
NetScaler for ShareFile – Setup

NetScaler has a wizard to create the configuration required for ShareFile.

Enter an IP address available and a name for the new Content Switching LB virtual server.

Make sure to check the StorageZones Connector box.

NetScaler for ShareFile - Setup Content Switching Virtual Server
NetScaler for ShareFile – Setup Content Switching Virtual Server

Next step is to select the TLS/SSL certificate associated with this deployment. For this example, we already have a SSL certificate imported in NetScaler.

NetScaler for ShareFile - Setup external TLS certificate
NetScaler for ShareFile – Setup external TLS certificate

Note: this certificate must be a public certificate trusted by a public Certificate Authority.

NetScaler for ShareFile - Add StorageZone Controller
NetScaler for ShareFile – Add StorageZone Controller

Select Add New StorageZone Controller and enter the IP address of the server where StorageZones Controller is installed.

Select 443 and https. Reminder: we have installed a TLS certificate on that server earlier in this article.

NetScaler for ShareFile - Configure StorageZone Controller
NetScaler for ShareFile – Configure StorageZone Controller

The StorageZones Controller server is imported in the configuration.

NetScaler for ShareFile - Configure StorageZone Controller 2
NetScaler for ShareFile – Configure StorageZone Controller 2

Next in the wizard, we have to configure a LDAP server for authentication.

The IP entered is a Domain Controller in my lab. I have also selected SSL and 636 because we are going to use secure protocol.

NetScaler for ShareFile - Configure LDAP
NetScaler for ShareFile – Configure LDAP

Next step is to configure the SSO domain, base DN, Administrator Bind DN and the logon Name. You can use the same service account created for ShareFile.

NetScaler for ShareFile - Configure LDAP 2
NetScaler for ShareFile – Configure LDAP 2

Click on Done to submit the wizard. NetScaler will apply the settings.

NetScaler for ShareFile - Configured
NetScaler for ShareFile – Configured

NetScaler has created Virtual Servers, policies, etc. Here is how it looks like for me.

NetScaler for ShareFile - Virtual Servers configuration
NetScaler for ShareFile – Virtual Servers configuration
NetScaler for ShareFile - Services configuration
NetScaler for ShareFile – Services configuration
NetScaler for ShareFile - Content Switching configuration
NetScaler for ShareFile – Content Switching configuration
NetScaler for ShareFile - Auth configuration
NetScaler for ShareFile – Auth configuration

There are few things to modify as we switched to LDAPS instead of LDAP.

Go to AAA -> Virtual Servers. Select the Server Certificate.

NetScaler for ShareFile - Switch to LDAPS 1
NetScaler for ShareFile – Switch to LDAPS 1

The certificate currently bound is CitrixGuru-Public and we need to change it to our certificate trusted by our local CA.

NetScaler for ShareFile - Switch to LDAPS 2
NetScaler for ShareFile – Switch to LDAPS 2
NetScaler for ShareFile - Switch to LDAPS 3
NetScaler for ShareFile – Switch to LDAPS 3

Go to Security > Policies > Authentication > Basic Policies > LDAP.

NetScaler for ShareFile - Switch to LDAPS 4
NetScaler for ShareFile – Switch to LDAPS 4

Select IP_LDAP_pol. And select the modify button.

NetScaler for ShareFile - Switch to LDAPS 5
NetScaler for ShareFile – Switch to LDAPS 5

Make sure it is configured as below (SSL and 636).

NetScaler for ShareFile - Switch to LDAPS 6
NetScaler for ShareFile – Switch to LDAPS 6

You can validate LDAP by clicking on the Test LDAP Reachability button.

NetScaler for ShareFile - Switch to LDAPS 7
NetScaler for ShareFile – Switch to LDAPS 7

Below is the final configuration to setup ShareFile in NetScaler manually.

Configure NAT in your router

443 is already used for NetScaler Gateway in my lab and I only have 1 public IP address, therefore I need to NAT the ShareFile address to use a different port externally.

For this article we will use the port 5000.  I created the following configuration.  Internally the communication will use the port 443 but from Citrix Cloud to my network, it will communicate on port 5000.

Configure NAT for ShareFile
Configure NAT for ShareFile

192.168.1.25 is the IP of the Content Switching virtual server created by the NetScaler wizard for ShareFile.

Validate the configuration

Go to the ShareFile console in Citrix Cloud. Go to Settings > Admin settings > StorageZones and select the StorageZone that you created.

Communication between ShareFile and the StorageZone Controller
Communication between ShareFile and the StorageZone Controller

If you can see some data here, that means that Citrix Cloud can communicate properly with your on-premises ShareFile StorageZone Controller.

Now that we have a working local StorageZone, we can disable the Azure location provided by Citrix.

ShareFile - Disable Citrix managed StorageZone
ShareFile – Disable Citrix managed StorageZone

Citrix Cloud will automatically move the data to the local StorageZone we created on-premises. 

Branding

You can change the branding of ShareFile by browsing to Settings > Admin Settings > Company Account Info > Edit Company Branding.

ShareFile - Branding configuration
ShareFile – Branding configuration

On the same page, you can change/add your sharefile subdomain.

ShareFile - Branding configuration 2
ShareFile – Branding configuration 2

See below how it looks like.

ShareFile - Branding configuration 3
ShareFile – Branding configuration 3

And the dashboard.

 ShareFile - Branding configuration 4
ShareFile – Branding configuration 4

Test Citrix ShareFile

To validate ShareFile, you can connect to http://citrixguru.sharefile.com or install the ShareFile Desktop app on your computer. Or install the ShareFile app on your phone.

See below the Desktop App.

ShareFile Desktop App - Install
ShareFile Desktop App – Install
ShareFile Desktop App - Install 2
ShareFile Desktop App – Install 2
ShareFile Desktop App - Logon
ShareFile Desktop App – Logon

You can see all the files, workflows, etc available from the StorageZone located on-premises, download and upload data.

ShareFile Desktop App
ShareFile Desktop App

The web version for ShareFile also provides the same experience.

ShareFile Web App
ShareFile Web App

That’s all to configure ShareFile in Citrix Cloud to connect to local storage located on-premises. I hope it this article helped you to have a better understanding of ShareFile and its components.

Make sure to catch up this series' previous posts first!