<presentation month/year> ShareFile Technical Overview <presenter name> <presentation month/year>

Agenda

Agenda Introduction to ShareFile Enterprise High-Level Architecture Availability and Redundancy StorageZones Security Authentication Follow-me-data with Citrix CloudGateway & Receiver Wrap-up

ShareFile Introduction

Sync Share Store Enables file sharing with anyone Syncs data across all devices Online file sharing spaces for virtual teams Selective offline access on mobile devices Data protection Encryption Device lock Remote wipe Poison-pill What ShareFile does is: Store, Sync, Share Sync and device with user files Selective offline access on mobile devices Data protection – encryption, lock, remote wipe, poison pill Enables file sharing with anyone Online file sharing space for virtual teams

Why ShareFile? Enable workforce mobility & BYOD Address the “Dropbox-Problem” Simple and secure data sharing Fellow employees Team collaboration Clients, 3rd party collaboration Enhanced productivity

Broad Device, Workflow and Protocol Support Mobile Apps Mobile Site iPhone Android BlackBerry Windows 7 Phone iPad Android Tablet Desktop Apps Automation Command Line Interface* API Outlook Plug-in Browser Alternative Protocol (Cloud SZ) Mac OS Sync Windows Sync FTP/S SMTP * Soon

ShareFile High-level Architecture

ShareFile – with Citrix managed StorageZones DB *.sharefile.com *.sf-api.com Control Plane Account info Brokering Reporting Access Control Client Storage Center (EC2) S3 StorageZones Storage Centers Backend Storage Various Locations WW ShareFile’s high-level architecture basically consists of 3 different components. There is the client, accessing the ShareFile service through one of the native tools, Citrix Receiver a browser or directly through the API. <CLICK> There is the Control Plane, which performs functions such as storing file, folder and account information, access control, reporting an various other brokering functions. <CLICK> And then there is the Storage Plane, which is where the actual customer files are hosted. <CLICK> Clients communicate with both the Control Plane and the Storage Plane, <CLICK> and the Control Plane and the Storage Plane communicate as well <CLICK>, but customer files will never travel from the Storage Plane to the Control Plane. In a couple of slides we will look at this in more detail. <NEXT SLIDE>

ShareFile – Current Architecture With Citrix managed StorageZones

ShareFile Control Plane No Client Files File Metadata Account Data DMZ Webservers “main app” Load balancing Client SQL Cluster Load balancing TLS/SSL AES-256 Encryption API Webservers Replication to DR Datacenter Let’s take a more detailed look at the ShareFile Control Plane. <CLICK> The ShareFile Control Plane is hosted in Citrix Online’s datacenter. In the datacenter we have the following components: <CLICK> There are webservers both for our Web UI, also called the “main app” <CLICK>, as well as dedicated webservers for client devices using the HTTPS API, which is being used for our various client tools. <CLICK> <CLICK> Of course there is the Database, running on an SQL Cluster. <CLICK> The database contains things such as account data, file and folder metadata, including access rights, user account data, logs etc. etc. The Database in the Control Plane does not contain any customer files. <CLICK> Note that we will only store hashed user passwords in the database. Client requests are distributed across the webservers using NetScaler. <CLICK> The NetScaler and webservers are running in the DMZ and the Database cluster itself is in the production network behind the firewall. Now let’s see what happens when a client device goes to the main app or one of our client tools connects to ShareFile. <CLICK> Of course there is the Client device on the outside of the network. <CLICK> The client connects to the Control Plane using 256-bit encryption. <CLICK> The NetScaler loadbalance the traffic across the webservers. <CLICK> And the webservers communicate with the database to retrieve the requested information. <CLICK> The database itself is also securely replicated to a second datacenter for backup and Disaster Recovery purposes. <NEXT SLIDE>

ShareFile StorageZones S3 99.99% availability and 99.999999999% durability FTP/FTPS FTP Servers Utility Servers Anti Virus & Thumbnailing Full Text Index Backup Client Storage Encrypted Backup to 3rd Party Datacenter Storage Centers Storage S3 Commit TLS/SSL AES-256 Encryption Backup File Processing EBS Cache AES-256 Encryption Elastic Block Storage AES-256 Encryption Next we will take a more detailed look at the ShareFile Storage Plane. <CLICK> The ShareFile Storage Plane is hosted at Amazon Web Services datacenters in various world-wide locations. <CLICK> Amazon EC2 hosts various components which are part of the Storage Plane. <CLICK> The main component, taking care of all file operations, is the ShareFile Storage Center. <CLICK> Besides the Storage Centers there are various Utility Servers, taking care of such things as Anti Virus, Thumbnailing, Full Text Index (Enterprise and VDR) as well as Backup utility servers. <CLICK> Since ShareFile also offers the possibility to upload and download files using FTP and FTPS, there are dedicated FTP servers in the Storage Plane. The 2 main places where files are stored are Elastic Block Storage for caching purposes in EC2 <CLICK>, and the storage in S3 for persistent storage. <CLICK> Now let’s take a look what actually happens when a user uploads a file to ShareFile. <CLICK> Of course there is the Client device on the outside of the network. <CLICK> For regular uploads the Client connects to the Storage Center using 256-bit encryption. <CLICK> If a file is being uploaded through FTP or FTPS, there is no direct connection to the Storage Center. But the client connects to one of the FTP servers, <CLICK> which communicates with a Storage Center server. <CLICK>The Storage Center encrypts the file and places the file in the local cache, which is kept on the attached EBS disk. At the same time the file is being put in the storage queue for committing to the persistent S3 storage, <CLICK> which is a continuous process that runs on the Storage Center. The files remain encrypted during this process. <CLICK> The Utility Servers communicate with the Control Plane and know about new files being uploaded and will fill up their respective queues for files that require Anti Virus scans, thumbnail creation, full-text indexing, backup etc. <CLICK> Files on S3 will be processed based on their place in the queue. The SLA with Amazon guarantees 99.99% availability, and a “12 nines” file durability against file loss. <CLICK> Amazon takes care of this in the back-end. <CLICK> Finally we also create a backup of all encrypted file data in a 3rd party datacenter. <CLICK> The backup server communicates with special Backup utility servers in EC2 <CLICK> and will backup files from S3. <NEXT SLIDE> EC2 S3

ShareFile StorageZones - Download FTP/FTPS FTP Servers Client Storage Storage Centers Storage TLS/SSL AES-256 Encryption EBS Elastic Block Storage When a client downloads a file, the file will be served out of local EBS if in cache <CLICK>, otherwise it will be served from S3 storage <CLICK>. The file will be decrypted by the Storage Center and send to the client over an encrypted connection. <CLICK> Or if downloaded through FTP or FTPS, it will be send to the client through the FTP Servers <CLICK> <NEXT SLIDE> EC2 S3

Availability and Redundancy

Availability Information Real-time backup to Citrix data center Automatic failover (if necessary) Lazy file deletion to support file recovery Control subsystem has DR location in Las Vegas Files backed up to facility in Charlotte NC

ShareFile StorageZones

ShareFile StorageZones Now available for all ShareFile Enterprise accounts Store files in customer-managed StorageZones, in Citrix-managed StorageZones or both Technology proven in the Cloud Seamless user experience Modified On-Prem version of existing Storage Plane software Proven technology Same user experience Seamless for users, they don’t know where there files are being stored

Compliance Performance Why StorageZones? Compliance Performance Meet unique compliance and data sovereignty requirements by storing data On-Prem Optimize end user performance by placing files and folders in close proximity

ShareFile - Citrix managed StorageZones DB *.sharefile.com *.sf-api.com Control Plane Account info Brokering Reporting Access Control Client Storage Center (EC2) S3 StorageZones Storage Centers Backend Storage Various Locations WW ShareFile’s high-level architecture basically consists of 3 different components. There is the client, accessing the ShareFile service through one of the native tools, Citrix Receiver a browser or directly through the API. <CLICK> There is the Control Plane, which performs functions such as storing file, folder and account information, access control, reporting an various other brokering functions. <CLICK> And then there is the Storage Plane, which is where the actual customer files are hosted. <CLICK> Clients communicate with both the Control Plane and the Storage Plane, <CLICK> and the Control Plane and the Storage Plane communicate as well <CLICK>, but customer files will never travel from the Storage Plane to the Control Plane. In a couple of slides we will look at this in more detail. <NEXT SLIDE>

Citrix managed and On-Prem StorageZones DB *.sharefile.com *.sf-api.com Control Plane Account info Brokering Reporting Access Control Client StorageZones Storage Center (Windows IIS) CIFS Storage Center (EC2) S3 Storage Centers Backend Storage In customer Datacenter(s) Hybrid with cloud The architecture with our recently announced StorageZone technology with on-premise data option is similar to what we have today with our pure Cloud offering. The Client side and the Control Plane are the same. The difference however is in the Storage Plane. If you chose to use the on-premise option, you will have what we refer to as a local or on-premise StorageZone. This StorageZone has one or more Storage Centers, which are installed on Windows 2008 Servers with IIS and utilize local NAS storage. The StorageZone components run inside the customer’s Datacenter. “Mix and match” is a possibility as well, where you have certain files in your own datacenter and certain files in a Citrix, cloud-hosted StorageZone. Client connectivity and communication are the same as in the Cloud model. No customer files will go through the Control Plane We will talk more about StorageZones and on-premise storage later on. Customer Datacenter

Citrix managed StorageZones Control Plane Customer managed StorageZones

ShareFile European Control Plane https://<subdomain>.sharefile.eu Enterprise Accounts available in Q4 High Performance User Proximity Government Compliance In Citrix Online datacenter in Germany

Using StorageZones

Using StorageZones StorageZones can be set on User-level Root Folder-level *Account-level planned for GA

Using StorageZones

On-Prem Deployment Models

Proof of Concept Deployment Firewall https https Storage Center 10.0.0.20 Public Internet IP 10.0.0.1

HA Deployment Firewall Public Internet IP 1 https https Storage Center 10.0.0.20 https https Storage Center Storage Storage Center Public Internet IP 2 10.0.0.1 10.0.0.21

Secure DMZ Deployment Firewall Firewall http or https https Storage Center 10.0.0.20 http or https Storage Storage Center Public Internet IP 10.0.0.1 10.0.0.21

StorageZones Setup

On-premise StorageZones Requirements Windows 2008 Server R2 IIS Web Services role with ASP.NET Microsoft .NET 4.0 A public-resolvable internet hostname An SSL certificate for the above Public, Windows accepted Certificate Authority Self-signed or unsigned certificates are not supported

IIS Configuration Install SSL certificate and bind certificate to https port 443 Not needed when using DMZ proxy ISAPI and CGI Restrictions ASP.NET v4.0.x needs to be set to “Allowed”

Storage Center Installation

Storage Center Configuration

Shared Storage Configuration CIFS Share Access Storage Centers will access the Share using the StorageCenterAppPool user Application Pools → StorageCenterAppPool → Advanced Setting → Identity Additional permission settings documented in eDocs

Troubleshooting StorageZones

Basic Troubleshooting Ensure you type <external address> without port or https & check for typos on Configuration Page Ensure on Enterprise account with SZ Make sure user account has SZ admin permissions Check if Storage Center URL is accessible from outside Check file share for creation of directories Check if SCKeys.txt is created in root of file share Logs!

Demonstration of StorageZones

ShareFile Security

Security Information SSAE 16 audited data centers SSL Encryption in transit AES 256-bit encryption at rest All uploaded files scanned for viruses Daily scans for McAfee SECURE accreditation All ShareFile servers protected by dedicated firewalls SSAE 16 audited data centers Files are encrypted in transit via SSL Files are encrypted at rest via AES 256-bit encryption User-created passwords are hashed in ShareFile database All uploaded files scanned for viruses Daily scans for McAfee SECURE accreditation All ShareFile servers protected by dedicated firewalls

Standard Download Security Client 1 Client requests a file 2 Prepare message send to Storage Center 1 6 5 9 3 HMAC is validated 4 Storage Center confirms validity Control Plane StorageZones 5 Client receives download URL with HMAC 3 7 6 Client requests download 2 4 7 HMAC is validated Main App/ API servers Storage Center 8 Storage Center gets file from storage 8 9 Download starts DB Storage When a user wants to download a file, ShareFile’s architecture prevents forged download requests by using hash-based message authentication codes or HMAC. When the client requests a file for download a prepare message is send by the main app or the API servers in the Control Plane to the Storage Center hosting the file. The location of the file is stored in the DB in the Control Plane, which is where the main app and API servers get this information. An HMAC based on the Shared Key used to establish a trust relation between the Control and Storage Plane, is being send as part of the prepare message and is validated by the Storage Center. Once validated, the Storage Center confirms the validity and the Main App or API server will provide the download link to the Client with a unique HMAC. To start the actual download, the Client will now connect to the Storage Center. Again, an HMAC, which is part of the download request from the Client, is being validated and if successful, the file will be retrieved from storage, either from cache or S3 and the Storage Center will provide the file to the Client Shared Secret (trust)

Trust & Encryption – On-Premise StorageZones Storage encryption key created when StorageZone is created StorageZones DB *.sharefile.com *.sf-api.com Storage Center Shared Secret (trust) Storage Shared Key created when StorageZone is created Encryption Key is encrypted by Passphrase when Storage Center is configured

Download Security with On-Prem StorageZones DMZ NetScaler can handle incoming HMAC’s Security Best Practice Connections with bad requests will not enter the internal network Documented in admin guide on eDocs 1 5 2 4 StoragZone 3 Storage Center 1 NetScaler strips HMAC from URI 2 NetScaler sends URI & HMAC to Storage Center 3 HMAC is validated by Storage Center 4 Storage Center sends confirmation to NS 5 Process Completes

ShareFile Authentication

ShareFile Authentication Options Built-in Authentication Uses combination of email address and password Passwords are stored hashed in database SAML Support Broad Identity Provide Support, including ADFS CloudGateway Offers user provisioning functionality Receiver integration Recommended, especially for existing Citrix customer

Enterprise Active Directory Options SAML 2.0 Support Requires customer provided and configured SAML provider Microsoft ADFS Support Also supports popular Identity Providers such as: OneLogin CA SiteMinder PingIdentity PingFederate SalesForce Unified storefront for all applications, data and services Instant user provisioning and de- provisioning Fully integrated with Receiver Real-time SaaS application monitoring Comprehensive access control policies

SAML Authentication User account is still required in ShareFile Folder Access Control Licensing Users will be matched by email address Identity Provider Password will never be send to Control Plane Password reset can be disabled Requires tools to be ‘SAML-aware’ ShareFile web site and iPad app are today with other tool support coming

SAML How it works Client 2 6 Service Provider Identity Provider 1 Client requests ShareFile SSO login URL How it works 2 Client discovers identity provider 7 1 5 3 Client redirected to identify provider 8 2 9 3 4 4 Client requests identity provider URL User has access 5 Identity Provider identifies the user 6 User is authenticated and is redirected to Assertion Consumer Service URL with SAML response 7 User agent requests ACS URL 8 ACS validates SAML response and redirects user agent to ShareFile URL 9 User agent requests ShareFile URL 6 Service Provider (sharefile.com) Identity Provider (e.g. CloudGateway, ADFS)

ShareFile Account Creation User creation can be done manually One-by-one Import from Excel spreadsheet User is provisioned through CloudGateway User Management Tool Import from Excel spreadsheet: template will be provided We will talk more about CloudGateway later on

User Management Tool Creates ShareFile user accounts and distribution lists based on AD users and groups Option to notify users of account creation Ability to select default StorageZone for users Easy process for keeping AD and SF in sync

Citrix CloudGateway & Receiver Follow-me-data

Access Gateway services StoreFront™ services Content Controllers Access Gateway services PC Mac Smartphone Tablet Thin Client

Technology Preview ShareFile StorageZone Connectors

ShareFile StorageZone Connectors for Network Shares ShareFile Personal Folder ShareFile Team Folder ShareFile Team Folder Existing Network Share Citrix Confidential - Do Not Distribute

Wrap Up

Citrix ShareFile Robust filesharing technology designed for the Enterprise SaaS model with Cloud and On-premise options Secure AD Authentication options CloudGateway Integration available soon