ShareFile SSO to Connectors with XenMobile 10
Network File Shares and SharePoint 2010/2013
Summary of Requirements
1. Run the ShareFile Wizard for StorageZones (Setup NetScaler for ShareFile)
2. If using AAA authentication on the NetScaler, check that the AAA LBVIP is configured and status is UP. Browse to Security/AAA-Application Traffic/Virtual Servers, usually named _SF_AUTHSERVER.
3. Browse to Traffic Management/Load Balancing/Virtual Servers, check that the Connector LBVIP is UP, usually named _SF_CIF_SP_LB.
4. To check whether the AAA auth server is bound, Open the Connector LBVIP (usually named_SF_CIF_SP_LB).
5. Edit the Authentication option, ensure the 401 Based Authentication is enabled, and the appropriate AAA auth server is present (usually named _SF_AUTHSERVER).
ShareFile StorageZone Controller
1. Log onto the ShareFile StorageZone Controller
2. Expand the Default Website and highlight the cifs directory
3. Select the Authentication option in the right pane
4. Ensure the Basic Authentication is Enabled
5. Repeat this for the sp directory
Note: For configurations using DOMAIN\USER (SAM-Account-Name) and not USER@DOMAIN.COM (UserPrincinpalName), further configuration may be required within IIS for the StorageZone Controller as below.
6. Right-Click on the Basic Authentication setting and click Edit
7. Enter the details of your own Default domain (this example has citrix.lab)
8. Click OK, then test.
- Enrol the mobile device onto XenMobile
- Download ShareFile from the WorxStore
- Log in, select a Network Connector, this should not prompt for credentials
- check that all steps have been carried out precisely
Note: internal devices could be resolving to the external IP address of the StorageZone FQDN (i.e. storagezone.company.com), traffic can usually blocked on the customer firewalls, therefore not reaching the StorageZone.
a. Ping the ShareFile StorageZone FQDN from an internal desktop/device
- Resolves to the Public IP of the StorageZone
Check that you are able to access the SZC FQDN (i.e. storagezone.company.com) from the internal infrastructure (telnet fqdn 443).
- Resolves to an internal IP of the StorageZone
Check DNS to see what this IP belongs to for storagezone.company.com internally, during a PoC this can go directly to the StorageZone Controller but for production this needs to go to a Load Balancer. See section b. below.
b. NetScaler Content Switch IP for the StorageZone resolves to Public IP or a NAT IP.
If your NetScaler is using Public IPs, you can create another Content Switch for the StorageZone (identical to the existing one) with an internal IP to create a split DNS configuration.
Then create an internal DNS entry for your StorageZone FQDN in ActiveDirectory (i.e. storagezone.company.com) to point to that new Content switch with the internal IP.
If your NetScaler is using NAT addresses (internally reachable), create an internal DNS entry for your StorageZone FQDN (in ActiveDirectory to your storagezone.company.com) to point to that existing Content switch with the internal IP.