A FREE SSL Certificate from Let’s Encrypt solves one of the common challenges with testing out MyworkDrive
A common question that comes up when clients trial or deploy a proof of concept with MyWorkDrive is whether they need to use HTTPS and bind an SSL/TLS certificate.
We emphatically say yes, for a few reasons
1) You’re probably trialing with a subset of real data. Even if you’re not, there’s a chance an employee may test with real data out of scope and put that data at risk.
2) You’re going to want to test firewall and security rules as part of your test.
3) You’re going to want a realistic performance test, and https traffic is, typically, a little slower due to the security.
Another argument in the favor of using HTTPS and an SSL/TLS certificate is that the MyWorkDrive clients don’t accept Self Signed certificates, so you’re going to want to apply an SSL/TLS certificate to your MyWorkDrive server if you want to test our Map Drive and Mobile clients.
The the question, of course, where to get a certificate? Some organization will have a wildcard cert, but, getting permission to it may be a challenge. More commonly, we’ll hear that the certificate is only good on the webserver, or that getting permission to spend even the $20 a discount SSL certificate costs is a challenge.
Some organizations aren’t even aware of discount SSL providers (and then you do a web search and discover there are thousands, how do you choose a good one and avoid getting your credit card hacked in the process?)
The good news is, you can get a valid FREE SSL certificate FOR FREE for no more work than generating a CSR in IIS from Let’s Encrypt, with zero risk of a comprimised credit card and avoiding all the approval challenge in getting a certificate for your poc/trial.
Let’s Encrypt isn’t a scam. Its a non-profit with backer’s you’ve likely heard of – EFF, Cisco, Facebook, Google, Stanford University, University of Michigan and Mozilla.
Let’s Encrypt is pretty simple to execute, but most of the tutorials and literature you’ll find out there refer to implementations in Linux or other open source hosting platforms. There aren’t a lot of tutorials written for Microsoft IIS, but Windows clients do exist and we’ll walk you through using one of the easier to use examples.
SSL Certificate Setup on IIS with Let’s Encrypt
You’ll start with a DNS Entry mapped to an IP (Cname, A Record) and Port 80 and 443 mapped/open and bound to the WanPath.Webclient website on your MyWorkDrive server.
You run a small app (called an Acme client) on your server which does a challenge-response to validate your server, then downloads and even binds the certificate for you.
If there’s any negative, its that the certificates are only valid for 90 days before you have to renew them. But, renewal is as simple as running the client again (and many clients will automatically schedule renewals in Windows Scheduler!).
Oh, and most of the clients run in dos – but they’re fairly straight forward – no complicated paths or case-sensitive strings to type.
Lets walk through a real life example.
- We’re going to secure the MyWorkDrive server for myworkfolders.net.
- We’ve installed MyWorkDrive on a server on our domain.
- We’ve opened Port 80 and Port 443 inbound to our server.
- We’ve added a DNS entry for fileshare1.myworkfolders.net to DNS, pointed at our new server.
From here, the following steps are completed on the server hosting MyWorkDrive.
We’ll start by editing the bindings in IIS on the MyWorkDrive server to map the port 80 on the WanPath.WebClient site to fileshare1.myworkfolders.net. At this point, you should be able to access the MyWorkDrive server at http://fileshare1.myworkfolders.net, if you have not marked “require SSL” in settings.
We’re going to use the Win-Acme client from PKI Sharp as our client on Windows to access LetsEncrypt. Its available for download as a .zip from https://pkisharp.github.io/win-acme/ There are many other clients available and you may find one you like better. This one just happens to be one we’ve used reliably over the past few years.
We’re going to download version 2.1.0 64-bit pluggable, which is marked Recommended. You should take the most current version available at the time you download.
Once its downloaded, extract it and store it in your favorite location for apps. Remember, you may need this again to renew the certificate in 90 days, so do not discard it. We created a new folder c:\Win-Acme
Launch a command prompt as Administrator and browse to the folder you saved Win-Acme in. Run wacs.exe. It will launch a dos window with a list of questions.
Select N: Create new certificate (simple for IIS)
It will prompt you to ask you want to bind.
Select 1: Single binding of an IIS website
You’ll get a list of the websites on your server (which should only be a single SiteId since we only set port 80 on one website). Choose the option with the domain name, in our case 2: fileshare1.myworkfolders.net (SiteId 4)
When prompted, enter your email. The Win-acme client will send you reminder emails to renew your site.
TOS – we have experienced trouble getting these to open in the default application as offered. When we said yes the program crashed. Review the terms at the URL printed on screen, and if you have trouble opening them with the default application like we did, go ahead and say NO to the prompt to open them. If you do say yes and the program crashes, just run it again repeating the same steps until you get to this screen, where you should say No to continue.
Agree to the terms when prompted, assuming you’ve reviewed them and they are acceptable.
Win-Acme will then run through the authorization and explain what it has done. In our case, it added new https binding for port 443 as we expected, and then it scheduled a renewal in the scheduler.
Go ahead and select Q to quit, and lets take a look in IIS to verify it added the binding.
Open IIS, open the WanPath.WebClient site and click on Bindings. You should see that an HTTPS entry has been added for your site – in our case fileshare1.myworkfolders.net
If you edit the binding, you can use the view option to have a look at the certificate and see the details.
Lets jump on a website on our desktop and see if our site is now available via HTTPS
Looks good. No errors about the certificate, Chrome is showing a lock symbol. You can click into the lock symbol and double check the details.
And that’s it! It took longer to read this blog posting than it would to secure your site.
Lets Recap – Let’s Encrypt SSL Certificate Setup steps
Open/Map Firewall Ports
Bind your DNS name in IIS
Answer 6 questions
You’re all set! Your Free SSL Certificate is added and bound automatically.
Not using MyWorkDrive, but want to use Lets Encrypt and Win-Acme to secure other IIS hosted sites with a Free SSL Certificate? Just follow these directions except at the step where you’re choosing MyWorkDrive, choose the site you want to secure.
Note that at this point you can remove or block the binding for port 80 and just leave port 443 open inbound, however, the Lets Encrypt Win-Acme Free SSL certificate renewal will fail without port 80 being open/mapped. You may want to make a calender event reminder to manually process the renewal in 85 days or so and re-open port 80 temporarily if you are keeping it closed.
Or, just leave Port 80 open and set the “require SSL” option in MyWorkDrive settings.
Using a Free SSL Certificate from Let’s Encrypt on IIS? Drop us a note on Social and let us know how its going for you!
With the increase in remote work where people and businesses need to work remotely, how do they do it?
Remote employees work either from home or outside of the traditional working environment, such as at an office or on a specific job site. It increases morale and encourages successful completion of tasks and goals in a much more efficient, timely, and cost-effective manner while also protecting the health of employees.
All remote work can be summed up into two distinct categories:
- A fully remote job allows an employee, whether they be part-time, full-time, or on a freelance basis, to work 100% from home without needing to commute to an office location.
- A partial remote job offers employees some remote work capabilities but does not allow the employee to engage in their work without visiting the office or job site at least some of the time.
So how does a company decide whether they should remain fully remote or consider part-time office visits? This largely depends on the type of job, but the three deciding factors usually are:
- Travel is a necessary part of the job.
- Staff meetings and face time is required.
- Certain aspects of a particular job cannot be done from home or outside of the office.
Whether full-time or part-time, one thing is for sure, remote work is no longer considered a trend but is now a fully viable option, as is confirmed by numerous studies and statistics, which we will address right now. Read more
We are excited to announce the availability of of our new Data Leak Prevention (DLP) view of files in the MyWorkDrive mapped drive clients. With this preview release, users will be able to view and edit files online directly from the mapped drive client – while still being restricted from downloading as configured on the MyWorkDrive Server. This feature eliminates training requirements for end users and the need to login from the Web Client by using a native view of files and folders in both Windows Explorer and macOS Finder – while adding DLP security features to protect sensitive data.
- Prevent downloads of files and folders while still displaying files and folders in a traditional mapped drive client interface.
- View, or Edit files online while blocking download, clipboard, printing, upload or renaming of files.
- Watermarks and user details displayed and logged on all viewed files.
Check out our video on this ground breaking feature available only from MyWorkDrive!
In addition to our new Mapped Drive DLP viewer options we added these new 6.1 features and updates:
- Native File Explorer Shortcut support
- Locked Files Display Page
- Improve Share Setup and Validation
- Add import permissions button to existing shares to update permissions
- Add import metadata url to Manual SAML
- Improved support to manually support multiple SAML providers (author doc)
- Web Client now uploads in 50 MB Chunks
- Clustering Improvements to automatically share logo, SAML configuration
- Clustering support for DUO 2FA
- Mapped Drive Bulk Upload Report Export to CSV
- Mapped Drive Client Windows Updated Driver Fixes
- Support for Enhanced DUO Security Login “Modern Auth” Workflow (6.1 clients required)
- Improved PDF Online Viewer Multi-User Performance
- Add Support for viewing password protected PDFs in Online Viewer
Numerous other enhancements and fixes – Release notes are here.
What is the future of Remote Work? With light at the end of the tunnel on the Covid Pandemic what does that mean for Remote Work? In our Remote Work article, we reviewed the latest trends and work styles for remote work pre-pandemic. During the Pandemic, remote work has become not only more common but […]
With MyWorkDrive, enterprises can simply and easily provide secure remote file access to their users in minutes without migrating files or managing complex infrastructure. Unlike Egnyte, MyWorkDrive integrates exclusively and natively into an existing Windows File Share infrastructure. MyWorkDrive is built from the ground up to integrate exclusively with Windows Active Directory and NTFS File Shares with no changes to work processes or traditional mapped drives clients.
MyWorkDrive gives your enterprise secure file share access without VPN using your Windows File Shares & Active Directory infrastructure. Remotely edit and share files simply and securely. No Vendor lock-in, No syncing or migrating to a cloud needed. MyWorkDrive is used by Enterprises, Government and Education with 5 start reviews Worldwide.
Web File Manager alternative to Egnyte
Access your file shares remotely using any web browser with our Web File Manager. Our Web File Manager is the most elegant and user friendly in the industry loaded with the features users need with nothing to install.
Mapped Drive vs Egnyte Sync Client
Connect to your files remotely using our MyWorkDrive Mapped Drive Client which allows users to securely map a drive to their work files from anywhere without Sync or VPN. Optionally enable our Two Factor Authentication and SAML/SSO for additional security and compliance.
No migration to Egnyte
Unlike Egnyte, MyWorkDrive works side by side with Windows File Shares in place – at no time are any files stored on the MyWorkDrive servers. Enterprises can deploy MyWorkDrive without fears files being stored in proprietary databases or cloud storage providers.
Unlike Egnyte, MyWorkDrive exclusively uses existing active directory users, group and NTFS permissions to provision users. No files are stored in any databases, Moved to the Cloud, nor are any additional administration of users, database backup software licenses or management needed when integrating MyWorkDrive.
Network Share file locking
With our native file locking integration, users can continue to use traditional mapped drive clients and files are properly locked alongside our Web, Mobile, or Desktop clients. With Egnyte, clients must be migrated to Egnyte only clients to properly lock and interact with network shares alongside other users.
Mobile Office Document Editing
Only MyWorkDrive has the ability to edit documents in native Office Apps for iOS mobile stored on Local File Shares.
Egnyte imports Active Directory users and groups into a database and requires manual management of license keys. With MyWorkDrive, Active Directory is native and licenses are automatically provisioned and deprovisioned as users drop off after 30 days.
Better Web Browser Client
With MyWorkDrive users view and edit files in our beautiful Windows file explorer style interface, greatly reducing training and support costs.
MyWorkDrive exclusively uses built-in Windows NTFS and Access Based enumeration security for Windows shares that run under the user’s login context, as such no login information or access to files are ever stored in a database or used by MyWorkDrive.
Administrator of organizations using Egnyte to access file shares remotely, should strongly check out MyWorkDrive as a viable alternative. MyWorkDrive is known as a VPN alternative where you can cloudify the existing file shares located in your own data center, grant users remote access permissions and manage multiple devices easily utilizing existing NTFS permissions and an enterprise’s current IT infrastructure with your existing windows active directory.
MyWorkDrive allows secure file remote access without VPN, syncing, or migrating to the cloud or new systems. Your files, your data, and your data center become your own private cloud instantly allowing users to remotely edit and share files simply and securely side by side with your existing mapped drive users without migrating files or storing them in the cloud. With MyWorkDrive you can can take advantage of our advanced features including encrypted view, data leak prevention, duo authentication, and more. With MyWorkDrive support costs are dramatically lower than Egnyte products – Users simply access files using our Mapped Network Drive Client or Web File Manager Client with no training needed!
MyWorkDrive received notice from Cloudflare that Argo Tunnel agents older than 5.5.2020 will no longer be supported as of March 20th. This requires all MWD customers to be running a minimum of MWD Server 126.96.36.199 or higher. Cloudflare is required to Open MyWorkDrive documents in Office online and is also used by customers running under *.myworkdrive.net (Cloud Web Connector).
MyWorkDrive servers running version 188.8.131.52 and lower are impacted by this requirement and will not be able to connect to Cloudflare tunnels until they are upgraded after March 20th.
It is urgent that customers upgrade their MyWorkDrive Servers to a minimum of latest 5.4.3 or 6.0.1 (recommended) ASAP.
As always, our upgrades are provided without charge to currently licensed clients. If you would like assistance planning or executing your upgrade, please contact us and we’ll be happy to assist you.
We are excited to release Version 6 Mac & Mobile clients. Version 6 Server added major new features including; Granular Permissions on shares, Multiple Domains Support, Teams App Support and External Guest User folder sharing. The version 6 Windows Client remains in preview with a production release date expected in the next 2-4 weeks.
MyWorkDrive Client Version 6 Releases
Now certified by Microsoft and available in the Microsoft Teams Store (version 6 server required)
MacOS Notarized Install
Block/Allow List Support
Supports DLP Restricted View of files without permitting download
Increased Photo Uploads
iOS 14.2 and new Device Hardware Support
MyWorkDrive Server Updates
Version 6 is a major Server update. Customers are advised to test version 6 server in a separate or standalone environment prior to upgrading as downgrading to prior versions is not supported. Updated Version 6 Server is available for download. All customers are advised to upgrade their MyWorkDrive servers to the final version of 184.108.40.206 or latest updates to version 6 to take advantage of important fixes, improvements and enhancements.
Click here to Download MyWorkDrive Server Updates. If you would like assistance planning or executing your MyWorkDrive Server setup, please contact us and we’ll be happy to assist you.
Questions? Need a trial extension? Contact email@example.com
Azure Files Remote Access with MyWorkDrive
We are excited to announce version 5.4.2 update of MyWorkDrive server and Windows client is now available for production use. With this release, MyWorkDrive now supports larger size limits on the Web client, faster logins on large domains and and upload speed improvement on our Windows Mapped Drive client.
- Support for file downloads larger than 3 GB
- Faster logins on large domains
- UI improvements across all clients
- Mapped Drive permissions improved messaging
Numerous other enhancements and fixes –Release notes are here.
Windows Mapped Drive
- Mapped Drive permissions improved messaging
- Warnings when paths too deep improved messaging
- Improved login/logout performance
- Upload speed improvements by up to 500%
- Support for editing Open Office Documents
Numerous other enhancements and fixes – Release notes are here.
Mac Mapped Drive
We are continuing development of our Mac Mapped Drive client. The components used to create virtual drives in Mac OS are no longer supported by Apple or the open source community, requiring extensive reprogramming. We have added additional resources to complete this effort however we do not have a timeline for an updated release. The Web Client is fully supported on Mac’s.
As always, our upgrades are provided free of charge to currently licensed clients. If you would like assistance planning or executing your upgrade, please contact firstname.lastname@example.org and we’ll be happy to assist you.
Questions? Need a trial extension? Email us at email@example.com or Phone: 877-705-4997