owncloud Architecture Overview



Similar documents
owncloud Architecture Overview

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Your Cloud, Your Data, Your Way! owncloud Overview. Club IT - Private and Hybrid Cloud. Austrian Chambers of Commerce Vienna, January 28th, 2014

IT Peace of Mind. Powered by: Secure Backup and Collaboration for Enterprises

Access All Your Files on All Your Devices

WOS Cloud. ddn.com. Personal Storage for the Enterprise. DDN Solution Brief

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX

Product Analysis of owncloud Enterprise Edition 8

Security Overview Enterprise-Class Secure Mobile File Sharing

activecho Frequently Asked Questions

An Enterprise Approach to Mobile File Access and Sharing

FileCloud Security FAQ

NCSU SSO. Case Study

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

CTERA Enterprise File Services Platform Architecture for HP Helion Content Depot

Installation and Setup: Setup Wizard Account Information

Casper Suite. Security Overview

Enterprise Private Cloud Storage

The governance IT needs Easy user adoption Trusted Managed File Transfer solutions

CTERA Cloud Storage Platform Architecture

Gladinet Cloud Access Solution Simple, Secure Access to Online Storage

Media Shuttle. Secure, Subscription-based File Sharing Software for Any Size Enterprise or Workgroup. Powerfully Simple File Movement

WebRTC-powered ICEWARP VERSION

BarTender Print Portal. Web-based Software for Printing BarTender Documents WHITE PAPER

File Services. File Services at a Glance

Kopano product strategy & roadmap

Egnyte Cloud File Server. White Paper

Features of AnyShare

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

When enterprise mobility strategies are discussed, security is usually one of the first topics

Storage Made Easy Enterprise File Share and Sync (EFSS) Cloud Control Gateway Architecture

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

Symantec Mobile Management Suite

Top. Reasons Federal Government Agencies Select kiteworks by Accellion

activecho Driving Secure Enterprise File Sharing and Syncing

AirWatch Solution Overview

Business and enterprise cloud sync, backup and sharing solutions

owncloud Enterprise Edition on IBM Infrastructure

Sisense. Product Highlights.

How To Secure Your Data Center From Hackers

MassTransit vs. FTP Comparison

Nasuni Management Console Guide

Securely. Mobilize Any Business Application. Rapidly. The Challenge KEY BENEFITS

Transporter from Connected Data Date: February 2015 Author: Kerry Dolan, Lab Analyst and Vinny Choinski, Sr. Lab Analyst

Interact Intranet Version 7. Technical Requirements. August Interact

JAMF Software Server Installation and Configuration Guide for Linux. Version 9.2

Introducing Databackup.com Cloud Backup. File Locker File Sharing & Collaboration EndGaurd EndPoint Protection & Device Management

Data Storage That Looks at Business the Way You Do. Up. cloud

Fileweave. Large File Transfer. Seamless Microsoft Outlook add-in. Simple drag and drop functionality

Workday Mobile Security FAQ

Document OwnCloud Collaboration Server (DOCS) User Manual. How to Access Document Storage

OnCommand Performance Manager 1.1

Kaltura Extension for SharePoint User Manual. Version: Eagle

JAMF Software Server Installation and Configuration Guide for OS X. Version 9.2

Connection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V

Migration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module

Flexible Identity Federation

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

nexus Hybrid Access Gateway

SCOPE OF SERVICE Hosted Cloud Storage Service: Scope of Service

Configuration Guide. BES12 Cloud

Citrix ShareFile Enterprise: a technical overview citrix.com

Security Architecture Whitepaper

MEGA Web Application Architecture Overview MEGA 2009 SP4

E-Guide SIX ENTERPRISE CLOUD STORAGE AND FILE-SHARING SERVICES TO CONSIDER

Administering Jive for Outlook

What s New with Enterprise Vault 11? Symantec Enterprise Vault 11 - What's New?

The Centrify Vision: Unified Access Management

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

CTERA Agent for Linux

Media Exchange. Enterprise-class Software Lets Users Anywhere Move Large Media Files Fast and Securely. Powerfully Simple File Movement

JAMF Software Server Installation and Configuration Guide for OS X. Version 9.0

Persona Backup and OS Migration for insync Private Cloud 5.5. June 16, 15

Citrix ShareFile Enterprise technical overview

HDS HCP Anywhere: Easy, Secure, On-Premises File Sharing Date: May 2013 Author: Vinny Choinski, Senior Lab Analyst, and Kerry Dolan, Lab Analyst

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Migration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module

WhatsUp Gold v16.3 Installation and Configuration Guide

WHITE PAPER NEXSAN TRANSPORTER PRODUCT SECURITY AN IN-DEPTH REVIEW

Integrating Single Sign-on Across the Cloud By David Strom

Kaseya IT Automation Framework

Setting Up Resources in VMware Identity Manager

Manage all your Office365 users and licenses

An Overview of Samsung KNOX Active Directory and Group Policy Features

SECURITY DOCUMENT. BetterTranslationTechnology

Cloud Attached Storage 5.0

Server Software Installation Guide

Live Guide System Architecture and Security TECHNICAL ARTICLE

Troux Hosting Options

Administration Guide NetIQ Sentinel

Enterprise Solution for Remote Desktop Services System Administration Server Management Server Management (Continued)...

Introduction to the EIS Guide

The increasing popularity of mobile devices is rapidly changing how and where we

Directory Integration with Okta. An Architectural Overview. Okta White paper. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

CloudPassage Halo Technical Overview

DiamondStream Data Security Policy Summary

Transcription:

owncloud Architecture Overview owncloud, Inc. 57 Bedford Street, Suite 102 Lexington, MA 02420 United States phone: +1 (877) 394-2030 www.owncloud.com/contact owncloud GmbH Schloßäckerstraße 26a 90443 Nürnberg Germany Tel.: +49 911 21 64 50 79 www.owncloud.com/de/contact

owncloud Architecture Overview Sensitive enterprise data is outside of IT s control Many employees use cloud-based services to share sensitive company data with each other, vendors, customers and partners. They sync data to their personal devices and home computers in an effort to do their jobs quickly and efficiently without IT s over sight. Consumer cloud-based file sharing services store sensitive company data on external servers outside of IT s control, in violation of corporate policies and regulatory requirements maybe even outside the country and not managed by IT. The risks of data leakage, compliance violations and damage to the business are enormous. The Dropbox Problem in Action IN YOUR ENTERPRISE DROPBOX AT HOME & MOBILE User A Firewall User B NO IT CONTROL: Security Governance NO IT CONTROL: Storage and Servers User Provisioning (Mobile) Devices NO IT CONTROL: Sensitive Data Figure 1: How sensitive data is shared beyond the firewall and IT control Time to Regain Control owncloud allows IT to regain control of sensitive data with managed file sync and share: Manage and Protect data on-premise using any available storage, with the complete software stack running on servers safely inside the data center, controlled by trusted administrators, managed to established policies. Integrate with existing IT systems and policies such as authentication systems, user directories, governance workflows, intrusion detection, monitoring, logging and storage management. Extend functionality easily through a comprehensive set of APIs to customize system capabilities, meet unique service requirements, and accommodate changing user needs. AND STILL provide end users clean, intuitive access to the documents they need to get the job done using desktop systems, laptops, tablets and smart phones. Page 1 of 6

owncloud in Action IN YOUR ENTERPRISE OWNCLOUD AT HOME & MOBILE User A open APIs and architecture Firewall (Mobile) Devices User B IT MANAGED: On-site Server On-site, Off-site or Hybrid Storage User Provisioning & Authentication IT MANAGED: Governance Security Compliance SAME CONSUMER grade ease of use Figure 2: owncloud provides managed file sync and share AND STILL consumer-grade usability Solution Architecture Overview The core of the owncloud solution is the owncloud server. Unlike consumer-grade file sharing services, owncloud s server enables IT to protect and manage files within the owncloud environment from file storage to user provisioning and data processing. owncloud monitors and logs all data access events for downstream auditing and analysis using popular tools like Splunk. The server provides a secure web interface through which administrators control all of owncloud s resources, allowing authorized users to enable and disable features, set policies, create backups and manage users. Advanced features for enterprise directory integration and file firewalls give admins exceptional flexibility and control. The server also manages and secures API access to owncloud, while providing the internal processing engine needed to deliver high performance file sharing services. The owncloud server stores user files in standard file system formats and can use most enterprise file systems. If you can mount the file system on your server, owncloud can use it owncloud is file system and storage agnostic. owncloud can leverage storage that is physically located in your data center or virtually mounted third-party storage. Thus, owncloud enables you to protect your files as you would any other data asset in your infrastructure. owncloud works seamlessly with all of your existing tools and utilities, from standard backups and intrusion detection, to log managers and Data Loss Prevention (DLP) solutions. owncloud can also activate the included encryption module to provide an added layer of encryption at rest for user files. owncloud provided plug-in applications make integration with your existing technology stack a breeze. Enabled through the server control panel, integration plugins provide functionality such as Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) integration for user account provisioning and authentication. For custom integrations, owncloud can be easily extended using mobile libraries, open APIs and plug-in applications. Features such as the online text editor, virus scanner, file versioning and server-side encryption are included in the owncloud core. Enterprise features such as enhanced logging and audit plug-ins, File Firewall, SAML authentication and Jive Software integration are available in the owncloud Enterprise Edition. owncloud customers have integrated a wide variety of new functionality into owncloud, from video streaming to contact and calendar syncing, custom authentication mechanisms, automated Optical Character Recognition back ends, and API-based storage. In short, unlike proprietary alternatives, owncloud can be easily extended to do far more than basic file sync and share. Page 2 of 6

PROTECT Your Storage MANAGE Your Server AND STILL User Experience metering monitoring central control Hybrid cloud optional LDAP/AD Virus Scan Versions Your App Encryption Text Editor OAuth INTEGRATE AND EXTEND Figure 3: owncloud Solution Architecture While owncloud provides the ability to Manage and Protect, Integrate and Extend file sync and share in the enterprise, owncloud also delivers the crisp, professional user experience on desktops, laptops, tablets and mobile phones that users demand. Intuitive, eye-pleasing visualizations guide end users through a wide range of file sharing activities, and high-productivity wizards, management and monitoring screens allow owncloud administrators to operate with efficiency. owncloud also provides the ability for standard WebDAV clients to access owncloud files, enabling users to continue to use standardsbased productivity tools to interoperate seamlessly with owncloud. Server Architecture Overview At its core, owncloud is a PHP web application running on top of IIS or Apache on Windows or Linux. This PHP application manages every other aspect of owncloud, from user management to plug-ins, file sharing and storage. Attached to the PHP application is a database where owncloud stores users, user-shared file details, plug-in application states, and the owncloud file cache (a performance accelerator). owncloud accesses the database through an abstraction layer, enabling support for Oracle, MySQL, SQL Server, and PostgreSQL. Complete webserver logging is provided via webserver logs, and user and system logs are provided in a separate owncloud log, or can be directed to a syslog file. To enable a broad range of storage alternatives, owncloud also abstracts the storage tier. As a result, owncloud can leverage just about any storage protocol that can be mounted on your owncloud server from CIFS, NFS and GFS2, to clustered file systems like Red Hat Storage. Other storage resources can also be mounted on the system using optional external file system applications, such as Jive, Windows Home Directories, FTPs, WebDAV and even external cloud storage services S3, Swift, Google Drive and Dropbox if desired. User configurations can include dynamically allocated storage driven by user directory entries enabling data segregation and multi-tenant deployments. owncloud includes a variety of open APIs for integrating with other systems. These include: Activity provides an RSS feed or API call to deliver all activities associated with a user s files, such as sharing activity, updated, renamed, deleted and removed files Applications the most powerful API, enabling customers to expand owncloud out of the box, to integrate with existing infrastructure and systems, and to create new plug-in applications. Examples of this API in use include the custom Page 3 of 6

CORE SERVER primary Logging Metering API Reporting Provisioning API NFS, GFS, GFS2, XFS, ZFS, gluster, etc. secondary optional Storage abstraction processing engine PHP HTTPs WebDAV CIFS, WebDAV, FTPs, Swift, S3, Dropbox, Google Sharing API Capability API Application API Theming Your Apps Figure 4: owncloud Server Architecture authentication back ends, music and video streaming applications, a bit. ly-inspired app called shorty, and an image preview application. Capability offers information about the installed owncloud capabilities, so that owncloud and third party applications can query for the enabled features and plug-in applications. External provisioning provides the ability to add and remove users remotely, and enables admins to query metering information about owncloud storage usage and quota. Sharing provides the ability for external apps, such as the owncloud mobile app, to share files from remote devices. Themeing a simplified mechanism for branding the owncloud server to match your corporate look and feel, enabling colors and logos to be updated with style sheets. In addition to delivering the core of owncloud, the owncloud server also includes the owncloud web interface, which provides a control center for configuring, managing and monitoring the system. The owncloud portal also gives end users tools for controlling access to their files and folders. Employees are set up in the system as users, administrators, or both. Administrators can add, enable, and disable owncloud features through the settings menu; they can add and remove users and groups; and they can manage various owncloud settings and administrative tasks (migration and backup, for example). Users access the web interface to browse and manage their files, and to set granular permissions on files and folders shared with others on the system. Users can also access enabled applications through the web portal, such as text and image previews, file and folder sharing, Jive integration, previous versions roll back, and much more. The owncloud web interface is compatible with Firefox, Safari, Chrome and Internet Explorer on Windows, Mac OS and Linux machines. Deployment Scenario With the owncloud solution and server architectures outlined above, this paper now examines how owncloud is deployed on site, how it is integrated with the storage tier and existing infrastructure tools, and the flexibility provided by owncloud s APIs. This understanding is facilitated by a brief review of how owncloud is typically deployed in production environments. In production, owncloud is most often deployed as an n-tier load balanced web application running in a data center or managed cloud infrastructure. owncloud can be deployed to physical, virtual, or private cloud servers using native binaries or a virtual appliance footprint. There is always a load balancer on the front-end of the deployment connected to at least two web servers. The owncloud web servers host the PHP code, and are most often deployed on Apache over Linux, though IIS and Apache on Windows are also supported. All of the web servers are then connected to a Page 4 of 6

LOAD BALANCER & WEB SERVER DATABASE CLUSTER STORAGE Data Node MgMT Node primary secondary optional Data Node Figure 4: Common owncloud Deployment Architecture database (frequently a clustered MySQL database instance) for user information, including the virtualized file cache, user and group meta data, shared file lists, and storage required by enabled owncloud apps. The web servers are also all connected to shared back-end storage, often a clustered filesystem. With this configuration, owncloud can be scaled up easily to meet load requirements, while providing whatever redundancy and backup requirements are needed to achieve system availability objectives. On-Site Storage For nearly all deployment scenarios, connecting owncloud to back-end storage is as simple as mounting on-site storage on the server, such as mount point /data/storage device. Nearly all storage devices and file systems from direct attached NTFS to cluster systems like Red Hat Storage have well tested, high-performance Linux drivers that make this easy. Once the storage device is mounted in the desired location, the owncloud configuration file is edited with the storage device path, and all owncloud storage is immediately changed to that path. Each user gets a directory, and all versions, folders and files are stored in that location. In larger installations, it may be necessary to create more than one storage location for an owncloud instance. Perhaps policy requires high performance, fully redundant storage for one group, and less expensive storage for another group. In this situation, it is possible to leverage owncloud s built in integration with LDAP or Active Directory servers to dynamically assign a storage path to each user. The LDAP/AD plug-in is further described below, but once connected, the storage path attribute can be inherited, and users can be directed to two or more storage paths based on these entries. Simply mount the storage devices on the server in the desired mount point, such as /data/highendstorage1 and /data/lowendstorage2, and user files and versions will be saved to the specified path. Occasionally owncloud needs to connect to REST API-based storage. In some cases, API-accessed storage replaces the mounted file system described above, and in some cases it augments the storage. owncloud can handle either scenario through the use of plug-in applications. For example, owncloud provides a plug-in application that mounts Jive as a backend storage location via Jive Rest APIs. When enabled, the plug-in application redirects POSIX commands for one folder of user content to the Jive REST API. For the other folders on the server, owncloud retains a file system mount. In other installations, owncloud s built-in External Fileystem plug-in leverages a mix of APIs, providing system admins the flexibility to connect openstack SWIFT, CIFS, FTPs, WebDAV and other storage systems in addition to the existing file system storage. Ultimately, administrators must decide which storage system to use, how to configure user access, and whether or not to mix and match storage to optimize existing infrastructure, security policies, and end-user requirements. owncloud provides the mechanisms to optimize the use of on-site, cloud or hybrid storage, giving admins control of corporate data, while still providing the capabilities that users demand. Page 5 of 6

Infrastructure Integration The most common infrastructure integration request is to connect owncloud to an enterprise directory, or other standard authentication mechanisms. owncloud provides out-of-the-box integration with LDAP, AD and SAML 2.0. Administrators simply enable the owncloud AD / LDAP or SAML plug-in application, configure the server addresses, protocols and filters, and users are authenticated against the appropriate service. With the appropriate settings, user group memberships, quotas and even, as outlined above, storage paths can be centrally managed and applied to owncloud. The first time a user logs into owncloud with a user name and password, owncloud provisions the user and they are off and running. Administrators can also enable custom attributes, such as custom display names, to make it easier for users to find each other when sharing documents. All corporate policies governing the account, such as failed login account lockout, are still managed out of the corporate directory, with owncloud enforcing the result. Beyond LDAP/AD integration, owncloud offers a wide range of other integration capabilities. For example, it is possible to leverage the user provisioning API to provision new users via an external automation service. In some very large deployment scenarios, it is far more efficient to provision new users in this manner than to use an enterprise directory. The provisioning API can also be used to report on user activity, shared file information, and to disable user accounts. The WebDAV API can be used to provide authenticated access to owncloud files and folders based on user account information, a popular feature among tablet users. WebDAV support also allows desktop users to browse owncloud folders using familiar file explorer tools in Windows, Mac and Linux. While most deployed customers limit themselves to LDAP/AD integration and WebDAV access, owncloud APIs offer the flexibility to integrate as needed into existing environments. owncloud also provides mechanisms for creating plug-in applications to integrate with existing systems. One common use case is the custom authentication mechanism. While owncloud supports LDAP and AD integration and SAML 2.0, several custom user authentication and authorization plug-ins have been created, from token to user name and password-based plug-ins. Others integrations have included log managers, Data Loss Prevention tools, and antivirus mechanisms, to name a few. As an n-tier web application, owncloud integrates into most corporate web farms. Intrusion detection systems work, network management tools work, and firewalls simply leverage existing ports and SSL certificates. Backup systems take server and database backups as with any other web application, and user experience systems wrap around the existing owncloud application. For unique requirements, the owncloud API s and mobile libraries provide extensive flexibility. All of this gets managed with enterprise tools, in an enterprise data center, to enterprise policies, to put IT back in control of corporate data, and still provide end users the pleasing, productive interfaces they demand. Conclusion Many employees use cloud-based services to share sensitive company data with each other, vendors, customers and partners. They sync data to their personal devices and home computers, all in an effort to do their jobs quickly and efficiently all without IT s oversight. With owncloud, you can Manage and Protect sensitive data by hosting your own solution on site, using your own storage and servers; Integrate seamlessly into existing infrastructure, management and security tools; Extend functionality easily through a comprehensive set of APIs, AND STILL provide the polished, professional user experiences employees have come to value from consumer-grade services, running on all popular desktop and mobile devices. But don t take our word for it, point your browser to www.owncloud.com and take owncloud for a test drive today. For More Information Please visit our website at www.owncloud.com for a wealth of information about owncloud, links to download the software, and detailed product documentation. US Headquarters owncloud, Inc. 57 Bedford Street, Suite 102 Lexington, MA 02420 United States www.owncloud.com/contact European Headquarters owncloud GmbH Schloßäckerstraße 26a 90443 Nürnberg Germany www.owncloud.com/de/contact Page 6 of 6

owncloud, Inc. 57 Bedford Street Suite 102 Lexington, MA 02422 United States www.owncloud.com/contact phone: +1 (877) 394-2030 owncloud GmbH Schloßäckerstraße 26a 90443 Nürnberg Germany www.owncloud.com/de/contact Tel.: +49 911 21 64 50 79 www.owncloud.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information