This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Customer managed encryption keys for Cloud storage
As a customer using ShareFile cloud (ShareFile managed storage zones) to store files, you have the ability to manage your own encryption keys and have much better control over security. You can use Amazon Web Services to generate a master key to encrypt ShareFile data uploaded to the cloud using a dual encryption key paradigm.
Note:
This feature is not currently available for HIPAA-accounts.
Overview
Customers have complete control over their encryption keys and can revoke ShareFile’s access to their master keys whenever they want. When access is revoked, ShareFile can no longer decrypt the encrypted files.
Setup instructions to enable this feature on your account below assume that you have an Amazon Web Services Account with access to IAM (Identity and Access Management)
Creating the KMS Key and Granting ShareFile Access
Note:
To improve performance, ShareFile recommends creating the KMS key in the same region as your ShareFile zone. For example: if using the US-East storage zone, create the KMS key in the US-East region.
Configure CloudTrail Logging
Note:
For improved performance, it is recommended to create the KMS key in a similar region as your ShareFile zone. For example: if using the US-EastShareFile-managed StorageZone, create the KMS key in the US-East region.
- Go to the KMS Console website or search for AWS Key Management Service and click Create a key.
- From the Create Key wizard, select these values, then click next:
- Key type - Symmetric
- Key material origin - KMS
- Regionality - Single-Region key
- Add an alias for the key, and optionally a description and label.
- Select Next.
- Under define key permissions, you can leave the default values.
-
Under Define key usage permissions, select Add Another AWS account. 1. Enter the ShareFile external account ID. Select Next to continue.
Note:
Please contact Support to obtain the external account ID.
-
Select Finish to review and complete the process.
- After that, select the Key you just created to check its properties. Copy the ARN and send it to ShareFile Support.
Validating Key Operations
Test Disabling the KMS Key
-
Perform some test uploads and downloads to your Zone
-
From the AWS Console, select your key and choose Disable.
Wait a few minutes and then try to upload or download to your Zone once more. You should see the operations fail.
-
Re-enable the KMS key and verify that you can upload and download successfully.
Test Revoking the ShareFile External Account
-
Edit the KMS Key and browse to External Accounts
-
Select the “Remove” option to revoke ShareFile access to this key (save the value before deletion)
Wait a few minutes and then attempt to upload or download. You should see the operations fail.
-
Re-add the external account.
Wait a few minutes and then reattempt uploads or downloads. The operations should be successful.
Verify Activity via CloudTrail Logs
- After performing some uploads and downloads, check CloudTrails activity. (may take ~10 minutes to populate)
- Verify you can see Activity such as username, filename, and operation (Upload or Download).
Note:
File Names that contain special characters or Unicode characters will appear as URL-encoded in the CloudTrail logs. To view the filename, you can use a URL decoder.
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.