Gates into Data Fortress – Road Test of Novell Filr
written by Dr. Werner Degenhardt and Christian Giese
This is a free translation of the LANLine Article “Tore in die Datenfestung” (Issue 09/2013, p.28ff) on our imple- mentation of Novell Filr with the Faculty of Psychology and Educational Sciences of the Ludwig-Maximilians-Universität München at the Leibniz Supercomputing Centre (LRZ) in Munich.
Up to now, cooperating across the IT security frontiers of one’s own company has been a balancing act between traditional IT security and productivity à la Dropbox. Novell Filr brings together the best of both worlds, and thus it enables hassle-free and safe collaborative editing of files for project staff within and outside the company.
Centralized data management and distributed computing do have a strained relationship. Centralized data management ensures consistency and safety. Companies have spent years implementing mission critical structures, roles and rules in their central file system and providing them to the users at their workstations. This stood the test for many years, but does not go far enough anymore.
The modern working world and the increasing mobility of users generate the desire to access required data anytime, anywhere and on any device, and to edit and share data with others inside and outside the organization. This desire can not be met satisfactorily by the traditional mechanisms of network shares and drive letters.
Therefore it’s no surprise that an entire class of products is being developed that facilitates mobile access to one’s own data. Dropbox was the pioneer, Amazon Cloud Drive already caught up, according to a survey from Strategy Analytics, and they are followed closely by Google Drive. There are smaller vendors such as Microsoft Skydrive and many others, all working in accordance with the Dropbox principle.
The Dropbox principle is simple. On the data processing device of the user, there is a folder structure that is synchronized to the cloud of the provider. Each device that the user has installed the client on, synchronizes this folder structure. They usually provide their solution clients for Windows, Mac, and the most widely used mobile devices (Android and iOS). The user can also access the data via their browser. For the release of files to others, the simplest “User Administration” is used: co-user can be any person with an email address, initiated by invitation.
When company employees and departments confront IT managers with the desire to replace network shares, drive letters, and VPN with something like Dropbox, the IT managers have concerns which are truly justified. They anticipate situations that are well known to them from the early days of decentralized data processing. In this situation, they would give a lot to have a simple private company cloud that combines the reliability and consistency of file systems already established in the company with the convenience of Dropbox solutions.
The best of both worlds
In fact, there is such a thing as an “Enterprise dropbox” since spring of this year. It’s called Novell Filr and brings together the best of both worlds.
Like other products in cloud data management, Filr offers clients for Windows, Mac, Android and iOS, as well as an HTML user interface for users as well as administrators. But, unlike all other products, Novell Filr is built to take advantage of the already existing file systems of the company and the existing identity management system.
Dropbox and its kind put all the data into synchronized storage in the cloud. The equivalent area in Filr is called “My Files” and the data put there is stored on the company’s internal “Filr Data Disk”. In addition, there are the so-called “Net Folders”, which are simple “windows” opening onto the existing data storage of the company. Currently the Filr administrator can connect any data storage as a “Net Folder” that is avaible via CIFS and NCP (NetWare Core Protocol). At the end of this year, NFS and FTP are planned to be added as data sources for Filr, among others.
Here, Novell has accomplished the feat to make traditional data storage with all existing rights transparently available via Filr. That is, Filr honors all the privileges that are provisioned in the file system. Actions prohibited by file system rights cannot be allowed by a Filr user.
This also works great because Filr can be connected to the corporate directory services for user management. In that way Filr leverages established mechanisms of user provisioning. As directory services, Novell supports both, their own eDirectory and Microsoft’s Active Directory. And in case there is no corporate directory – like in some middle-sized and many smaller companies – the administrator can create the Filr users locally or imported them from file.
Installation and Configuration
External users get into the system via a self-registration process or through their “OpenID” (Google and Yahoo are available as Open ID provider) if the Filr administrator allowed this method of authentification. In this context, it is important to keep in mind that – in contrast to Filr – the user management of other tools for file synchronization and file sharing in the cloud do only know local users and external users that were invited by the local users to share their personal data.
Novell provides Filr as a VMware ESXi appliance. The three components of the software – the “Filr” application , the “Lucene” index server as well as a MySQL database – can be installed together on one server or separately on multiple servers. The Filr application and the Lucene Index Server can run as a cluster if high throughput is required.
For this test, Filr was configured as a clustered installation and used productively. As data sources for the “Net Folder”, a Compellent NAS and file shares on a NetApp NAS at the Leibniz-Rechenzentrum in Munich (LRZ) was connected. The Active Directory service of the LRZ served as a source for internal user objects that were supplied via IDM driver by the corporate directory (eDirectory) of the LMU (Ludwig-Maximilians-University of Munich) and LRZ. This real-life installation shows that Filr can easily handle several thousands of users – in this case more than 50,000 -, a large number of files (hundreds of thousands) and complex authorization structures. The management interface gives the Filr administrator a variety of ways to control access to files. For example, the administrator is able to grant a user the right to freely “re-share” content that was share to them to others,
but will grant this only to a few users or user groups due to security reasons.
When designing the user interface, Novell took chare to not deviate too far from “the original” Dropbox.
So there is “My Files” – this is the user’s private folder “in the cloud”. Then, there is an area for files that others have made available to the user (“Shared with Me”). “Shared by Me” lists the files that the user has released to others. For each file you can also see exactly with whom the file is shared. The option “Net Folders” leads to the areas of corporate file system that the administrator has configured and enabled to be used by Filr. Additionally, the Filr search window lets the user search quickly through everything he has access to, a possibility that facilitates cooperation with others, especially in situations with a large database. Just like the collaboration solution Novell Vibe, Filr uses a Lucene full text index to achieve that.
Collaborative work on files is also facilitated by the possibility to add comments to files. Meta information to files can be stored in a kind of asynchronous chat (“Comment”). If the user also set up a notification for a file, folder, or comment (“Subscribe”), then Filr informs them of any change by e-mail.
When working with files, the user has the familiar options of file management (copy, move, delete and permanently delete) at their disposal. The user can edit the files online (in the browser) or offline (in the synchronization folder on the computer) and he has the opportunity to send emails to the project team – with the edited file as an attachment if necessary. Moreover, each file and folder has a never changing permalink that the user can send by e-mail or store in his personal bookmarks.
So far, Filr cannot manage different file versions, yet. In the upcoming version Filr 1.1, Novell is looking to solve the technical and conceptual problems of versioning files, when the file sharing application can assign a version, but the file system behind it can not.
As with all other filesharing products, cooperation with Filr means sharing files and folders with other users.
The sharing dialog initially offers a searchable list of users to share to, that includes those accounts which are synchronized from LDAP or registered as a local user. Like everything else, these are also included in the Lucene full-text index. The user will find them easily by entering character strings in the search field. External users are added via their e-mail address. There are user rights to “Read” and “Edit” folders, as well as “Contribute”, which grants the user the right to add and delete files in the folder.
The Filr administrator can configure to whom users or groups of users are allowed to redistribute file rights. In this test we left the “re-share” option turned off due to security considerations. Re-share means that someone who has the right to see or edit a file, also has the ability to pass on the same rights to other users – who may not even be known to the original data owner and whom he did not expect to gain access to his data. This function is also one that the Filr administrator can enable or disable for individual user groups. With a suitable configuration of user groups and re-share rights, it would be possible, in principle, to set up the sub-delegation of file permissions in the same way that it’s handled in classic file systems.
External users are limited in their possibilities by Filr by principle. They can not use the “My Files” storage area in their user interface, and they cannot access the user list. This prevents external users – such as clients or project partners – to see the internal user profiles.
Novell Filr gives any company the opportunity to on the one hand keep its sensitive data with themselves, but on the other to provide data to employees and partners safely and in a controlled fashion via a private cloud for reading and editing in the style of Dropbox. The browser, desktop and mobile clients work perfectly in tune. It’s fun to work that way.
Novell Filr is available as perpetual and subscription license. Buying Filr with maintenance costs 104 euros per user (84.60 without maintenance), while in the subscription model, the cost amounts to 42.40 euros per user, per year. External user access comes free of charge. Customers of Novell Open Enterprise Server or Open Workgroup Suite with an active maintenance contract can use Filr for licensed users without additional fees.
Original article here.
- Original LANLine Article: http://www.lanline.de/fachartikel/tore-die-datenfestung.html
- Literature Overview: http://shareonvibe.com/en/2013/11/28/something-to-read-on-a-cold-november-day-novell-vibe-filr-shareonvibe-groupwise/
- read more about Novell Filr: http://codeandconcept.com/en/finally-your-files-go-mobile-securely/
- read more about our collaboration with LMU: http://codeandconcept.com/en/novell-at-lmu-munich-with-code-and-concept-and-shareonvibe/
About the authors
Dr. Werner Degenhardt
Academic Director and CIO at the Faculty of Psychology & Educational Sciences at LMU Munich
Owner of Code and Concept Specialist for Novell collaboration technologies