After implementing XenMobile MDM and the App Controller it’s time to implement Citrix ShareFile as last part of the Citrix XenMobile Enterprise suite. With Citrix ShareFile you can easily share (large) files with colleagues or people outside the organization in a secure manner. You can create folders online to organise your files and access them from almost any device you want and it also have the ability for Mac, Microsoft Windows and Microsoft Outlook integration.
By default, all data is saved in the cloud. For companies that do not want that, ShareFile Enterprise offers a solution with the ShareFile StorageZones controller. With the ShareFile StorageZones controller you are able to save data on premise within your own network and you even have the possibility to make CIFS Shares available within the ShareFile applications.
Scope for this blog
There are a few way’s to let users authenticate with ShareFile, in this blog I will only explain the XenMobile integration. For SAML authentication I will write a separate blog soon. In this blog I will also show you how to create the StorageZone share, how to install and configure the Citrix ShareFile StorageZones Controller, Configure the Web Server (IIS), Configuring the Citrix NetScaler for ShareFile and how to create Connectors and access them with a mobile device.
In my environment I have a NetScaler running in the DMZ, therefore I will install an SSL certificate trusted by an external CA on the NetScaler and an SSL trusted by the internal CA on the ShareFile server for secure internal traffic over port 443.
The ShareFile StorageZones Controller can be installed on a Windows Server 2008 R2 SP1 or a Windows Server 2012 R2 server with a minimum of 2 CPUs and 4 GB RAM. Before starting the installation, make sure you have installed the following prerequisites first;
– Web Server (IIS) role including the following sub rolls;
– Microsoft .NET Framework 4.5
Before starting the installation, make sure you have done the following preparations;
– Open port 443 on the firewall for inbound TCP requests
– Have an external IP address free
– Configured an external DNS record (for example sharefile.domain.com)
– Created a ShareFile Service Account in Active Directory
– Have a ShareFile Enterprise account
– Have a Citrix NetScaler up and running
– Have an SSL certificate trusted with an external CA (will create one in this blog)
– Have an internal Certificate Authority (CA) up and running
– Have two free IP address for configuring ShareFile on the Citrix NetScaler
Create and share a folder for the StorageZone Data
The first step is to create a folder for the StorageZone Controller.
Create a folder for the StorageZone, right click it and go to Share with > Specific people
Add the ShareFile Services Account and give it the Read/Write Permission Level. Click Share.
Right click the folder again and go to Properties. Go to the Security tab and make sure that the ShareFile Service Account have Full Control permissions on the folder.
Configure the Web Server (IIS)
Open Internet Information Services (IIS) and go to ISAPI and CGI Restrictions
Make sure that the ASP.NET v4.0.30319 entries are Allowed
Go to Server Certificates
Click on Create Certificate Request
Enter the requested information and click Next
Select Microsoft RSA SChannel Cryptographic Provider and 2048 as Bit length. Click Next
Save it to a text file and click Finish
Open Internet Explorer and browse to http://<your Certification Authority server/certsrv
Click on Request a certificate
Click on advanced certificate request
Click on Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file
Open the saved text file, select all text and copy the text into the Save Request field. Select Web Server as Certificate Template and click Submit
Select Base 64 encoded and click Download certificate to download the certificate file.
Go back to the Internet Information Services (IIS) Manager and click Complete Certificate Request
Browse to the certification file, enter a Friendly name, and select Personal as certificate store. Click OK
On the left side of the window, select Default Web Site, on the right side, click Bindings
Select HTTPS as Type and select the ShareFile SSL certificate. Click OK
Select HTTP and click Remove and after removing, click Close
Navigate to C:\inetpub\wwwroot, right click the folder, open the Security tab and add the ShareFile service account, give it Full Control access
Open Internet Explorer and browse to the local website with HTTPS (for example https://sharefile.domain.local) to see if the SSL Certificate is working correct.
Configuring the Citrix NetScaler for ShareFile
At this moment it is recommend to use the Citrix NetScaler 10.1 build 120.1316.e or higher. This enhanced version of the NetScaler has a wizard for configuring Citrix ShareFile which saves you a lot of time! In the following steps I will install an SSL certificate trusted by an external CA and show you the steps of the NetScaler ShareFile wizard.
On the Configuration tab of the NetScaler browse to the Traffic Management > SSL menu, on the right side of the screen click on Create RSA Key
Key Filename: “name”.key, anything you like
Key Size (bits): 2048
Public Exponent Value: F4
Key Format: PEM
PEM Encoding Algorithm: DES3
PEM Passphrase: A password you like
Verify Rassphrase: Same as above
Click OK and then Close
The next step is to create a request that needs to send over to the CA. On the right side of the screen click Create CSR (Certificate Signing Request)
Request File Name: “name”.REQ, anything you like
Key File Name: Browse to the .KEY file you just created
Key Format: PEM
PEM Passphrase (For Encrypted Key): The password you specified in the previous step
Country: Your Country
Organization Name: The name of your organization
State or Province: You State or Province
Common Name: This is the address the users will type in their browsers
Challenge Password: A password you like
Click OK and then Close
The .REQ file needs to be download for importing it by the CA. Go to “Manage Certificates / Keys / CSRs”
Select the .REQ file and click Download. Click on Browse to give a “Save in” location, click onDownload and then Close.
Open the .REQ file in Notepad and copy all the text. Go to your CA (in my case Go Daddy) to create the key or re-key an existing certificate by pasting the text from the .REQ file.
After creating the certificate, download it. Select IIS7 as server type.
After downloading the certificate, go back to “Manage Certificates / Keys / CSRs” under the SSL menu of the NetScaler and Upload the .cer file.
Go to the menu Traffic Management > SSL > Certificates. On the upper right side on the screen click on Install..
Fill in the following information;
Certificate-Key Pair Name: Any name you want
Certificate File Name: Browse to the .cer file you just uploaded
Key File Name: Browse to the .KEY file created earlier
Password: The password entered when creating the request
Certificate Format: PEM
Click on Create and Close
After the installation you can see the status and the number of days the certificate expires.
Go to menu Traffic Management > Load Balancing, and click on Configure XenMobile ShareFile and NetScaler Gateway
Under ShareFile LB, click on Configure
Fill in a name (anything you like) and a free IP Address, select StorageZone Connector for Network File Shares/SharePoint and click Continue
Select Choose Certificate and select the certificate installed in previous steps
Fill in the information of the ShareFile StorageZone server and click Create
Enter the following information;
AAAVServer IP Address: A free IP Address
LDAP Server IP Address: Your domain controller
Time out: 3 (is default)
Single Sign-on Domain: your domain name
Base DN (location of users): For example OU=Users,OU=PoC,DC=hobo,DC=lan
Administrator Bind DN: For example the ShareFile services account
Logon Name: sAMAccountName (is default)
Password: Password of the Administrator Bind DN
Go to Traffic Management > Load Balancing > Virtual Servers to see if servers have the Up status
Installing and Configuring the Citrix ShareFile StorageZone Controller
Start the setup and click Next
Select I accept the terms in the License Agreement and click Next
Deselect Launch StorageZones Controller Configuration Page and click Finish
Click Yes to restart the server
After the reboot open the StorageZones Controller Configuration Page and login with your ShareFile Enterprise admin account
Fill in the following information;
Select: Create new Zone: Name of the zone (anything you like)
Hostname: the hostname of the StorageZone server
External Address: Name of your external DNS record
Select: Enable StorageZones for ShareFile Data
Select: Local network share
Network Share Location: location of the share created in the first steps
Network Share Username: Domain\ShareFile services account
Network Share Password: the password of the ShareFile services account
Scroll down and fill in the following information;
Select: Enable StorageZone Connector for Network File Shares
Allowed Paths: * (default)
Denied Paths: If you have any, enter it here
After that the StorageZone had been configured successfully
Go to the Monitoring tab to see the status of the StorageZones Controller
If you go to the shared folder for the StorageZone controller you see that it is filled with files and folders used for the Zone configuration
Integrate ShareFile with XenMobile AppController
In this part I will show you how to integrate ShareFile with the XenMobile AppController and how to get users synced with the ShareFile Control Plane.
When the ShareFile account is created for you, the only account that exists within the Control Plane is the super user.
To get more users synced with the ShareFile Control Plane create a Security Group within the Active Directory and add the users you want to give ShareFile access to that group.
Keep in mind that all user accounts need to have a First Name, Last Name, E-Mail address and a User logon name filled in there account properties!
Login to the Citrix AppController console and go the Roles. On the left side click on Add role
Fill in a Role Name and a Role description. Click on the button next to No storage zone to get a list of available StorageZones
Fill in the ShareFile url and the username and password of the super user. Click Discover.
Select the StorageZone created in previous steps and click Next
Add the security group, created in the previous steps and click Save
Go to Apps & Docs > ShareFile and click on Edit
Select the correct Assigned role and click Save
Click on Sync
Now the users from the ShareFile security group are synced to the ShareFile Control Plane
Creating Connectors and access them with a mobile device
Go to the ShareFile Control Plane and open the Connectors tab. Click on Create Connector
Fill in the Path and the Name of the share and click Add Connector
Add the users that may access the share, you can also create and add a distribution group. Click Save Changes
Repeat this step for every share (connector) you want.
On your Mobile device, open Worx Home and open the ShareFile application
Go to File Share
Now you see the created connectors.
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.