Configure ShareFile in Citrix Cloud with storage located on-premises.
In this article, we will review how to configure Citrix ShareFile(Content & Collaboration) in Citrix Cloud with StorageZones located on-premises.
More from the Lab!
- Building a Dual-Xeon Citrix Lab: Part 1 – Considerations
- Building a Dual-Xeon Citrix Lab: Part 2 – Hardware
- Building a Dual-Xeon Citrix Lab: Part 3 – Windows and Hyper-V installation
- Lab: Part 4 – Hyper-V Networking
- Lab: Part 5 – NetScaler 11 Architecture and Installation
- Lab: Part 6 – Configure NetScaler 11 High Availability (HA Pair)
- Lab: Part 7 – Upgrade NetScalers in HA
- Lab: Part 8 – Save, Backup and Restore NetScaler 11 configuration
- Lab: Part 9 – Install Microsoft SQL Server 2014 (Dedicated)
- Lab: Part 10 – Citrix Licensing demystified
- Lab: Part 11 – Install XenDesktop 7.6
- Lab: Part 12 – Setup NetScaler 11 Clustering (TriScale)
- Lab: Part 13 – Configure Published Applications with XenDesktop 7.6
- Lab: Part 14 – Citrix StoreFront 3.x
- Lab: Part 15 – Configure SSL in StoreFront
- Lab: Part 16 – StoreFront load balancing with NetScaler (Internal)
- Lab: Part 17 – Optimize and secure StoreFront load balancing with NetScaler (Internal)
- Lab: Part 18 – Secure LDAP (LDAPS) load balancing with Citrix NetScaler 11
- Lab: Part 19 – Configure Active Directory authentication(LDAP) with Citrix NetScaler 11
- Lab: Part 20 – RDP Proxy with NetScaler Unified Gateway 11
- Lab: Part 21 – Secure SSH Authentication with NetScaler (public-private key pair)
- Lab: Part 22 – Ultimate StoreFront 3 customization guide
- Lab: Part 23 – Securing Citrix StoreFront DMZ deployment
- Lab: Part 25 – Upgrade to Citrix StoreFront 3.7
- Lab: Part 26 – Install/Upgrade Citrix XenDesktop 7.11
- Lab: Part 27 – Getting started with Microsoft Azure
- Lab: Part 28 – Getting started with Citrix Cloud
- Lab: Part 29 – Configure XenDesktop And XenApp Service with Microsoft Azure and Citrix Cloud
- Lab: Part 30 – Configure Identity and Access Management in Citrix Cloud with Microsoft Azure AD
- Lab: Part 31 – Configure NetScaler Gateway Service for XenApp and XenDesktop Service in Citrix Cloud
- Lab: Part 32 – Configure MCS with XenDesktop and XenApp Service in Citrix Cloud
- Lab: Part 33 – Configure Azure Quick Deploy with XenDesktop and XenApp Service in Citrix Cloud
- Lab: Part 34 – Configure Site Aggregation for Citrix Workspace in Citrix Cloud with XenDesktop 7.x located on-premises
- Lab: Part 35 – Configure a Hybrid NetScaler MA Service environment in Citrix Cloud
- Lab: Part 36 – Configure ShareFile in Citrix Cloud with StorageZones on-premises
- Lab: Part 37 – Upgrade NetScaler HA pair with NetScaler MA Service in Citrix Cloud
- Lab: Part 38 – How to Configure Full VPN Setup with Citrix NetScaler in CLI
- Lab: Part 39 – Configure Multi-Factor Authentication with Azure MFA Service and Citrix Workspace
- Lab: Part 40 – Getting Started with Citrix App Layering
- Lab: Part 41 – Configure Citrix App Layering
- Lab: Part 42 – OS Layer with Citrix App Layering
- Lab: Part 43 – Platform Layer with Citrix App Layering
- Lab: Part 44 – Application Layers with Citrix App Layering
- Lab: Part 45 – Layered Image Deployment with Citrix App Layering
- Lab: Part 46 – Elastic deployment with Citrix App Layering
- Lab: Part 47 – User Layers with Citrix App Layering
- Lab: Part 48 – Windows 10 and PVS with Citrix App Layering
What is ShareFile in Citrix Cloud?
ShareFile is a cloud-based file sharing service that enables users to easily and securely exchange documents. ShareFile is now integrated with Citrix Cloud, which means that you can manage ShareFile directly from the Citrix Cloud admin console. With ShareFile, Citrix provides and manages a default storage location hosted in Azure. It is also possible to manage your own storage locations. Those locations are called StorageZones for ShareFile Data. The StorageZones that you maintain can reside in your on-premises single-tenant storage system or in supported third-party cloud storage, such as Amazon S3 or Microsoft Azure. In this lab, we are going to setup ShareFile to connect to our on-premises storage to be able to access our corporate data from the GUI without having to move it to the Cloud.
Note: this setup is the most common in the Enterprise world because large organizations are reluctant to move data to the Cloud.
Architecture
Getting started
For this part of the lab, you will need to following:
- Citrix Cloud account
- Local infrastructure with an empty network share
- Local server running Windows Server with IIS7 installed and DOTNET4.5 to host the Citrix Storage Zone Controller software
- Citrix StorageZones must be available from Internet. You must have a valid SSL certificate to install in IIS7. Here we will use an existing certificate (created for lab.citrixguru.com) and use the port 5000 for Sharefile.
- NetScaler installed and configured. We will use NetScaler to proxy the connection to ShareFile StorageZones Controller located on premises.
- AAA – Application Traffic feature must be enabled
- AD Service Account for Sharefile with Enterprise Admins permissions and the permissions on the network share
You will learn:
- How to request a trial for ShareFile
- How to install Citrix StorageZone Controller software
- How to configure NetScaler for ShareFile
- How to configure an alternative port for the communication between Citrix Cloud and your StorageZone Controller
- How to customize ShareFile
- How to create new users and admins in ShareFile
- How to configure LDAPS in the ShareFile NetScaler configuration
- How to configure SSL for the StorageZone Controller
Configure ShareFile in Citrix Cloud
Go to Citrix Cloud, select ShareFile and request a trial.
Select your region (here: USA) check the box to confirm that you know you can’t change that later.
Then pick a subdomain for sharefile. Here we will use citrixguru.sharefile.com.
Note: you can change that later.
You will have to wait a little, and then you are going to get an email to confirm that the trial has been approved.
In Citrix Cloud, click on Manage under ShareFile.
You are IN!
Here is the ShareFile dashboard in Citrix Cloud.
The first thing to do is to create a new admin account. Go to People > Manage Users Home.
Then select Create Employee.
Enter name, password and an email address.
No need to assign folders yet.
Assign full permissions to this user.
New sharefile user is created.
Citrix ShareFile StorageZones Controller
The next step is to download Citrix ShareFile StorageZones Controller software.
Go to Citrix Downloads and download Citrix StorageZones Controller. The latest version available at this time is 5.3.1.
Note: you need to install IIS7 and ASP.NET role for IIS to be able to install the software from Citrix.
Here is the install procedure.
Last step of the install is to reboot.
You can now access the UI with this link : http://localhost/ConfigService/login.aspx.
Install SSL certificate for Citrix ShareFile StorageZones Controller
We need to secure the StorageZones Controller with a SSL certificate.
You just need to import your internally trusted SSL/TLS certificate in IIS on the server where StorageZones Controller is installed.
Here I have imported a wildcard certificate trusted by my citrixguru.lab CA. Easier!
Then you should be able to reach the website using HTTPS with no warning.
Create a new Zone
Go to the StorageZones Controller UI, ex: https://dmzco01.citrixguru.lab/ConfigService/login.aspx.
Logon with an admin account and enter your ShareFile Account URL.
Select Create new zone. The name of the zone will appear in Citrix Cloud.
The external address is the public URL to reach your StorageZone. We are going to create the setup in NetScaler later in this article.
Next, enable StorageZone for ShareFile Data.
Enter the location of your share, and the AD account ShareFile will use to perform actions.
Enable StorageZone Connector for Network File Shares.
Enter a password for the encryption of the share.
Then click Register. The StorageZone has been created.
You can check in Citrix Cloud. There is a new StorageZone available. The StorageZone is not reachable from Citrix Cloud yet. Therefore there is no data available in the Dashboard.
ShareFile will modify the share for encryption and the zone configuration.
The monitoring tab contains more details about the health of the zone.
Configure NetScaler for ShareFile
Note: for this part AAA – Application Traffic feature must be enabled.
As mentioned before in this article, StorageZones must be reachable from Internet. There is no Cloud Connector here to bridge with Citrix Cloud. By default, ShareFile requires HTTPS on the port 443, but for this lab we are going to configure ShareFile to use the port 5000.
Go to your NetScaler(s) managing external connections and browse to Traffic Management.
Then select Setup NetScaler for ShareFile.
NetScaler has a wizard to create the configuration required for ShareFile.
Enter an IP address available and a name for the new Content Switching LB virtual server.
Make sure to check the StorageZones Connector box.
Next step is to select the TLS/SSL certificate associated with this deployment. For this example, we already have a SSL certificate imported in NetScaler.
Note: this certificate must be a public certificate trusted by a public Certificate Authority.
Select Add New StorageZone Controller and enter the IP address of the server where StorageZones Controller is installed.
Select 443 and https. Reminder: we have installed a TLS certificate on that server earlier in this article.
The StorageZones Controller server is imported in the configuration.
Next in the wizard, we have to configure a LDAP server for authentication.
The IP entered is a Domain Controller in my lab. I have also selected SSL and 636 because we are going to use secure protocol.
Next step is to configure the SSO domain, base DN, Administrator Bind DN and the logon Name. You can use the same service account created for ShareFile.
Click on Done to submit the wizard. NetScaler will apply the settings.
NetScaler has created Virtual Servers, policies, etc. Here is how it looks like for me.
There are few things to modify as we switched to LDAPS instead of LDAP.
Go to AAA -> Virtual Servers. Select the Server Certificate.
The certificate currently bound is CitrixGuru-Public and we need to change it to our certificate trusted by our local CA.
Go to Security > Policies > Authentication > Basic Policies > LDAP.
Select IP_LDAP_pol. And select the modify button.
Make sure it is configured as below (SSL and 636).
You can validate LDAP by clicking on the Test LDAP Reachability button.
Below is the final configuration to setup ShareFile in NetScaler manually.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
add policy httpCallout _SF_VAL_LB_CALLOUT -vServer _SF_SZ_LB -returnType BOOL -hostExpr "\"ShareFile\"" -urlStemExpr "\"/validate.ashx?RequestURI=\" + HTTP.REQ.URL.BEFORE_STR(\"&h\").HTTP_URL_SAFE.B64ENCODE + \"&h=\"+ HTTP.REQ.URL.QUERY.VALUE(\"h\")" -scheme http -resultExpr "HTTP.RES.STATUS.EQ(200).NOT" add policy httpCallout _SF_VAL_LB_CALLOUT_y -vServer _SF_SZ_LB -returnType BOOL -hostExpr "\"ShareFile\"" -urlStemExpr "\"/validate.ashx?RequestURI=\" + HTTP.REQ.URL.HTTP_URL_SAFE.B64ENCODE + \"&h=\"" -scheme http -resultExpr "HTTP.RES.STATUS.EQ(200).NOT" add service _SF_SVC_192.168.1.14 192.168.1.14 SSL 443 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO add authentication ldapAction 10.0.0.10_LDAP -serverIP 10.0.0.10 -serverPort 636 -ldapBase "CN=users,DC=citrixguru,DC=lab" -ldapBindDn svc_sharefile@citrixguru.lab -ldapBindDnPassword 216cc4925f7f30c9213ee86b40b02bef4b27450acb6cc6e10c43152dd25b0e49 -encrypted -encryptmethod ENCMTHD_3 -ldapLoginName sAMAccountName add authentication ldapPolicy 10.0.0.10_LDAP_pol ns_true 10.0.0.10_LDAP add lb vserver _SF_SZ_LB SSL 0.0.0.0 0 -persistenceType SSLSESSION -lbMethod TOKEN -rule "http.REQ.URL.QUERY.VALUE(\"uploadid\")" -cltTimeout 180 add lb vserver _SF_CIF_SP_LB SSL 0.0.0.0 0 -persistenceType COOKIEINSERT -timeout 240 -cltTimeout 180 -authn401 ON -authnVsName _SF_AUTHVSERVER add authentication vserver _SF_AUTHVSERVER SSL 192.168.1.26 636 add cs vserver _SF_CS_cslb-sharefile SSL 192.168.1.25 443 -cltTimeout 180 add cs policy _SF_SZ_CSPOL -rule "HTTP.REQ.URL.CONTAINS(\"/cifs/\").NOT && HTTP.REQ.URL.CONTAINS(\"/sp/\").NOT" add cs policy _SF_CIF_SP_CSPOL -rule "HTTP.REQ.URL.CONTAINS(\"/cifs/\") || HTTP.REQ.URL.CONTAINS(\"/sp/\")" add responder policy _SF_RESPONDERPOL "HTTP.REQ.URL.CONTAINS(\"&h=\") && HTTP.REQ.URL.CONTAINS(\"/crossdomain.xml\").NOT&& HTTP.REQ.URL.CONTAINS(\"/validate.ashx?requri\").NOT&& SYS.HTTP_CALLOUT(_SF_VAL_LB_CALLOUT) || HTTP.REQ.URL.CONTAINS(\"&h=\").NOT && HTTP.REQ.URL.CONTAINS(\"/crossdomain.xml\").NOT&& HTTP.REQ.URL.CONTAINS(\"/validate.ashx?requri\").NOT&& SYS.HTTP_CALLOUT(_SF_VAL_LB_CALLOUT_y)" DROP bind lb vserver _SF_SZ_LB _SF_SVC_192.168.1.14 bind lb vserver _SF_CIF_SP_LB _SF_SVC_192.168.1.14 bind lb vserver _SF_SZ_LB -policyName _SF_RESPONDERPOL -priority 100 -gotoPriorityExpression END -type REQUEST bind cs vserver _SF_CS_cslb-sharefile -policyName _SF_SZ_CSPOL -targetLBVserver _SF_SZ_LB -priority 100 bind cs vserver _SF_CS_cslb-sharefile -policyName _SF_CIF_SP_CSPOL -targetLBVserver _SF_CIF_SP_LB -priority 110 add tm sessionAction _SF_SESSION_ACT -SSO ON -ssoCredential PRIMARY -ssoDomain citrixguru.lab add tm sessionPolicy _SF_SESSION_POL ns_true _SF_SESSION_ACT bind authentication vserver _SF_AUTHVSERVER -policy 10.0.0.10_LDAP_pol -priority 100 bind authentication vserver _SF_AUTHVSERVER -policy _SF_SESSION_POL -priority 100 bind ssl service _SF_SVC_192.168.1.14 -eccCurveName P_256 bind ssl service _SF_SVC_192.168.1.14 -eccCurveName P_384 bind ssl service _SF_SVC_192.168.1.14 -eccCurveName P_224 bind ssl service _SF_SVC_192.168.1.14 -eccCurveName P_521 bind ssl vserver _SF_CS_cslb-sharefile -certkeyName CitrixGURU-Public bind ssl vserver _SF_SZ_LB -certkeyName CitrixGURU-Public bind ssl vserver _SF_CIF_SP_LB -certkeyName CitrixGURU-Public bind ssl vserver _SF_AUTHVSERVER -certkeyName CitrixGURU-Public bind ssl vserver _SF_CS_cslb-sharefile -eccCurveName P_256 bind ssl vserver _SF_CS_cslb-sharefile -eccCurveName P_384 bind ssl vserver _SF_CS_cslb-sharefile -eccCurveName P_224 bind ssl vserver _SF_CS_cslb-sharefile -eccCurveName P_521 bind ssl vserver _SF_SZ_LB -eccCurveName P_256 bind ssl vserver _SF_SZ_LB -eccCurveName P_384 bind ssl vserver _SF_SZ_LB -eccCurveName P_224 bind ssl vserver _SF_SZ_LB -eccCurveName P_521 bind ssl vserver _SF_CIF_SP_LB -eccCurveName P_256 bind ssl vserver _SF_CIF_SP_LB -eccCurveName P_384 bind ssl vserver _SF_CIF_SP_LB -eccCurveName P_224 bind ssl vserver _SF_CIF_SP_LB -eccCurveName P_521 bind ssl vserver _SF_AUTHVSERVER -eccCurveName P_256 bind ssl vserver _SF_AUTHVSERVER -eccCurveName P_384 bind ssl vserver _SF_AUTHVSERVER -eccCurveName P_224 bind ssl vserver _SF_AUTHVSERVER -eccCurveName P_521 |
Configure NAT in your router
443 is already used for NetScaler Gateway in my lab and I only have 1 public IP address, therefore I need to NAT the ShareFile address to use a different port externally.
For this article we will use the port 5000. I created the following configuration. Internally the communication will use the port 443 but from Citrix Cloud to my network, it will communicate on port 5000.
192.168.1.25 is the IP of the Content Switching virtual server created by the NetScaler wizard for ShareFile.
Validate the configuration
Go to the ShareFile console in Citrix Cloud. Go to Settings > Admin settings > StorageZones and select the StorageZone that you created.
If you can see some data here, that means that Citrix Cloud can communicate properly with your on-premises ShareFile StorageZone Controller.
Now that we have a working local StorageZone, we can disable the Azure location provided by Citrix.
Citrix Cloud will automatically move the data to the local StorageZone we created on-premises.
Branding
You can change the branding of ShareFile by browsing to Settings > Admin Settings > Company Account Info > Edit Company Branding.
On the same page, you can change/add your sharefile subdomain.
See below how it looks like.
And the dashboard.
Test Citrix ShareFile
To validate ShareFile, you can connect to http://citrixguru.sharefile.com or install the ShareFile Desktop app on your computer. Or install the ShareFile app on your phone.
See below the Desktop App.
You can see all the files, workflows, etc available from the StorageZone located on-premises, download and upload data.
The web version for ShareFile also provides the same experience.
That’s all to configure ShareFile in Citrix Cloud to connect to local storage located on-premises. I hope it this article helped you to have a better understanding of ShareFile and its components.
More from the Lab!
- Building a Dual-Xeon Citrix Lab: Part 1 – Considerations
- Building a Dual-Xeon Citrix Lab: Part 2 – Hardware
- Building a Dual-Xeon Citrix Lab: Part 3 – Windows and Hyper-V installation
- Lab: Part 4 – Hyper-V Networking
- Lab: Part 5 – NetScaler 11 Architecture and Installation
- Lab: Part 6 – Configure NetScaler 11 High Availability (HA Pair)
- Lab: Part 7 – Upgrade NetScalers in HA
- Lab: Part 8 – Save, Backup and Restore NetScaler 11 configuration
- Lab: Part 9 – Install Microsoft SQL Server 2014 (Dedicated)
- Lab: Part 10 – Citrix Licensing demystified
- Lab: Part 11 – Install XenDesktop 7.6
- Lab: Part 12 – Setup NetScaler 11 Clustering (TriScale)
- Lab: Part 13 – Configure Published Applications with XenDesktop 7.6
- Lab: Part 14 – Citrix StoreFront 3.x
- Lab: Part 15 – Configure SSL in StoreFront
- Lab: Part 16 – StoreFront load balancing with NetScaler (Internal)
- Lab: Part 17 – Optimize and secure StoreFront load balancing with NetScaler (Internal)
- Lab: Part 18 – Secure LDAP (LDAPS) load balancing with Citrix NetScaler 11
- Lab: Part 19 – Configure Active Directory authentication(LDAP) with Citrix NetScaler 11
- Lab: Part 20 – RDP Proxy with NetScaler Unified Gateway 11
- Lab: Part 21 – Secure SSH Authentication with NetScaler (public-private key pair)
- Lab: Part 22 – Ultimate StoreFront 3 customization guide
- Lab: Part 23 – Securing Citrix StoreFront DMZ deployment
- Lab: Part 25 – Upgrade to Citrix StoreFront 3.7
- Lab: Part 26 – Install/Upgrade Citrix XenDesktop 7.11
- Lab: Part 27 – Getting started with Microsoft Azure
- Lab: Part 28 – Getting started with Citrix Cloud
- Lab: Part 29 – Configure XenDesktop And XenApp Service with Microsoft Azure and Citrix Cloud
- Lab: Part 30 – Configure Identity and Access Management in Citrix Cloud with Microsoft Azure AD
- Lab: Part 31 – Configure NetScaler Gateway Service for XenApp and XenDesktop Service in Citrix Cloud
- Lab: Part 32 – Configure MCS with XenDesktop and XenApp Service in Citrix Cloud
- Lab: Part 33 – Configure Azure Quick Deploy with XenDesktop and XenApp Service in Citrix Cloud
- Lab: Part 34 – Configure Site Aggregation for Citrix Workspace in Citrix Cloud with XenDesktop 7.x located on-premises
- Lab: Part 35 – Configure a Hybrid NetScaler MA Service environment in Citrix Cloud
- Lab: Part 36 – Configure ShareFile in Citrix Cloud with StorageZones on-premises
- Lab: Part 37 – Upgrade NetScaler HA pair with NetScaler MA Service in Citrix Cloud
- Lab: Part 38 – How to Configure Full VPN Setup with Citrix NetScaler in CLI
- Lab: Part 39 – Configure Multi-Factor Authentication with Azure MFA Service and Citrix Workspace
- Lab: Part 40 – Getting Started with Citrix App Layering
- Lab: Part 41 – Configure Citrix App Layering
- Lab: Part 42 – OS Layer with Citrix App Layering
- Lab: Part 43 – Platform Layer with Citrix App Layering
- Lab: Part 44 – Application Layers with Citrix App Layering
- Lab: Part 45 – Layered Image Deployment with Citrix App Layering
- Lab: Part 46 – Elastic deployment with Citrix App Layering
- Lab: Part 47 – User Layers with Citrix App Layering
- Lab: Part 48 – Windows 10 and PVS with Citrix App Layering
