Create and manage storage zone connectors

Storage zone connectors provide access to documents and folders in:

• SharePoint sites, site collections, and document libraries
• Network file shares
• Documentum connector (requires SZC 4.1 or later)

Users with permission to view a connected resource can browse connected SharePoint sites, SharePoint libraries, and network file shares from the ShareFile web interface and ShareFile clients.

By default, connector browsing is disabled for the ShareFile web interface. To enable connector browsing, contact ShareFile Support.

Additional settings are available that allow users to specify which Domain controller to use for Active Directory look-ups. Please refer to the Authentication section of this article. This setting requires SZ 4.1 or later.

Connector System Requirements

Storage zone connectors do not support document sharing or folder sync across devices.

Connectors must have a unique display name. Users are blocked from using a connector name that is currently in use elsewhere on the account.

Permissions to create storage zone connectors

To create and manage connectors, your Admin or Employee user must have the following permissions:

• Create and Manage connectors
• Create root-level folders

To create a storage zone connector for SharePoint

Prerequisites

• If you are using storage zones for ShareFile Data, create the zone to be used for the connector.

The following steps describe how to create a storage zone connector from the ShareFile web interface. ShareFile users can also create a connector from supported devices by typing the URL of the SharePoint site.

1. Sign in to your ShareFile account as an administrator with the Create and Manage connectors permission.

2. Navigate to Admin Settings > connectors.

3. Click Add for the SharePoint connector type.

4. If you are using storage zones for ShareFile Data, choose a Zone for the connector.

   The zone for a connector must either be in the same domain as the SharePoint server or must have a trust relationship with it. If you have SharePoint servers in multiple domains and cannot configure trusts between the domains, create a storage zones controller for each domain.

5. For Site, specify the URL of a SharePoint root-level site, site collection, or document library, in the following forms.

   • Example connection to a SharePoint root-level site: https://sharepoint.company.com

     A connection to a root-level site gives users access to all sites (but not site collections) and document libraries under the root-level. ShareFile hides SharePoint system folders from users.

   • Example connection to a SharePoint site collection: https://sharepoint.company.com/site/SiteCollection

     A connection to a site collection gives users access to all subsites within that collection.

   • Example connection to a SharePoint 2010 document library:

     • https://mycompany.com/sharepoint/
     • https://mycompany.com/sharepoint/sales-team/Shared Documents/
     • https://mycompany.com/sharepoint/sales-team/Shared Documents/Forms/AllItems.aspx

   • Example connection to a SharePoint 2013 document library:

     The default SharePoint 2013 URL (when Minimal Download Strategy is enabled) is in the form: https://sharepoint.company.com/\_layouts/15/start.aspx\#/Shared%20Documents/.

   • Example connection that redirects to the NetBIOS name of an authenticated user:

     Use the variable %UserDomain% to substitute the logon name of the authenticated user with the NetBIOS name of that user. The new variable enables you to create a site-level connector to a URL such as https://example.com/%UserDomain%\_%UserName%/Documents.

   • Example connection when connecting to “My Site” or OneDrive for Business:

     Use the variable %URLusername% to automatically resolve select special characters when connecting to SharePoint personal sites. This variable replaces spaces with %20 and periods with underscores. Usage of the %URLusername% variable requires SZ v3.4.1.

     If the user’s “domain\username” is “acme\rip.van winkle” then

     https://sharepoint.acme.com/personal/%URLusername% will be resolved to: https://sharepoint.acme.com/personal/rip van%20winkle

6. Type a user-friendly name for the connector.

   The name is used to identify the SharePoint site to users. The name should be brief so it displays well on mobile devices with small screens.

7. Click Add connector. The View/Edit Folder Access dialog box appears.

8. To make connectors visible to others: In View/Edit Folder Access, add users and distribution groups and then click Save Changes.

   This step determines only whether a connector is visible to users. Storage zone connectors inherit access permissions from the SharePoint server.

To enable SharePoint metadata tagging

When configuring the storage zones controller, ensure that SharePoint connectors are enabled.

Metadata tagging is supported for SharePoint 2013 and later mobile clients.

Note:

For en-us only.

To create a storage zone connector for network file shares

Prerequisites

• If you are using storage zones for ShareFile Data, create the zone to be used for the connector.

• In order for network share connectors to work with the latest versions of Chrome, Edge, and Firefox browsers, apply the latest .NET update for your environment. For more information, see KB articles that support SameSite in .NET Framework. Apply this to all of your storage zone connectors. This is necessary to allow the SameSite attribute to be set for cookies considering the latest version of the browsers.

• If you use version 5.10.1 or lower, add <httpCookies sameSite="None" requireSSL="true"/ within <system.web> tag of C:\inetpub\wwwroot\Citrix\StorageCenter\cifs\Web.config file in all storage zone connectors. This is necessary to allow the SameSite attribute to be set for cookies considering the latest version of the browsers.

The following steps describe how to create a connector from the ShareFile Web interface. ShareFile users can also create a connector from supported devices by typing the path of a file share.

1. Log on to your ShareFile account as an administrator with the Create and Manage connectors permission.

2. Navigate to Admin Settings > Connectors.

3. Click Add for the Network Shares connector type.

4. If you are using storage zones for ShareFile Data, choose a Zone for the connector.

   The zone for a connector must either be in the same domain as the file share or must have a trust relationship with it. If you have file shares in multiple domains and cannot configure trusts between the domains, create a storage zones controller for each domain.

5. For Path, type the UNC path.

   Example with FQDN: \\fileserver.acme.com\shared

   You can use the following variables in the UNC path:

   • %UserName%

     Redirects to a user’s home directory. Example path: \\myserver\homedirs\%UserName%

   • %HomeDrive%

     Redirects to a user’s home folder path, as defined in the Active Directory property Home-Directory. Example path: %HomeDrive%

   • %TSHomeDrive%

     Redirects to a user’s Terminal Services home directory, as defined in the Active Directory property ms-TS-Home-Directory. The location is used when a user logs on to Windows from a terminal server or Citrix XenApp server. Example path: %TSHomeDrive%

     In the Active Directory Users and Computers snap-in, the ms-TS-Home-Directory value is accessible on the Remote Desktop Services Profile tab when editing a user object.

   • %UserDomain%

     Redirects to the NetBIOS domain name of the authenticated user. For example, if the authenticated user logon name is “abc\johnd”, the variable is substituted with “abc”. Example path: \\myserver\%UserDomain%_%UserName%

   The variables are not case sensitive.

   Important: Do not create a connector to the ShareFile Data storage location. Depending on user permissions, doing so can enable users to remove all ShareFile Data.

6. Type a user-friendly Name for the connector.

   The name is used to identify the file share to users. The name should be brief so it displays well on mobile devices with small screens.

7. Click Add connector. The View/Edit Folder Access dialog box appears.

8. To make connectors visible to others: In View/Edit Folder Access, add users and distribution groups and then click Save Changes.

   This step determines only whether a connector is visible to users. Storage zone connectors inherit access permissions from the network share. Permissions for read/write access are determined by the security settings of the network share and are also affected by the ShareFile plan.

To enable file checkin and checkout for network file shares

Prerequisites

Storage zones controller version 5.8 and Network File Shares connector must be configured.

Steps

1. Sign in to Storage Center. The configuration page appears.
2. Click Modify on the configuration page.
3. Select the check box Enable check in and check out for network file shares.
4. Type the name of the domain where the users and network shares are located.
5. Type the user name and password of the service account. This service account is required to have read and write access on all files and folders present in the network share location.

Connector authentication

Admin users can now utilize the following setting to specify which Domain controller to use when performing AD look-ups for CIFS or SP authentication.

<add key="Domaincontrollers" value="DC01,dc02.domain.com,123.456.789.1" />

The “Value=” above can be set to a single DC or multiple DCs identified by host name, FQDN, or IP Address. Multiple DCs should be separated by commas or semicolons.

If multiple DCs are specified, the look-up will be executed against the first DC. If an error occurs, the second DC is utilized, and so on.

The above property can be added to C:\inetpub\wwwroot\Citrix\StorageCenter\AppSettingsRelease.config so that it will be inherited by all storage zones controller IIS apps (including CIFS, SP, and ProxyService).

If the new app setting is not present, the default behavior of automatically selecting a DC continues.

Get a direct link from Network Share / SharePoint connectors

Users can now “Get a Direct Link” from Network Share / SharePoint connectors while using the latest version of the ShareFile app for iOS or Android.

If the Admin would like to disable this feature, they can do so by adding:

<add key="disable-direct-link" value="1"/>

The above can be added to C:\inetpub\wwwroot\Citrix\StorageCenter\sps\AppSettingsRelease.config.

Basic authentication and localized user names

Basic Authentication does not support non-ASCII characters. If using localized user names, it is suggested that users utilize NTLM and Negotiate.