Posts

Benefits of Having Remote Access to Your Work Files

Remote access is no longer a company perk it’s a necessity. Remote access means different things to different people. It can refer to telecommuters accessing their company’s server; branch offices that need interaction with systems at company’s main office; or enable mobile employees to upload or download data from a hotel, car, or even a […]

Pages

Cloud File Sharing Services

Cloud File Sharing

A review of recent posts on file sharing and cloud solutions reveals an ongoing demand for an easy file web access and map drive solution for existing Windows File Servers that’s not currently available in typical file sharing services. Typically when larger companies are looking to provide cloud file sharing capabilities they are faced with migrating their files to proprietary cloud storage providers at considerable expense where they loose control of their data.

Enterprises are searching for products that provide cloud file sharing capabilities without vendor login using standardized file formats, metadata and permissioning. NetApp is a vendor long known for their NAS storage appliances that lists a number of cloud based file sharing services that can host files in the cloud – but retain them in NTFS formats – such as AWS FSX File Shares or Azure File Shares.

Intivix – an IT Consulting Firm in San Francisco – looked for products to fill this demand and came up short. All the products assumed clients are looking to sync all their data to the cloud or users’ desktops–something unfeasible when file server storage for even the smallest clients exceeds 1 terabyte, required complex migrations and the willingness to give up control and ownership of company files. Intivix therefore founded Wanpath LLC in 2014 to fill this gap when they launched –MyWorkDrive.com.

MyWorkDrive software is now used by Large Enterprise, Government, Health Care and and Higher Educational institutions to provide their own private cloud file sharing service.

coud file sharing

Most Appreciated Features of MyWorkDrive

  • 100% native Windows product: Easy to patch and ties into active directory (with nothing to configure) and inherits existing NTFS permissions, users and groups.
  • Cloud File Sharing solution without VPN: End-users utilize the file web access browser client or WebDAV to map drives; there are no sync clients to maintain or troubleshoot. We leave synching to whatever service the client prefers for a subset of their files – Box, Dropbox, OneDrive, etc..
  • Easy Access on the go from mobile devices: Files can be viewed on iPads or for power users they can utilize our native iOS and Android Mobile clients. With our Mobile Clients users can edit documents online in Office 365 and access file sharing in any apps.
  • Cloud File Sharing without the risk or file migration: With builtin support for Two Factor Authentication, SAML and compliant FIPS encryption, customers data is secured on their on they own servers – no data is ever stored on the MyWorkDrive Server or in the cloud.

With MyWorkDrive users can connect in the cloud to internal files & shares using any web browser, map drive client and enjoy ease of access on any mobile device – all while providing internal access at gigabit speeds using the mapped drives users already know.

With MyWorkDrive users enjoy all the benefits of cloud file server access without giving up their data!

Windows File Sharing

WINDOWS FILE SHARING

Windows File Sharing Best Practices

File Sharing

Traditionally Windows file sharing has been limited to creating shares on local servers, setting permissions and accessing files over local area networks or VPN’s. Windows File Sharing has many benefits including speed of access, simplicity, unlimited storage capacities, integration with active directory and the ability to deploy mapped drives to 1000’s of machines instantly using login scripts or group policies. For this reason, the majority of enterprises continue to maintain significant investments in a Windows file sharing infrastructure including servers, high speed networks, Storage Area Networks and Network Storage devices. These devices provide the reliability, speed and redundancy enterprises demand for a highly efficient workforce.

Windows File Sharing

Sharing files using Windows active directory is easy. It’s important first to plan the directory structure. Companies typically create root folders which in turn become shares that can be mapped to various departments (for example: Finance, Projects, Executive, HR). In the past companies would map different drive letters to each department. This is no longer necessary since Microsoft shipped the addition of the “Access Based Enumeration” feature as noted below.

It’s also important to plan for future growth by allocating sufficient disk space for file. It is best practice to locate files on a separate drive letter from the Operating System Drives to prevent future issues with drive space or an operating system failure from corrupting files. Larger organizations typically store files on Network Attached Storage appliances with failover and backup built in and utilize DFS namespace to redirect users to redundant back end file servers.

Windows File Server shares can be created using Server Manager or by right mouse clicking on any folder and choosing “Sharing” on the sharing tab to create a share that can be mapped by PC’s. Microsoft has a great article here on how to create a file share using Server Manager here. For our purposes we will create a share using the manual process so we can have complete control on permissions, share name and share permissions.

Creating a Windows File Share (Easy)

Once you have created the folder structure, right mouse click on the folder and choose properties, then choose share to create the share and set permissions:

Create Windows Share

Typically, you would add the various groups for whom you wish to have access to your folder structure. With the simplified interface the actual share creation and permission details are set for you. Using the Advanced Share interface, we can see the actual permission applied to both the share and NTFS.

Creating a Windows File Share (Advanced)

There are 2 components when sharing folders in Windows. First the actual Share name and permission on the share and the underlying NTFS permissions. In the early days of Windows file systems (fat and fat32) did not allow setting of permissions so Microsoft allowed administrators to set permissions on the share itself rather than the folder structure underneath. Fortunately, NTFS has been around for many years and it’s no longer necessary or advisable to set permissions at the fileshare level and you’ll see that when you use the easy share interface permissions at the share level are set to the special group “Everyone” and full control.

Share Permissions

So it’s clear that we should always set the permission on the share to “Everyone” with full control when using the advanced sharing option to get around this legacy feature and only use NTFS permissions to apply security. One additional note on File Shares and Naming – to make the share hidden (not broadcast it on the network for browsing), append a $ sign to the end of the name. For example: Finance$ can be used to hide the share from appearing when users browse the network. To map a drive to it users need to know the name – for example \\server\finance$.

Next, we need to set permissions on folders using NTFS security. If we look at the security permissions for the shared folder we created in our example we will see the user groups we chose have been granted permissions on that shared folder:

From this interface we can add additional users and groups or disable inheritance so that we can apply custom permission on this folder only. This interface is also where we go to take ownership of files and folders. In the easy share wizard security results, we can see both groups we added have “Full Control” for all files and folders. While Full Control makes sense for Administrators, it’s not advisable for regular user groups. By granting regular users Full Control we have also granted them the “Take Ownership” right which will cause issues down road. Files “Owned” by one user can become unavailable to other users resulting in support requests and the need to have the administrator “Take Ownership” so these files are again available to everyone with rights to the share. In our example we will want to set the “Domain Users” group to all rights except for “Full Control” using the security tab properties on the folder. This simple step will prevent file ownership troubleshooting issues in the future.

Microsoft has a built in utility on Windows to clean-up ownership issues called “takeown”. We advise customers to cleanup existing ownership issues prior to deploying MyWorkDrive. This command will take ownership of the folder or drive, and all files and sub-folders in the folder or drive.

Open an elevated command prompt (administrator).

To grant ownership to administrators group:

takeown /F “full path of folder or drive” /A /R /D Y

Another option to cleanup ownership permissions is to use the icacls command.

To grant ownership to administrators group:

icacls “full path of folder or drive” /setowner “Administrators” /T /C

Access Based Enumeration using Windows File Sharing

Access-based enumeration (ABE) displays only the files and folders that a user has permissions to access. If a user does not have Read (or equivalent) permissions for a folder, Windows hides the folder from the user’s view. This feature is active only when viewing files and folders in a shared folder; it is not active when viewing files and folders in the local file system. By utilizing this feature and setting the proper permissions, network administrators can reduce the numbers of shares needed and use ABE to only display files and folders the user have permissions to when accessed over UNC paths.

ABE does require CPU cycles to calculate files and folders to display so it’s important to properly size servers to handle the required load based on the number of users access file shares and the number of files and folders to display.

Enable ABE on each windows file share using Microsoft’s guide: Enable access-based enumeration on a namespace. Microsoft has a complete guild article on best practices for sharing files and folders using access based enumeration here.

DFS Namespaces

DFS Namespaces is a role in Windows Server that enables you to group shared folders located on different servers into one or more logically structured namespaces. This makes it possible to give users a virtual view of shared folders, where a single path leads to files located on multiple servers. The advantage of DFS is that drives can be mapped to one DFS Name space and automatically redirect to the then current live file share. This makes migrating to new file servers in the future very simple since a new file server can be redirected to at any time.

Backup and Retention

The first line of defense for any organization are effective, tested and redundant backups. In addition to scheduling backups on an hourly, daily, weekly or other intervals IT administrators can take advantage of the “Volume Shadow Copy” service built into Windows Server. By enabling hourly snapshots, file and folders can be rolled back to previous versions instantly without having to go to backup systems. Volume Copy Snapshots are not a backup strategy in of themselves but they can provide and additional level of protection.

Backup and retention is also of great concern to protect from data loss, corruption and to comply with legal requirements. Typically, most businesses must retain up to 7 years of backups that can easily be restored in the future. For this reason, businesses are reluctant to store their files in database driven file systems either locally or in the cloud including Document Management Systems (DMS) and Enterprise File Sync & Share (EFSS) systems. With traditional NTFS based Windows file sharing archive backups can be stored on backup hard disks making restoration as simple as copying over files – even several years later. With DMS or EFSS systems the restoration of archive data is significantly more complex. Restoration requires backing up and restoring entire operating systems, reinstallation of SQL databases in use at that time (which may no longer be available), restoring backups of SQL data and reintegration of servers back into active directory. Cloud based EFSS or systems require 3rd party backup subscriptions which must be maintained indefinitely to prevent loss and removal of backup file data by the cloud vendor.

Secure File Share Remote Access

Businesses of all types are turning to MyWorkDrive to support Remote Work while retaining the speed and simplicity of traditional Windows file sharing using our hybrid cloud add-on. With MyWorkDrive IT departments simply setup MyWorkDrive Windows server software, point to existing Windows file shares and in minutes Secure File Sharing remote access functionality is made available to users without VPN including:

Web File Manager browser access to file shares

Office Online document editing ( with files stored on the local file servers )

Mapped Drive from Anywhere without VPN

Mobile App File Access and Editing using Microsoft Office Mobile Apps

Public and Private file sharing

Two Factor Security (2FA)

Single Sign On

Traditional Windows File Sharing at gigabit speed continues to be available in parallel to MyWorkDrive. Users simply leverage file sharing using traditional methods on the local area network and use MyWorkDrive when cloud functionality or remote access is needed. For IT Departments, No SQL databases need to be maintained or licensed making file backup and restoration simple – NTFS based file shares remain in place.

Sharing and collaborating on files to users outside of the company is essential to a productive workforce. With MyWorkDrive internal files can be made public effortlessly with our OneDrive integration. By leveraging our OneDrive integration businesses can protect sensitive data by transferring public files as needed to OneDrive without opening up internal systems to outside parties or enabling insecure file sharing links that can expose company servers to data breaches.

With MyWorkDrive businesses of all types are able to add cloud capabilities to Windows file shares while protecting and controlling their data to future proof their file server infrastructure investments.

Office Online Local Editing with MyWorkDrive

Edit and Collaborate in Office Online

MyWorkDrive enables enterprises to remotely edit and collaborate on documents within a browser window using Office Online while keeping files stored on their own company’s server.

Office ONline

MyWorkDrive allows employees to take advantage of more efficient opportunities to collaborate and get work done on Office files from any Web Browser, anywhere in the world with an Office 365® subscription or a locally installed Office Online or Only Office Server.

Edit Local Office Files in Office Online

Do you need to open and edit local documents in Office 365®/ Office Online? With MyWorkDrive you can. MyWorkDrive allows you to open locally stored files on windows file shares in the browser using your existing SharePoint Online or OneDrive accounts or by pointing to your own Office Online Server or Only Office Server. Learn more here on how to edit Local Office Files in Office 365.

Edit in Local Office from the Web client

Edit Office files stored on File Shares through the browser in locally installed Office. Protect your files from ransomware and reduce support costs by editing Office files from the browser in locally installed office with no VPN or Mapped Drive needed.

MyWorkDrive and the Modern Business World

The modern business world is more dynamic and fast-moving than ever before and the team at MyWorkDrive believes technology should be supportive of this demanding environment and optimize it’s potential. More and more professionals are driving demand for universal access, storage and the ability to collaborate remotely; businesses in every industry want instant access, from anywhere and all the time.

MyWorkDrive was founded around the core value that organizations should have the option to retain ownership and control of their files, whether they are stored online or locally, in standard NTFS file formats – and should not be forced to migrate, convert or store them in proprietary cloud storage providers requiring vendor lock-in just to experience the benefits of secure online collaboration.

Office Online Editing Demonstration Videos

Editing a Document

 

Co-Editing

 

Mobile Apps

Contact MyWorkDrive

For more information on the innovative MyWorkDrive file share remote access and collaboration solution please don’t hesitate to reach out to our team of experts anytime at (877) 705-4997 or via email at sales@myworkdrive.com

All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.