Technical ReportCitrix ShareFile StorageZones on NetAppSolution GuideCedric Courteix, NetAppFebruary 2013 TR-4124“Follow-Me” Data with Citrix and NetAppIT is struggling to reconcile new user requirements in the workplace, such as the need tosecurely store, share, and sync data on any device, anywhere, with the need to protect andstore sensitive corporate data within their data centers, often to meet compliance requirements. Citrix ShareFile addresses the needs of both users and IT by delivering a secure yet user-friendly follow-me data solution. NetApp extends the solution by providingthe capability to host more users and boost overall performance by using storage efficiency. This solution guide highlights the architecture developed jointly by Citrix and NetApp forrunning Citrix ShareFile with customer-managed StorageZones on NetApp storage that allowsIT to store mission-critical data on the premises.
TABLE OF CONTENTS12Introduction . 41.1Scope .41.2Key Terminology .41.3Citrix ShareFile and NetApp Solution Highlights .5Solution Design . 82.1High-Level Architecture .82.2Detailed Solution Architecture .92.3Solution Technology Components .112.4ShareFile Encryption .122.5Clustered Data ONTAP Storage Architecture .132.6Network Access .142.7Backup and File Restore .162.8Check That the Data Remains On the Premises .212.9StorageZone CIFS Connector for Existing Network Shares.233Solution Validation . 264Summary . 275Acknowledgements . 286Feedback . 28Resource Links . 286.1Citrix ShareFile .286.2NetApp Data ONTAP .28Version History . 29LIST OF TABLESTable 1) Solution components. .12Table 2) Hardware components. .12Table 3) Tests results. .26Table 4) Five key takeaways. .27LIST OF FIGURESFigure 1) ShareFile storage efficiency with NetApp. .6Figure 2) Consolidate with secure multi-tenancy. .72Citrix ShareFile StorageZones on NetApp Solution Guide
Figure 3) Citrix-managed versus customer-managed StorageZones. .8Figure 4) Overall architecture. .9Figure 5) Supported mobile and desktop applications (graphic provided by Citrix). .10Figure 6) Control Plane architecture. .10Figure 7) Customer-managed StorageZones architecture. .11Figure 8) ShareFile encryption architecture.13Figure 9) CIFS share repository. .14Figure 10) High availability StorageZone.15Figure 11) POC network access.15Figure 12) Secure DMZ network access. .16Figure 13) Configure volume Snapshot copies using System Manager. .17Figure 14) Creating a recovery queue. .18Figure 15) New recovery queue folder location. .18Figure 16) Edit recovery script parameters.18Figure 17) Process to restore files from NetApp Snapshot copies. .19Figure 18) List of the UUIDs to be restored. .20Figure 19) Select an account in the employee directory. .21Figure 20) Verify user account default StorageZone. .22Figure 21) Check folder options. .23Figure 22) ShareFile private cloud with CIFS connector. .24Figure 23) Storage efficiency savings. .273Citrix ShareFile StorageZones on NetApp Solution Guide
1 IntroductionThe consumerization of IT is bringing a paradigm shift in IT in many aspects. More and more users areembracing mobile work styles and the concept of bringing their own device to work. In order be productivewhen using these devices from any location, the users require access to corporate resources, includingapplications and data. Over the years, enterprises have accelerated the adoption of desktop virtualizationsolutions to deliver corporate desktops and applications to users on any device, anywhere. However, theywere not able to provide a solution for users to securely access and share data easily. In the absence ofan IT-managed solution, users have started to use unsecured, consumer-style file sharing products suchas Dropbox and iCloud that may place an organization’s sensitive data and intellectual property atsignificant risk.IT must deliver a managed service to users that allows them to access their data in sync across alldevices and share it with people within and outside their organization. Although the service must deliveron the user’s need for a simple yet rich experience, it should also provide IT with the ability to control howdata can be stored, accessed, and shared.Citrix ShareFile Enterprise is a follow-me data solution that meets the mobility and collaboration needs ofall users while allowing IT to manage and store data wherever they want. With the ShareFileStorageZones feature, organizations have the flexibility to manage their data on the premises incustomer-managed StorageZones or use Citrix-managed StorageZones (secure cloud options availablein eight locations around the world) or have a mix of both. With customer-managed StorageZones, IT canplace data in their organization’s own data center to help meet unique data sovereignty and compliancerequirements while optimizing performance by storing data in close proximity to the user. By definingwhere data should be stored, IT will be able to build the most cost-effective and customized solution fortheir organization. Customer-managed StorageZones can easily be integrated with an organization’sexisting infrastructure. With customer-managed StorageZones, IT can leverage highly efficient andscalable NetApp storage to store sensitive data on the premises while delivering the powerful service thatusers expect.Through this joint reference architecture, Citrix and NetApp demonstrate the ability to deliver a scalableand unique solution with a secure infrastructure.1.1ScopeThe solution described in this document is applicable for customers who want to build a filesynchronization solution on premises with Citrix ShareFile Enterprise edition and NetApp unified storage.This solution guide focuses primarily on the key values and the design elements of this joint architecture.Detailed step-by-step instructions on how to install and administer the solution are outside the scope ofthis guide.For an overview of the key highlights of this solution, refer to the Solution Brief: NetApp Storage Solutionfor Citrix ShareFile Enterprise.1.2Key Terminology This section describes the NetApp Data ONTAP and Citrix ShareFile terminology used throughout thisdocument. NetApp Data ONTAP. Storage operating system (OS) that manages the NetApp storage array. Clustered Data ONTAP. Virtualize storage across various HA pairs, manage it as a single logicalpool, and scale out your data. The Data ONTAP 8 operating system offers a unified scale-out storagesolution for an adaptable, always-on storage infrastructure to accommodate today’s virtualizedinfrastructure.4Citrix ShareFile StorageZones on NetApp Solution Guide
Vserver (virtual server). Clustered Data ONTAP includes a logical entity named Vserver. EachVserver is viewed as an individual storage subsystem inside the cluster. Deduplication and Compression. These are fundamental components of the core Data ONTAParchitecture. Both technologies provide a significant increase in storage capacity. Nondisruptive Operations (NDO). Eliminates downtime and is embedded in the clustered DataONTAP scale-out architecture. NDO enables the storage infrastructure to remain up and serve datathrough the execution of hardware and software maintenance operations, as well as during ITlifecycle operations. Citrix StorageZones. A feature that enables administrators to choose where data is stored. It allowsorganizations to manage their data on the premises of the customer’s data center or off the premisesin secure cloud options or both. Customer-managed StorageZones. Relies on the customer data center infrastructure; eachzone is designed to support any CIFS-based network share. Citrix-managed StorageZones. Secure cloud locations where customer data can be stored.Citrix manages all software/hardware updates, file versioning updates, as well as antivirussoftware and backup. Control Plane. Also called the control subsystem. It handles folder permissions, authentication,brokering, and reporting. Citrix hosts it in its data centers in the United States and the EuropeanUnion. Storage Center. A Web service that handles all communication from end users and the ShareFileControl Plane. It is the ShareFile storage subsystem and handles operations related to file storage. On-Demand Sync. This capability is optimized for use with virtual desktops and a