owncloud Architecture Overview



Similar documents
owncloud Architecture Overview

IT Peace of Mind. Powered by: Secure Backup and Collaboration for Enterprises

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Your Cloud, Your Data, Your Way! owncloud Overview. Club IT - Private and Hybrid Cloud. Austrian Chambers of Commerce Vienna, January 28th, 2014

The governance IT needs Easy user adoption Trusted Managed File Transfer solutions

Access All Your Files on All Your Devices

Security Overview Enterprise-Class Secure Mobile File Sharing

FileCloud Security FAQ

Product Analysis of owncloud Enterprise Edition 8

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX

Casper Suite. Security Overview

An Enterprise Approach to Mobile File Access and Sharing

MassTransit vs. FTP Comparison

activecho Frequently Asked Questions

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

Installation and Setup: Setup Wizard Account Information

Configuration Guide. BES12 Cloud

Media Shuttle. Secure, Subscription-based File Sharing Software for Any Size Enterprise or Workgroup. Powerfully Simple File Movement

SCOPE OF SERVICE Hosted Cloud Storage Service: Scope of Service

WOS Cloud. ddn.com. Personal Storage for the Enterprise. DDN Solution Brief

Enterprise Private Cloud Storage

owncloud Enterprise Edition on IBM Infrastructure

WebRTC-powered ICEWARP VERSION

BarTender Print Portal. Web-based Software for Printing BarTender Documents WHITE PAPER

SECURITY DOCUMENT. BetterTranslationTechnology

AirWatch Solution Overview

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Storage Made Easy Enterprise File Share and Sync (EFSS) Cloud Control Gateway Architecture

Nasuni Management Console Guide

Kaseya IT Automation Framework

JAMF Software Server Installation and Configuration Guide for Linux. Version 9.2

Workday Mobile Security FAQ

JAMF Software Server Installation and Configuration Guide for OS X. Version 9.2

Kopano product strategy & roadmap

Features of AnyShare

Business and enterprise cloud sync, backup and sharing solutions

Media Exchange. Enterprise-class Software Lets Users Anywhere Move Large Media Files Fast and Securely. Powerfully Simple File Movement

Document OwnCloud Collaboration Server (DOCS) User Manual. How to Access Document Storage

activecho Driving Secure Enterprise File Sharing and Syncing

DiamondStream Data Security Policy Summary

WhatsUp Gold v16.3 Installation and Configuration Guide

CTERA Enterprise File Services Platform Architecture for HP Helion Content Depot

Connection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V

How To Secure Your Data Center From Hackers

A Brief Overview. Delivering Windows Azure Services on Windows Server. Enabling Service Providers

Securely. Mobilize Any Business Application. Rapidly. The Challenge KEY BENEFITS

Cloud Attached Storage 5.0

JAMF Software Server Installation and Configuration Guide for OS X. Version 9.0

Enterprise Solution for Remote Desktop Services System Administration Server Management Server Management (Continued)...

Gladinet Cloud Access Solution Simple, Secure Access to Online Storage

nexus Hybrid Access Gateway

The SparkWeave Private Cloud & Secure Collaboration Suite. Core Features

Interact Intranet Version 7. Technical Requirements. August Interact

The next level of enterprise digital asset management

Introduction to the EIS Guide

Sophos Mobile Control SaaS startup guide. Product version: 6

RSS Cloud Solution COMMON QUESTIONS

Administering Jive for Outlook

File Services. File Services at a Glance

Introducing Databackup.com Cloud Backup. File Locker File Sharing & Collaboration EndGaurd EndPoint Protection & Device Management

Data Storage That Looks at Business the Way You Do. Up. cloud

Assignment # 1 (Cloud Computing Security)

OpenNebula Open Souce Solution for DC Virtualization

Acronis and Acronis Secure Zone are registered trademarks of Acronis International GmbH.

E-Guide SIX ENTERPRISE CLOUD STORAGE AND FILE-SHARING SERVICES TO CONSIDER

Request Manager Installation and Configuration Guide

Integrating Single Sign-on Across the Cloud By David Strom

Directory-as-a-Service Primer (DaaS)

When enterprise mobility strategies are discussed, security is usually one of the first topics

What s New with Enterprise Vault 11? Symantec Enterprise Vault 11 - What's New?

Security Architecture Whitepaper

Flexible Identity Federation

EOP ASSIST: A Software Application for K 12 Schools and School Districts Installation Manual

OpenNebula Open Souce Solution for DC Virtualization. C12G Labs. Online Webinar

JAMF Software Server Installation and Configuration Guide for Windows. Version 9.3

WHITE PAPER NEXSAN TRANSPORTER PRODUCT SECURITY AN IN-DEPTH REVIEW

Migration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module

Migration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module

Server Software Installation Guide

PROPALMS TSE 6.0 March 2008

Server Installation ZENworks Mobile Management 2.7.x August 2013

Symantec Mobile Management Suite

Using the owncloud Android App

December P Xerox App Studio 3.0 Information Assurance Disclosure

An Overview of Samsung KNOX Active Directory and Group Policy Features

Interwise Connect. Working with Reverse Proxy Version 7.x

Technical Specification Data 1

IBM Cloud Manager with OpenStack

Live Guide System Architecture and Security TECHNICAL ARTICLE

The syslog-ng Store Box 3 F2

Mediasite EX server deployment guide

FAQ. Hosted Data Disaster Protection

Transcription:

owncloud Architecture Overview Time to get control back Employees are using cloud-based services to share sensitive company data with vendors, customers, partners and each other. They are syncing data to their personal devices and home computers, all in an effort to get their job done faster and easier, and all without IT s permission. This is the Dropbox Problem. The result is your sensitive company data, stored on servers outside your control, outside your policy and regulatory guidelines maybe even outside your country. The potential for data leakage, security breeches and harm to your business is enormous. The Dropbox Problem in Action IN YOUR ENTERPRISE DROPBOX AT HOME & MOBILE User A Firewall User B NO IT CONTROL: Security Governance NO IT CONTROL: Storage and Servers User Provisioning (Mobile) Devices NO IT CONTROL: Sensitive Data Introducing owncloud With owncloud, you can gain control over your sensitive data: Protect and Manage sensitive data by storing it on-site using any available storage, with the complete software stack running on servers safely inside your data center, controlled by administrators you trust, managed to your policies. Integrate into existing infrastructure and security systems, managed to company policies, from user directories, governance, security, monitoring, storage and back-up, to intrusion detection, monitoring, and automated provisioning tools to name a few. Extend functionality easily through a comprehensive set of APIs to rapidly customize system capabilities, meet unique service requirements, and future proof your investment. AND STILL provide end users simple access to the documents they need to get the job done on the devices they use daily. Page 1 of 6

owncloud in Action IN YOUR ENTERPRISE OWNCLOUD AT HOME & MOBILE User A User B open APIs and architecture IT MANAGED: Storage and Servers User Provisioning IT MANAGED: Security Governance Firewall (Mobile) Devices SAME CONSUMER grade ease of use Solution Architecture Overview The core of the owncloud solution is the owncloud server. Unlike consumer cloud-based services and other applications with third-party storage, owncloud s server enables IT to protect and manage every element associated with owncloud on-site from file storage to user provisioning and data processing. owncloud monitors every activity that occurs, and logs these activities into a file for later auditing and analysis. The server provides a secure web portal through which the entire system is controlled by the administrator, providing the ability to enable and disable features, set policies, create backups and manage users. The server also manages and secures API access to owncloud, while providing the internal processing engine needed to deliver file sync and share. The owncloud server stores user files in standard file system formats, and can use most file systems. With owncloud, if you can mount it on your server, own- Cloud can use it. Practically, this means just about any standard file system and storage device combination can be used owncloud is file system and storage agnostic. The storage can be physically located in your data center (or be mounted to third-party storage), enabling you to protect your files as you would any other element of your infrastructure, from standard backups and intrusion detection, to log managers and Data Loss Prevention (DLP) solutions. It is simple to Integrate owncloud with existing IT infrastructure through the use of plug-in applications. These plugins can be enabled through the server control panel, provide functionality such as Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) integration for user account provisioning and authentication. If an integration is not included out of the box, it is simple to extend owncloud through open APIs and plug-in applications. Features such as the online text editor, virus scanner, and file versioning are included in owncloud and other applications, such as the enhanced logging and audit plug-ins, are available to our customers. owncloud customers have integrated a wide variety of new functionality into owncloud, from training video streaming to contact and calendar syncing, custom authentication mechanisms, automated Optical Character Recognition back ends, and API-based storage. In short, unlike our competitors, owncloud can be easily extended to do far more than basic file sync and share. Page 2 of 6

PROTECT Your Storage MANAGE Your Server AND STILL User Experience metering monitoring central control Hybrid cloud optional LDAP/AD Virus Scan Versions Your App Encryption Text Editor OAuth INTEGRATE AND EXTEND Figure 1: owncloud Solution Architecture While owncloud provides the ability to Manage and Protect, Integrate and Extend file sync and share in the enterprise, owncloud Still provides the core file sync and share functionality that users demand. Simple, web-based access through a standard browser to access, share, rollback and manage files is critical to satisfy users and remain in control of sensitive data. owncloud also offers access to browse, download, edit, and upload files while on a mobile device or tablet, and the desktop client, which automatically syncs the latest files with the server. owncloud also provides the ability for standard WebDAV clients to access owncloud files, enabling users to continue to use standards-based productivity tools to access their files in addition to the standard owncloud access tools. Server Architecture Overview At its core, owncloud is a PHP web application running on top of IIS or Apache on Windows or Linux. This PHP application manages every other aspect of owncloud, from user management to plug-ins, file sharing and storage. Attached to the PHP application is a database, where owncloud stores users, user-shared file details, plug-in application states, and the owncloud file cache to accelerate access to files. As owncloud accesses the database through an abstraction layer, support is provided for Oracle, MySQL, SQL Server, Postgres and SQLite. Complete webserver logging is provided via the webserver logs, and user and system logs are provided in a separate owncloud log, or can be configured to a syslog log file. Page 3 of 6

To make it possible to access and use many different types of storage, owncloud has a built-in storage abstraction layer. As a result, owncloud can leverage just about any storage protocol that can be mounted on your owncloud server from CIFS, NFS and GFS2, to cluster file systems like Gluster. Other optional storage can also be mounted on the system using an optional external file system application, enabling admins and users to mount FTPs, WebDAV, CIFS and even external cloud storage services S3, Swift, Google Drive and Dropbox if desired. Individual users can also be configured to have dynamically allocated storage locations, depending on their user directory entries enabling data segregation and basic multi-tenancy. primary NFS, GFS, GFS2, XFS, ZFS, gluster, etc. secondary CIFS, WebDAV, FTPs, Swift, S3, Dropbox, Google optional Storage abstraction Figure 2: owncloud Server Architecture CORE SERVER Logging Sharing API Metering API Reporting processing engine PHP Capability API Application API Your Apps Provisioning API Theming HTTPs WebDAV owncloud includes a variety of open APIs for integrating with other systems. These include: External provisioning provides the ability to add and remove users remotely, and enables admins to query metering information about owncloud storage usage and quota. Applications the most powerful API, enabling customers to expand owncloud out of the box, to integrate with existing infrastructure and systems, and to create new plug-in applications. Examples of this API in use include the custom authentication back ends, music and video streaming applications, a bit.ly inspired app called shorty, and an image preview application. Capability offers information about the installed owncloud capabilities, so that owncloud and third party applications can query for the enabled features and plug-in applications. Sharing enables external systems to initiate the sharing of files or folders between users without using the web interface. Themeing a simplified mechanism for branding the owncloud server to match your corporate look and feel, enabling colors and logos to be updated with style sheets. In addition to delivering the core of owncloud, the owncloud server also includes the owncloud web portal, which provides a central location for administrative control and configuration of the system, and also a central point for users to control access to files and folders. Employees are set up in the system as users, administrators, or both. Administrators can add, enable, and disable features within owncloud through the settings menu, can add and remove users and groups, and can also manage various owncloud settings and administrative tasks, such as migration and backup. Users access the web portal to browse and manage their files, and to set granular permissions on files and folders shared with others on the system. Users can also access enabled applications through the web portal, such as text and image previews, file and folder sharing, previous versions roll back, and much more. The owncloud web portal is compatible with Firefox, Safari, Chrome and Internet Explorer on Windows, Mac OS and Linux machines. Page 4 of 6

Deployment Scenario LOAD BALANCER APP SERVERS DATABASE CLUSTER STORAGE With the owncloud solution and server architectures outlined above, this paper now looks at how owncloud is deployed on site, how it is integrated with storage back ends and existing infrastructure tools, and the flexibility provided by the APIs. To understand how all that works, it is important first to understand how owncloud is deployed in production environments.segregation and basic multi-tenancy. Data Node MgMT Node Data Node Figure 3: Common owncloud Deployment Architecture primary secondary optional In production, owncloud is most often deployed as an n-tier load balanced web application running in an on-site data center. owncloud can be deployed to physical, virtual, or private cloud servers, as required. There is always a load balancer out front of the entire deployment connected to at least two app servers. The owncloud application servers host the PHP code, and are most often deployed on Apache over Linux, though IIS and Apache on Windows are also supported. All of the app servers are then connected to a database, most often a MySQL instance in a redundant configuration for storing user information, including the virtualized file cache, user and group information, shared file lists, and storage required by enabled owncloud apps (Oracle and Postgres are also supported). The app servers are also all connected to the same backend storage. With this configuration, owncloud can be scaled up easily to meet load requirements, while providing the minimum redundancy required for an installation. On-Site Storage For nearly all deployment scenarios, connecting owncloud to back-end storage is as simple as mounting on-site storage on the server, such as mount point /data/ storagedevice. Nearly all storage devices and file systems from direct attached NTFS to cluster systems like Gluster have well tested, high-performance Linux drivers that make this easy. Once the storage device is mounted in the desired location, the owncloud configuration file is edited with the storage device path, and all owncloud storage is immediately changed to that path. Each user gets a directory, and all versions, folders and files are stored in that location. In larger installations, it may be necessary to create more than one storage location for an owncloud instance. Perhaps policy requires high performance, fully redundant storage for one group, and less expensive storage for another group. In this situation, it is possible to leverage owncloud s built in integration with LDAP or Active Directory servers to dynamically assign a storage path to each user. The LDAP/AD plug-in is further described below, but once connected, the storage path attribute can be inherited, and users can be directed to two or more different storage paths based on these entries. Simply mount the storage devices on the server in the desired mount point, such as /data/highendstorage1 and /data/lowendstorage2, and user files and versions will be saved to the specified path. Occasionally owncloud needs to connect to REST API-based storage. In some cases, this API accessed storage replaces the mounted file system described above, and in some cases it augments the storage. owncloud can handle either scenario through the use of plug-in applications. In one instance, owncloud was deployed leveraging a custom RESTbased storage system similar to many Content Management Systems. When enabled, the custom-developed plug-in application redirected POSIX commands to the REST API. While owncloud did retain a file system mount, it was primarily retained for log storage purposes on the server. In other instances, the out-of-thebox External Fileystem plug-in leverages a mix of APIs, providing the admins the flexibility to connect openstack SWIFT, CIFS, FTPs, WebDAV and other storage systems in addition to the existing file system storage. Ultimately it is the administrator s decision on which storage system to use, how to configure user access, and whether or not to mix and match the storage based on existing infrastructure, security policies, and end-user requirements. owncloud provides the mechanisms to enable the administrator to leverage the right mixture of on-site storage, and put them back in control of corporate data, while still providing the capabilities that users demand. Page 5 of 6

Infrastructure Integration The most common infrastructure request is to integrate with the corporate directory, or other standard authentication mechanisms. owncloud provides out-of-the-box integration with AD, LDAP and OAuth 2.0. Administrators simply enable the owncloud AD / LDAP plug-in application, configure the server addresses, protocols and filters, and users are authenticated against the corporate directory. With the appropriate settings, user group memberships, quotas and even, as outlined above, storage paths can be centrally managed and applied to owncloud. The first time a user logs into owncloud with the corporate directory user name and password, owncloud provisions the user and they are off and running. Administrators can also enable custom attributes, such as custom display names, to make it easier for users to find each other when sharing documents. All corporate policies governing the account, such as failed login account lockout, are still managed out of the corporate directory, with owncloud enforcing the result. Conclusion Employees are using cloud-based services to share sensitive company data with vendors, customers, partners and each other. They are syncing data to their personal devices and home computers, all in an effort to get their job done faster and easier, and all without IT s permission. With owncloud, you can Manage and Protect sensitive data by hosting your own solution on site, using your own storage and servers; Integrate seamlessly into existing infrastructure, management and security tools; Extend functionality easily through a comprehensive set of APIs; AND STILL provide the seamless, easy-to-use access to sensitive data Beyond AD / LDAP integration, owncloud offers a wide range of other integration capabilities with other tools. For example, it is possible to leverage the user provisioning API to use an automation solution to provision a new owncloud user. In some very large deployment scenarios, it is far more efficient to provision new users in this manner than to use a corporate directory. The provisioning API can also be used to report on user activity, shared file information, and to disable an account if needed. The WebDAV API can also be used to provide authenticated access to owncloud files and folder based on user account information, something many tablet users like to do, and something that desktop users often choose as way to access owncloud from a file explorer. While most deployed customers limit themselves to AD / LDAP integration and WebDAV access, these other owncloud APIs exist to provide flexibility to integrate as needed into an existing environment. Beyond the existing integration points, owncloud also provides mechanisms for creating plug-in applications to integrate with existing systems. One use case that that end users have come to expect from consumer-grade services. But don t take our word for it, point your browser over to www.owncloud.com and give it a try today with our free demo cloud deployment! For More Information Please visit our website at www.owncloud.com for a wealth of information about owncloud, links to download the software, and detailed product documentation. is often delivered is the custom authentication mechanism. While owncloud supports AD and LDAP integration and OAuth2.0 out of the box, several custom user authentication and authorization plug-ins have been created, from token to user name and password-based plugins. Others integrations have included log managers, Data Loss Prevention tools, and anti-virus mechanisms, to name a few. As an n-tier web application, owncloud integrates into most corporate web farms. Intrusion detection systems work, network management tools work, and firewalls simply leverage existing ports and SSL certificates. Backup systems take a server and database backup as with any other web application, and user experience systems wrap around the existing owncloud application. For unique requirements, the owncloud APIs provide extensive flexibility. All of this gets managed with enterprise tools, in an enterprise data center, to enterprise policies, to put IT back in control of corporate data, and still provide end users the capabilities they demand. US Headquarters owncloud, Inc. 10 Foster Road Lexington, MA 02421 United States info@owncloud.com European Headquarters owncloud GmbH Schloßäckerstraße 26a 90443 Nürnberg Germany info@owncloud.com https://www.owncloud.com Page 6 of 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information