Cluster Administration

All the Cluster Administration is web-based. The first thing to do is to login to the Web Portal at the CentreStack server.

_images/image120.png

Note

On the login screen, at the bottom there is CentreStack version information, which will be useful to see which version you have.

_images/image218.png

If you are the Default Cluster Administrator, after you login, you will be directed to CentreStack Administrator Dashboard portal page.

_images/image002.png

If the left hand side menu is hidden, you can use the top left “Menu” icon to expand it.

_images/image002_1.png

If you are at the Files and Folders view of the web portal, you can elevate to the “Cluster Manager” view by clicking on the “Cluster Manager” icon

_images/image002_2.png

Here is the look of the “Cluster Manager” icon

_images/image002_3.png

If you want to get into the “Files and Folders View”, you click on this icon.

_images/image219.png

Here is the look of the “Files and Folders View” icon

_images/image220.png

Note

This section documents the cluster administration for the Master Administrator.

The Master Administrator is sometimes also referred to as the Cluster Administrator or the CentreStack Server Administrator.

Cluster Manager Web Portal

Cluster Manager is a web-based management tool for the whole cluster. It is organized into sections. These sections include “Tenant Manager”, “Cluster Admin”, “Cluster Branding” and so on.

On the top left of the web portal, there is a “hamburger” menu icon that can be used to switch in or out of the left panel. The left panel contains links to different sections of the cluster manager.

Dashboard

_images/image138.png

When you login as the Cluster Administrator, you will be seeing the dashboard page. In the dashboard, you will see the tenants information, licensing information and other information at the summary level.

CentreStack Information

You can get the CentreStack information by clicking on the Information icon.

_images/image199.png

More Cluster Information

You can get more summary level cluster information by clicking on the “4-Block” icon.

_images/image200.png

You can manage tenants and local or remote file servers from the dashboard directly

_images/image201.png

Imported Network File Shares

If there are file servers in the same local area network or from remote locations, you can add the file servers to specific tenants from the Cluster Manager dashboard.

Use the “+” Import Network Share icon to get started.

_images/image203.png

As shown in the management scope picture above, File Servers always belong to a specific Tenant. So the first step is to pick a Tenant to own the File Server that is imported.

The first step is to decide which tenant to add the File Server Share to. If a File Server belongs to a specific Tenant but the Tenant hasn’t been created yet, you will need to create the tenant first and then come back to import File Server Network Shares for that Tenant.

Note

File Servers are always at a Tenant Scope and belong to a specific Tenant. Different File Servers can belong to different Tenants.

Users from a specific Tenant can collaborate on Team Folders, which usually have a one-to-one relationship to File Server network shares.

CentreStack can enable Secure Internet/Cloud Access to both File Servers in the Local Area Network and File Servers from Remote sites.

Note

Q: Why import a File Server Network Share?

A: So you can make it available over the Cloud, leveraging the existing security setup.

After you pick the Tenant, the next step is to identify the File Server.

_images/image204.png

The next step is to pick the File Server from the Local Area Network or from a Remote location

_images/image205.png

Since the steps here are very similar to the Tenant Administration’s Team Folder Management, please reference the “Tenant Admin“‘s Team Folder section for adding File Server Network Shares to CentreStack.

Note

Cluster Server Farm > Cluster Worker Node

If it is the first time you are installing CentreStack, you may be seeing the message “External DNS has not been configured for this worker node. Some functionality may not work properly. Config Now”

External DNS (External URL) is a very important property, it is used in directing how outside remote clients connect to the CentreStack Server; it is also used in various email templates. If the property is not properly configured, the email template may be using IP address or NETBIOS name as the URL link. However you can postpone the configuration of it until you are ready. For example, get the DNS name ready and get the SSL certificate ready. Before that, you can either leave it as it is or configure it to use IP Address.

Related tasks

  • Configure the DNS registration to point a DNS name to the public static IP address of the CentreStack server
  • Configure the IIS “Default Web Site” to bind to an SSL certificate

Tenant Manager

CentreStack is multi-tenant capable. The “Tenant Manager” tab is where you can find a list of tenants on the system and where you can manage tenants.

You don’t have to always have multiple tenants if you are setting CentreStack up with one single tenant.

Note

A tenant is usually mapped to a client of yours, a company or a division of a company.

_images/image004.png

Cluster Admin can also manage a tenant and configure tenant related settings directly from tenants manager page.

_images/image068.png

There are some other high level management task that are parallel to the “Manage Tenant” option.

_images/image068_1.png

Force full scan for storage quota usage :

This will start a full scan of storage usage for the Tenant. During daily operation, the Tenant Quota is calculated with “delta” as files are uploaded, modified or deleted. When a series of “delta” are accumulated over time, the quota reported may not be accurate. In this case a Full Scan can get the most up to date report.

Change Tenant Admin Password :

The Cluster Administrator can help the Tenant Administrator reset passwords.

_images/image206.png

Edit Existing default storage :

This usually happens when Tenants are growing and may outgrow the existing storage location/allocation and have a need to switch storage locations. Typically this involves manually copying the Tenant’s storage folder from point A to point B and then re-configuring the default storage location.

_images/image207.png

Delete Tenant :

Deletes the tenant.

By clicking the “Manage Tenant” option, the Cluster Admin sees the Tenant Dashboard as well as additional options to configure Tenant settings.

Tenant Management within Cluster Administration

Note

This is Tenant Management directly within the Cluster Administration scope. It is different from the Tenant Manager that each Tenant Administrator will see for his or her own Tenant. The Cluster Administrator, while sitting at a higher privilege level, has the rights (if given by the Tenants) to manage the Tenant scope for the Tenants. However, the content of the tenant management, whether it is from the cluster administrator’s view or from the Tenant Administrator’s view, is the same between the two.

Later if necessary, a specific Tenant Manager can deny the Cluster Manager’s right to help on the Tenant Management scope in the Tenant’s Group Policy.

_images/image208.png
Tenant Dashboard
_images/image167.png

The Tenant Dashboard link directs the web page back to the Tenant Dashboard page.

Users

Tenant Dashboard > Users

The Users section can manage Users in the Tenant.

Team Folders

Tenant Dashboard > Team Folders

Team Folders are used for team share collaborations within the Tenant. Most of the time, Team Folders are converted from File Server Network shares. Team folders can also be from Amazon S3 or Windows Azure Blob or simply new folders created from scratch from the Tenant’s root storage.

Active Directory

Tenant Dashboard > Local/Remote Active Directory

The Active Directory section can manage LDAP connections to Active Directory.

Note

If the client/customer’s Active Directory is in a remote location, you can use “Server Agent” to connect the Active Directory (together with File Server Network Share) to CentreStack. You don’t need to configure LDAP in the remote Active Directory case.

Backend Storage

Tenant Dashboard > Backend Storage

Each tenant has a default backend storage. Tenant user (team user)’s home storage and other shared storage space can be allocated from the default backend storage.

However, if you already have a file server that will provide the storage, it is recommend using “Import Network File Shares” to mount the file server network share to the tenant’s storage space. In this case, you can leave the “Default Storage” as is, or point it to a empty location and treat it as a black box storage managed by CentreStack.

_images/image210.png
Replace with Cloud Storage

Once the tenant backend storage is set, we don’t recommend changing it until it has to be changed (migrate to other location, for example.). However when you are just setting up the tenant, you can decide where your tenant’s storage location is and can change between local file server storage or remote cloud storage service.

More Dashboard Information
_images/image211.png

From the right side of the dashboard, click on the “4-block” icon, you can see more summary level tenant information.

Note

If the tenant infrastructure is at a remote location, it is recommended using “Server Agent” to connect the Active Directory instead of using LDAP over Internet.

Tenant Plan

Tenant Manager > [Tenant] > Tenant Plan

_images/image221.png

Here in the Tenant Plan section, you can change the tenant’s user plan and storage plan, and also control the bandwidth usage for the tenant.

_images/image168.png
Admin Access Control

Tenant Manager > [Tenant] > Access Control

In the Admin Access Control, the cluster administrator can decide the division of work between cluster administrators and the specific tenant administrator. A lot of times, the cluster administrator will help setting things up. In this case, the cluster administrator can take away some of the administrative work from the tenant administrator.

Note

For example, if the cluster administrator is a Managed Service Provider (MSP), the tenant admin can be an admin user from a specific client (customer).

Or, if the cluster administrator is an enterprise IT directory, the tenant admin can be a specific division of the enterprise.

_images/image169.png

Allow tenant attach external cloud storage:

If checked, in the tenant administrator’s management console, the “Storage Manager” will show and allow tenant administrator to mount (attach) external storage.

If the cluster administrator is setting it up for the tenant, cluster administrator can take away this privilege.

Allow tenant edit LDAP setting

In the case the tenant’s infrastructure is in the same LAN (Local Area Network) as the CentreStack, The tenant’s Active Directory can be directly connected via LDAP to the CentreStack server.

If the cluster administrator is setting it up for the tenant, cluster administrator can take away this privilege.

Multi AD Domain Support

Support multiple Active Directory in a single tenant (current tenant).

Multiple Active Directory forests support. This is not a common option because most of the time, the tenant has one forest (which can have multiple sub domains). In the case when the tenant has several Active Directory domains that are not related, multiple LDAP connection can be set up this way.

View and edit group policy

Cluster administrator can decide whether to show the group policy section to this tenant.

Edit tenant administrator info

Cluster administrator can decide whether to allow tenant administrator to edit its own information, such as change email.

Allow tenant edit branding setting

Cluster administrator can decide whether to allow tenant administrator to have its own branding.

Hide migration option

Migration option refers to migrating remote file server(s) from remote customer location(s) to CentreStack. Not all clients (customers) have remote file servers, so this tenant level option may not apply all the time.

Allow creating guest user

Cluster administrator can control whether to allow the specific tenant to have guest users.

Allow tenant to increase user plan automatically

Cluster administrator can decide whether to allow the tenant to grow user count automatically.

Show Data-At-Rest Encryption (DARE) configuration page (Requires empty storage container)

If the tenant has required encryption of the data in the cloud (CentreStack side), a DARE configuration page can be shown upon the first usage to set it up.
Administrator Information

Tenant Manager > [Tenant] > Administrator Info

In the administrator information page, the cluster administrator can help the tenant manager change email and user name if they need to, and also setup delegated administrators.

_images/image170.png
AD Settings

Tenant Manager > [Tenant] > AD Settings

If the tenant’s infrastructure is in the same local area network as the CentreStack server, the Active Directory can be directly accessed and integrated from the “AD Settings” page. The integration is done over LDAP protocol.

However, if the tenant’s infrastructure is away from the CentreStack server, it is recommended using “Server Agent” to connect both the tenant’s file server and Active Directory to CentreStack.

_images/image171.png

Note

Difference between using LDAP to connect Active Directory and using “Server Agent” to connect Active Directory.

Using LDAP to connect Active Directory, the assumption is that the LDAP is local in the local area network so the speed is very fast and also very reliable. So a lot of the calls and queries are directly passing through to Active Directory.

Using Server Agent to connect Active Directory, the assumption is that the Active Directory is in a remote location and over the Internet so the access speed may not be fast and the Internet may not be 100 percent up and reliable. So server agent replicate Active Directory related information over to CentreStack.

User Manager

Tenant Manager > [Tenant] > User Manager

Please reference the Tenant Admin’s User Manager section

In the tenant’s User Manager page, you can see a list of all regular users from that specific tenant. It has 4 different sub categories.

  • User Manager (for regular user)
  • Guest User Manager (for guest user)
  • Group Manager
  • Role Manager
_images/image172.png
Team Folders

Tenant Manager > [Tenant] > Team Folders

Please reference the Tenant Admin’s Collaboration section

In the Team folders, you can manage team shares, folder permissions and the underlying storage configuration.

_images/image173.png
Group Policy

Tenant Manager > [Tenant] > Group Policy

The group policy settings are 100% the same as those documented in the “Tenant administration” scope part later in this guide.

Please reference the “Tenant Admin’s Group Policy section

_images/image174.png
Tenant Branding

Tenant Manager > [Tenant] > Tenant Branding

The cluster administrator can help the tenant do the tenant-specific branding in the partner portal.

The branding is applied by the customized URL. You can think of the customized URL as a key to retrieve all tenant related branding information.

_images/image175.png
Reports

Tenant Manager > [Tenant] > Reports

The cluster administrator can look at the tenant specific reports for the tenant.

reports have the following sub categories

  • Upload Report
  • Storage Statistics
  • Team Folders
  • Audit Trace
  • File Change Logging
  • Folder Permissions
  • Distributed Locks
  • Pending Purged Folders
_images/image176.png
Client Device Manager

Tenant Manager > [Tenant] > Device Manager

The cluster administrator can look at the devices in the specific tenant.

_images/image177.png
Application Manager

Tenant Manager > [Tenant] > Application Manager

The cluster administrator can look at the application manager for the specific tenant.

Here are the 4 different applications that can be setup on a per-tenant basis.

  • Microsoft Office Web App
  • Pixlr Web App
  • OnlyOffice Web Application
  • Zoho Web App
_images/image178.png
Notification Manager

Tenant Manager > [Tenant] > Notification Manager

The cluster administrator can use the notification manager to help the tenant setup notification events.

_images/image179.png
Background Tasks

Tenant Manager > [Tenant] > Background Tasks

There are two different kind of background tasks.

  1. Data Seeding Task
  2. Storage Scan Task
_images/image212.png

The cluster administrator can help the tenant seed the data. For example take data into a USB drive and take it to the same local area network as the CentreStack server and see the data into the tenant storage.

Add New Data Seeding Task

Tenant Manager > [Tenant] > Background Tasks > Add New Data Seeding Task

_images/image222.png

Data Seeding is to take a folder from a source location and seed into a team folder.

On the left of the dialog, it is the source folder path information.

On the right side of the dialog, it is the Target team folder information.

If you are seeding the data into a brand new team folder, you will first go into the team folder area and create a new team folder with empty content inside, and then come back to data seeding page and select it from the team folder drop down.

Create a New Tenant

Cluster Manager > Tenant Manager

Click on the “Plus” sign can start the creation of a new tenant.

_images/image181.png

The first screen under “Add Tenant” is asking for a few parameters related to who the tenant is.

_images/image182.png

“Create with Default Settings” will get it done and the tenant will get all the default setting, including the storage location allocation.

“Continue” you can customize the settings and customize the storage location.

If you pick “Continue”,

The second screen under “Add Tenant” is asking for the division of work between the cluster administrator and the tenant administrator.

_images/image182_1.png

The third screen under “Add Tenant” is asking where the root storage for the tenant will be at.

_images/image182_2.png

Automatically assign a sub-folder from cluster default tenant

When selected, the tenant’s default storage will be a sub-folder inside the cluster default tenant’s storage folder. It is easier to manage when you don’t need per-tenant storage access credentials. This is the easiest option because if every tenant is allocate a sub-folder from the default tenant. The default tenant storage location is a single place to take care of all the storage need.

Use existing file server or local disk as default storage

Using this option, you can connect the tenant’s root folder to a file server network share. If you want the tenant users to continue to share file server network share from CentreStack, it is recommended you use the “Import Network Share” feature instead of pointing the default storage to the file server share, because CentreStack will assume it has 100% of the control of the storage location.

_images/image182_3.png

Use Cloud Storage as default storage

Use this option, you can connect the tenant’s root folder to Amazon S3, Windows Azure Blob, OpenStack storage as well as others.

_images/image182_3.png
Using Amazon S3 bucket for tenant storage

Tenant Manager > {Create New Tenant} > Use Cloud Storage as Default Storage > Amazon S3

You can pick Amazon S3 as the target storage for the tenant if you want to.

_images/image223.png

After you pick the Amazon S3, the first screen it will be asking for Access Key and Secret Key.

_images/image224.png

You will need to log into your AWS console to get the access key and secret key. You can use master access key and secret key, by default the master key has default access to all buckets. You can also create an IAM user and use the key from a specific IAM user. However, by default, the IAM user is locked out of access to any bucket until bucket access policy is created and attached to the IAM user.

If you use IAM user, here is a sample S3 Bucket access policy to grant an IAM user to a specific bucket. As shown below, the policy gives an IAM user the ability to use bucket “user3onlybucket”

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListAllMyBuckets"
            ],
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:AbortMultipartUpload",
                "s3:DeleteObject",
                "s3:DeleteObjectVersion",
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:GetObjectTagging",
                "s3:GetObjectTorrent",
                "s3:GetObjectVersion",
                "s3:GetObjectVersionAcl",
                "s3:GetObjectVersionTagging",
                "s3:GetObjectVersionTorrent",
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:PutObjectTagging",
                "s3:PutObjectVersionAcl",
                "s3:PutObjectVersionTagging",
                "s3:ReplicateDelete",
                "s3:ReplicateObject",
                "s3:RestoreObject"
            ],
            "Resource": [
                "arn:aws:s3:::user3onlybucket/*"
            ]
        }
    ]
}

After it is all setup properly, you can use the IAM user’s access key id and secret access key to connect to the Amazon S3 bucket.

_images/image225.png

When the correct access credential is given the next screen is to select a bucket from Amazon S3.

_images/image226.png

You can pre-create a bucket in Amazon S3 and then pick the bucket in the current page. After that, it will take a short while for the system to be ready for the new tenant created.

_images/image227.png

After the tenant is created, you will be looking at the dashboard of the tenant.

Using Windows Azure Blob Storage for tenant storage

In addition to Amazon S3 bucket, you can also use Windows Azure Blob Storage as the tenant’s back end storage.

Similar to the above Amazon S3 setup process, you can pick “Windows Azure Blob” as the option during the tenant creation process.

_images/image229.png

The next screen it will be asking for Blob URL and the Primary key.

_images/image230.png

You can get this information from the Azure Portal.

_images/image231.png

Here is a simple mapping between azure portal and the parameters it ask for.

_images/image232.png

After you put in the account information, the next screen is to pick a container to use.

_images/image233.png

After the container information is all set, the tenant account will be created.

Cluster Admin

Cluster Manager > Cluster Admin

Cluster Admin section is to change the properties of the default administrator and also to add additional people to be the cluster administrators.

_images/image005.png

Cluster Branding

Cluster Manager > Cluster Branding

Cluster Branding is for changing the logo, bitmaps and other branding related information. There are two branding supports. One is self-service built-in branding, which is completely controlled by the “Cluster Branding” settings on the “Cluster Manager”. The other is full-branding service. Both rely on the “Cluster Branding” to change the look-and-feel of the web portal. Built-in branding will work with white-label clients, which upon the first connection to the cluster, will download the branding related information and use the branding related information. As compared to full-branding service, the full branding clients will have artworks, logo bitmaps and related information burned into the client binaries.

1. General

Cluster Manager > Cluster Branding > General

Under the general tab you can specify the name and other settings as specified below.

1.1 Product Name

This is where you will specify what you would like to call the product. This is the name that users will see when they login either in web portal or the client applications. You can also choose a color theme which you would like your users to see when they login to the portal. You can choose a color theme that is close to your company colors.

Product Name
_images/image006.png
1.2 Feedback Email

Users’ feedback will be delivered to this email address.

_images/image122.png
1.3 Home Page URL

This is the URL of your ‘Home Page’ page.

_images/image051.png

2. Web Portal

Cluster Manager > Cluster Branding > Web Portal

Note

In previous builds, the best way to get icons to work is by putting the icon files on the same server and reference the icons via relative link. For example, you can create a sub folder under the Install Folder of the CentreStack, such as under root/imagetest folder. The dimensions for all icons for each setting under web portal should match what is displayed for each setting. The branding of the icons and images require the icons and images with the same width/height as specified or same aspect ratio if the resolution is higher.

In later builds, the icons used are what-you-see-is-what-you-get and you can upload those icon sets.

_images/image234.png
2.1 Application Icon

The is the image that is displayed next to the product name in web portal.

_images/image123.png
2.3 Drive Icon

This is the icon that will be used for the cloud drive. For example in the web portal tree view.

_images/image124.png
2.4 Logo Url & Login Page Left Image
_images/image125.png

Please follow the same steps for branding settings for ‘Login Background Image’, ‘File Share Stamp…’, ‘Login Page Note:’, ‘Change Password URL’, ‘Tutorial Page URL’.

3 Client Download

Cluster Manager > Cluster Branding > Client Download

You can choose not to show the download link for some clients here.

_images/image053.png

4. Windows Client

Cluster Manager > Cluster Branding > Windows Client

The application icon and drive icon URLs can be specified here. Also, you can put in your company name under ‘Manufacturer Name’ along with the ‘Contact Info’ email. You also have the option here to create your own branded MSI Windows client. You can also use your own code signing certificate in order to digitally sign the MSI package. The advantage of creating your own MSI client package is that when users download and install the Windows Client you provide, they will see your company name along with your branding during the client installation.

Windows client supports multiple languages. Some language packs are included and shipped with CentreStack. If you need to run the Windows client under a different language, you can set the UI Language there.

_images/image055.png

Once you clicked the “Edit” button to edit the Windows Client branding information, you will be able to provide EULA (End User License Agreement) and Code Signing Certificate.

_images/image235.png

EULA:

This will be a rtf file format as input.

Code Signing Certificate:

You can acquire a code signing certificate from your code signing certificate vendor. Most SSL vendor also provide code signing certificate. Make sure you use SHA 256 (SHA2) as your digital signing certificate hash algorithm.

If your Code Signing certificate is already installed you can also use the option - Sign using cert in certificate store

5. MAC Client

You can configure the MAC client and MAC client installation package branding under here.

5.1 Client Branding
_images/image056.png
5.2 Installation Package Branding

There is some preparation work required in order to create the MAC client branded installation package. Please read the description and follow all the steps listed under this setting.

_images/image057.png

The transform of Mac installation package is done by a bash transform script (transform.sh). Prior to the transform, there are some preparation work.

Step 1 - Acquire Apple Mac Developer Account.

The Mac Installer (PKG) file will need to be signed by the Apple Mac Developer Account. Otherwise the pkg will be blocked by the later Mac OS such as 10.9 or 10.10.

After you acquire the Mac Developer account, you can download the signing certificates, one for signing application files and one for signing installer package.

You can find the name of your certificates from the KeyChain Access application.

For example, the signing certificate names may look like these:

Note

“Developer ID Application: Gladinet, Inc. (CX8U2YJ96P)”

“Developer ID Installer: Gladinet, Inc.”

You can modify the transform script will use these certificates.

Step 2 - Prepare your branding information.

All the branding information such as product name and branding artworks are contained in one single directory. You can use the testbranding folder as an example and replace all the information contained inside to have all the branding information ready.

The folder will be an input command line parameter to the transform script.

Step 3 - Prepare the PKG files.

In the standard Gladinet Mac binaries, there are a couple DMG file. DMG files are Mac image files. When you mount the DMG files, you will see a PKG file in each of the DMG file. The PKG file will be the input to the transform script.

Once you have the PKG file, the signing certificate and the branding folder, you are ready to do the transformation.

Step 4 - Change the transform script to use your certificate.

Locate the two lines inside the transform script,

readonly SIGN_APP_STR=”Developer ID Application: Gladinet, Inc. (CX8U2YJ96P)readonly SIGN_PKG_STR=”Developer ID Installer: Gladinet, Inc.”

and replace these two lines to use your own certificates.

Step 5 - Apply the transform

The syntax for the transform is

transform.sh branding_dir mac_pkg_file

The generated branding installer will be called output.pkg in the same folder

You can read the transform.sh shell script for more details.

6. Android Client

Note

Branding of android client can now be automated from partner portal (http://www.centrestack.com). The information here in this section is preserved for legacy reference. Please goto http://www.centrestack.com to brand Android client.

The branding of Android client and iOS client is done from www.centrestack.com, instead of from your own centrestack server.

_images/image236.png

7. iOS Client

Note

Branding of iOS client can now be automated from partner portal (http://www.centrestack.com). The information here in this section is preserved for legacy reference. Please goto http://www.centrestack.com to brand iOS client.

As shown in the above picture, you can generate branding task and request for Android branding and iOS branding.

8.Emails

There are many places in the CentreStack that need to contact the users via email. So the “Emails” tab is used to set up the email templates used for contacting users via email.

Welcome Email for New Tenant

This is the email sent to the new tenant when the tenant is created. The email is sent to the tenant administrator.

Welcome Email for New Team User

Team user is a regular user in a tenant. This is the email template that is sent to the user when the user account is created.

Welcome Email for New Guest User

Guest user is a regular user in a tenant, that doesn’t have a home directory associated. So the guest user can only operate within shared files and folders from other regular user. This is the email template that is sent to the guest user when the guest user’s account was provisioned.

Email for File/Folder Share

This is the email sent to a user when the user is about to receive file/folder shares.

Request a File

This is the email sent to a user when the user is about to receive an invitation to upload a file.

Notify external user that shared file changed

When shared file/folder changed, this is the email that is sent to the user who receives file/folder shares.

Admin Reset User Password Email

This is the email that sent to a user when the user’s password is reset.

User Reset Password Email

This is the email that sent to a user when the user reset password himself/herself.

New Sign-in Action Email

This is the email notification sent to the user when the user login from a specific machine.

Settings

This is to set the reply email address. Typically the email is sent with the SMTP service set. However, if the reply address is different, you can set it here.
_images/image009.png

9. Export/Import

You can either export the branding settings to another CentreStack cluster or you can import branding settings from another CentreStack cluster in this cluster under this setting.

_images/image060.png

Email Service

Cluster Manager > Email Service

There are many places in the CentreStack solution that the user needs to be contacted by Email. The Email service is used to set up the SMTP email service to send out the emails.

By default, it works out of box using the default email service with CentreStack’s customer support email address as the sender.

It is recommended that the SMTP service being setup to use your own SMTP service to send out emails.

In the Authenticate User field, if your SMTP service doesn’t require authentication, you can put dummy email in the field.

Note

For example, if your email service is on Office 365,

:SMTP Server Address
smtp.office365.com
:Use SSL
True
:SMTP Server Port
587
_images/image184.png

Cluster Server Farm

Cluster Manager > Cluster Server Farm

Cluster Server Farm has two types of nodes, one is “Worker Node” and the other is “Web Nodes”.

_images/image010.png

Web Node:

Note

In small deployment, there is no need to have web nodes. You can go straight to worker nodes since worker nodes by defaults are web nodes too.

The Account Management, Sign-in and Load-balancing services will be installed on this physical machine (or virtual machine). Depending on the load, you may need 1 to N such nodes. Normally, we recommend for every web front node, you can have 10+ worker nodes. When you have small deployments, you can skip web front nodes and combine them into worker nodes. All the installation work is the same. If you do not need web front node, you do not need to assign them in the cluster manager.

Example:

ACME Corporation deploys two web front nodes node1.acme.com and node2.acme.com. Each node is running a copy of CentreStack server connecting to the same SQL database.

ACME Corporation acquires a domain name (DNS) of cloud.acme.com which is load balanced to node1.acme.com and node2.acme.com.

When Users point their browsers to https://cloud.acme.com it is directed to one of the nodes login page.

Note

NOTE 1: If you have hardware load balancing available, you do not need to use web nodes at all.

NOTE 2: Windows 2012/R2 comes with Network Load Balancing (NLB). If you use NLB, you do not need web nodes at all.

Basically, if you have any existing load balancer, you can omit web nodes.

Worker Node:

Cluster Manager > Cluster Server Farm > Worker Node

This type of node will contain services like Web Browser Based File Manager, Storage Service Connectors, and etc. Again, additional nodes can be added as the load increases. Because there is cache information located on each node, users will have an affinity to a single node once it is assigned. If the load balancer distributes users evenly to all worker nodes, the cache information may exist on all worker nodes.

_images/image011.png
Worker Node Settings

There are some settings that applies to all worker nodes.

_images/image185.png

After click on the “Settings” icon. The settings panel will show

_images/image186.png

Always force SSL on Login

In a production environment, almost 100% of the time you will need to check “Always force SSL on Login”. When this is checked and when the CentreStack detects incoming connection is HTTP, it will do a redirect to HTTPS. If you turn on SSL, you will need to setup SSL certificate first.

However, if you have SSL-offload, such that SSL is offloaded to a hardware appliance, and after that, the incoming connection is HTTP between the hardware appliance and the CentreStack. In this SSL-offload case, you will NOT check “Always force SSL on Login” because it will create infinite redirect loop because the incoming connection is always HTTP as far as CentreStack is concerned.

Always force SSL for Native Clients

In a production environment, almost 100% of the time you will need to check “Always force SSL for Native Clients”. Especially, in the case of SSL-Offload, you MUST check “Always force SSL for Native Clients”. Otherwise, the CentreStack may think that the incoming connection is HTTP so it will continue to encourage the native clients (such as Windows client) to use HTTP instead of using HTTPS.

Note

in iOS devices, the Application Transport Security may be enforced by the operating system and HTTPS must be used for iOS Application to connect to CentreStack server.

Disable worker-node load balance

When you have your own load balancer, you will disable worker-node load balancing. CentreStack has built-in node-affinity load balancing, which can be per-tenant or per-user. When you have your own load balancer, you may have session-affinity or just simple round-robin, either one is fine.

Note

How to add worker node?

You just go ahead to install CentreStack server, during the installation, point the CentreStack server to the same database. Upon finishing the installation of the CentreStack worker node and reboot, the web portal page will pop up and asking you to add the worker node to the server farm.

Warning

What if you changed the CentreStack Server’s Host Name?

For Windows server 2012 and later Server OS, when a server is newly provisioned, it is typically named WIN-ABCDEFG kind of hostname. Sometimes, it is desired to change the name in the Control Panel -> Systems. If CentreStack server is already installed, changing name will make CentreStack to add itself again with the new name. So next time when you visit http://localhost on the CentreStack server after the server has been renamed, you will see the worker node section has both the node with the old name (which no longer exist) and the node with the new name (Which is current and good). In this case, you just need to simply remove the worker node with the old name.

Worker Node Properties
_images/image014.png

You may need to modify worker node properties when you setup SSL and the DNS name for the cluster.

Node Name

The Node Name needs to match the worker node’s hostname. Sometimes, if you rename a worker node’s Windows hostname (NETBIOS name) after the CentreStack installation, the CentreStack server upon reboot, will pop up a web page, asking you to add the new worker node. In that case, you can go ahead and add the new worker node and then delete the old worker node.

External URL

The External URL needs to match the worker node’s external URL. In a production environment, this typically is in an https:// format with the node’s DNS name.

External URL is a critical property for Email templates. Upon the CentreStack installation finished, the dashboard will have a warning message:

External DNS has not been configured for this worker node. Some functionality may not work properly. Config Now

The moment you finalized on the External DNS name of the CentreStack server, you shall come here and configure the ExternalURL property for the CentreStack server.

Internal URL

The Internal URL is the node’s internal URL, typically in the form of http://local-ip-address format. In later CentreStack server build, this property is hidden and no need to be set any more.

Disable management functionality

You can create an internal facing worker node (that doesn’t have an externalURL) and only allow management functionality on this worker node. This is a security feature.
Worker Node - Edit Cloud Monitor Setting
_images/image101.png

Enable Storage Scan

Enables or disables storage scan on the worker node. On the worker node, there is a cloud monitor service. The service will be doing background monitoring and make scan storage from time to time to correct quota calculation and perform other maintenance tasks.

Scan Starts Hour

Typically you will set the scan start time to sometime in the early morning like 1AM.

Scan End Hour

Typically you will set the scan end time to sometime in the morning like 8AM before everyone comes to work. The main idea is to leverage idle time (when people are not at work) to do the scanning.

Scan User Storage Every (n) Days

Typically you can set it to every week or every other week. so a number between 7 to 15 is reasonable.

Enable Change Monitor

Enable change monitor monitors the attached local storage such as storage from file server network share and report file change notification to remotely connected clients. This usually is required if your users are both modifying documents directly from the backend attached network share and also from the front end CentreStack access clients.

Index External Storage

This setting will index storage services added via the “Storage Manager”. The index will be written to the files table in database.

Enable Storage Purge of Deleted User

When a user is deleted from the system, the user’s home directory is not immediately removed. And a lot of times, you don’t want to delete it at all. For example, a user is deleted from the CentreStack system, but the user may still continue to use the files and folder directly from the network.

Process Background Task

Whether this specific node will process background task.

Enable Change Monitor for Home Drive

If Active Directory Home Drive integration is on, this will enable CentreStack to monitor the changes on the home drive and notify remote client agents that files/folders changed.

Send daily scan email

If storage scan is enabled, a daily scan email will be sent to the cluster administrator about the result of the scan.
Zone

Cluster Manager > Cluster Server Farm > Zone

The concept of zone is to associate worker nodes with the location of the storage. When you think about zones, you will think about your storage location first.

For example, I have storage in LA so I have an LA zone. I also have storage in NY so I have a NY Zone.

You can have worker nodes from different zones as well and assign users to specific zone. If user’s home directory is coming from LA zone, the user will need to be assigned to LA zone.

_images/image015.png

Reports

Cluster Manager > Reports

9.1 Active Users

Active users reports the active users on the web portal. The active users report doesn’t include users from windows client or other native clients because those users are more persistent (always there).

_images/image128.png

9.2 Guest Users

Guest users are those users that don’t have a home directory but are invited to participate on some shared folders and shared files.

_images/image129.png

9.3 Node Performance

You can use the Node Performance to check out the worker node health and the database health.

_images/image016.png

Last Reported

You want to see this field has small numbers such as 6 seconds, 10 seconds. If you see sometime like 3 hours ago, that means the node is not reporting the health.

Total Requests Processed

You want to see this number as big as possible. This number is cumulative since the service was last re-started. So the bigger the number, the more stable the service is. Also when you have multiple worker nodes, you want to see the Total Requests distributed evenly among the worker nodes.

Request Executing

You want to see this number as small as possible. This means the number of requests that are concurrently executing on the server. In general a number smaller than 100 is normal. Bigger than 100 is abnormal. Anything bigger than 20 will require investigation.

Last Request Time

You want to see this number as small as possible. This means the number of milliseconds for the last request. In general, numbers smaller than 3000 or 5000 are normal, which translates to below 3-5 seconds.

Pending Change Notification

For the files and folders that are changed, there is change notification written to database. In general, you want to see pending queue as short as possible.

Active Node Request

These are the clients out there contacting the server. Usually it is just for the reporting purpose.

Pending Change Polling

This is the clients out there polling to see whether there are files and folders that are changed. Usually the smaller the better.

Active Clients

For reporting purpose.

Pending Dir Request(H)

The pending directory listing calls from the remote clients to the CentreStack server. This is the high priority queue.

Pending Dir Request(L)

The pending directory listing calls from the remote clients to the CentreStack server. This is the low priority queue.

Note

If you don’t see the node performance report, check the Internal URL setting of each worker node.

Under reports you can look at the upload graphs and storage statistics.

9.4 Upload Report

Upload report tab shows you graphs for all the uploads that have taken place on the last sixty minutes, 24 hours, 30 days and the whole week.

_images/image063.png

9.5 Storage Statistics

Under storage statistics, you can see a quick overview of the overall storage statistics, size distribution and file type distribution pie charts, and users who have used the most storage so far.

_images/image064.png

9.6 Bandwidth Usage

Overall bandwidth usage statistics as well as more granular tenant and user level statistics.

_images/banduse.png

Cluster Settings

Cluster Manager > Cluster Settings

Under cluster settings, you can configure auto-client update, web applications, and other settings like 2-Step Verification, multiple domain support, etc..

10.1 Google Drive and OneDrive Integration (Storage Manager)

_images/image131.png
10.1.1 OneDrive for Business Integration

In order to complete the OneDrive for Business Integration, you will first need to login to your company’s Office 365 portal.

_images/image237.png

After that, click on the Admin tile and then on to the “Azure AD” section.

_images/image238.png

After that go to the Applications section of the company Azure AD web portal

_images/image239.png

Now add a “Web Application”

Sign On URL:

This can be set to the LoginPage.aspx for your CentreStack Server.

Client ID:

This will be generated by Azure AD and you will need to copy it back to the configuration page of CentreStack.

App ID URI:

This can be the same as the Sign On URL

Reply URL:

_images/image240.png

You will need to grant permissions according to the following pictures.

Office 365 SharePoint Online:

_images/image241.png _images/image242.png

Windows Azure Active Directory:

_images/image243.png

10.2 (Client Version Manager) Client Auto Update

Cluster Manager > Cluster Settings > Client Version Manager

For Windows Client, Mac Client and Windows Server Agent, there is auto client update feature. Each upgrade package contains the updated clients. By clicking on the Publish button, the newer package can be published to clients out there.

Every new CentreStack server upgrade contains the newer Windows client, Windows Server Agent and Mac Client. The CentreStack users via manual download can get the clients that are included in the CentreStack server. However, for existing users that with previously installed clients, those older clients will not auto upgrade until the later and newer client packages are published.

Daily Upgrade Limit:

This is a per-worker node setting. For example, if you have 2 worker nodes, and set the daily upgrade limit to 100, maximum 200 clients will be upgraded per day.

Apply to Users:

This typically is used for testing prior to push the client out.

Do Not Apply to Users:

This typically is used for testing prior to push the client out and to exclude certain users.
_images/image018.png

Note

The windows client out there has a process running as a background windows service. The service will periodically check for newer upgrade in about 1-2 hours interval. Once a newer client package is published and discovered, the newer package will be downloaded. However, if the client is still actively running, the replacement and upgrade will not happen until the client application is stopped and restarted. This usually happen after Windows logoff or restart.

If the Windows client software is actively running, the user may be seeing a message popup from the system tray area asking user if they want to restart the client software to receive the newer version.

Once a client is published for client auto upgrade, you can use Unpublish to stop the client auto upgrade.

_images/image244.png

Server Agent

Windows Server Agent can be separately published for auto upgrade.

Mac Client

Mac client can be separately published for auto upgrade.

10.3 Application Manager

Cluster Manager > Cluster Settings > Application Manager

You can also configure Web Apps under ‘Application Manager’ tab in Cluster Settings. This will enable the users to edit documents using the web apps. The applications here only applies to web portal based editing.

_images/image066.png

Once an application is enabled, you will be able to see the context menu entry from the web based file and folder manager view.

_images/image245.png

10.4 Settings

Cluster Manager > Cluster Settings > Settings

_images/image019.png
Cluster Settings

Cluster Manager > Cluster Settings > Settings > Cluster Settings

_images/image187.png

Hide Login Failure Message

When checked, the login failed message will be replaced by a very generic “Login Failed” message. When un-checked, it may return more meaningful login error, such as user-not-found, authentication-error and so on. This is a security feature if you don’t want to give out too much information for hackers to guess a reason for authentication failure.

Hide support button

This hides the floating support icon.

Hide build number from login page

This controls the build number on the web portal login page.

Enable Content Management Policies – Reserved

Hide ‘Forgot your password’ link on login

Most often it is used when Active Directory integration is set. The user will need to do forget-and-change password the normal Active Directory way instead of the way CentreStack provides. In this case, it is recommend to hide the “Forgot your password” link.

Don’t retry when login failed

Most often it is used when the Active Directory user has low failed-count on lock-out policy. When the user’s password is wrong, a few retry can lock out the user’s Active Directory account. The retry feature can be used when there is no Active Directory lock out or when the lock out count is high.

Show ‘purge storage option’ when delete user

By default when a user is deleted, the user’s home directory storage content is not touched for later use or review. If it is desired to delete the user’s content when the user is deleted, this can show the purge option.

Enable Multiple AD Domain Support

In the multi-tenant environment, you can always link one Active Directory to a tenant. However, in some cases, a single tenant may have multiple un-related Active Directory. In this case, Enable Multiple AD Domain support will be useful.

When you have multiple Active Directory from multiple forests in a specific tenant, you can turn on this option. The CentreStack software is capable of automatically search for domains in one single forest. However, for multiple forests, the software will allow you to manually enter the root of each domain when this option is enabled.

Note

The AD support here is related to using LDAP for Active Directory connectivity. If you are using “Server Agent” to connect to multiple Active Directories in proxy modes, you don’t need to turn it on here.

Note

If I turned it on, where to see the change?

You will see the difference in the per-tenant Active Directory setting page. Instead of a single AD setup, you will see a table that allows you to add multiple rows, with each row represents a single Active Directory LDAP connection.

Turn on 2-step Verification

CentreStack supports Google Authenticator, Amazon Virtual MFA soft token for 2-step verification. When this setting is turned on, users will see the option to configure 2-step verification in their web portal.

Don’t send email notification to user when purge deleted content

When user delete files. They are not actually deleted immediately. The purge is asynchronous and scheduled at a later time. This setting controls the notification.

Don’t send email notification to admin when purge deleted content

When user delete files. They are not actually deleted immediately. The purge is asynchronous and scheduled at a later time. This setting controls the notification to the administrator.

Use ‘Icon View’ as default web file browser view

Icon view is set when this setting is enabled. (The opposite is ListView)

Retrieve avatar from third party service (i.e. Google)

This is a usability feature that users’s picture can be queried from Google.

Hide file extension in web file browser

This setting will hide the file extension.

Disable Windows Client Auto-Logon

This is a security feature. The result is every time the windows client is done running. The next start will not remember the login token and the user will have to re-type the credential to get in.

Web Browser Session Timeout (minutes, 0 - never timeout)

This is the web browser session time out value. Default is set to 15 minutes. For default cluster administrator, we recommend increase this value to a bigger number so it is easier for web based management work not to time-out too soon.

Native Client Token Timeout (days)

For Windows client and Mac client, this defines the token time to live.

Distributed Lock Idle Timeout (minutes, 0 - never timeout)

This setting is related to automatic file locking. When a file is automatically locked, the machine that has the file locked will need to maintain a healthy heart beat with the CentreStack server. If the machine is offline (idle) and can’t report back to the CentreStack server for a period of time, the lock that was automatically grabbed will need to be released.

If this is not desired, the user can always use manual “Check Out” to lock a file and that will not be subject to the timeout.

Open third party web application in new window when the height of the web browser is less than

This is a usability feature. When using third party web application to edit documents in CentreStack web browser file and folder view, if the web browser height is too short, the third party web application may not function properly.

Max Device Count(Concurrent Device Count) for Each User (0-Unlimited):

This is the number of concurrent devices connected to CentreStack for each user. The default is not limited.
Performance and Throttling

Cluster Manager > Cluster Settings > Settings > Performance and Throttling

_images/image134.png

Don’t show file icon preview if file size is larger than(KB, 0-No icon preview)

This is used to control iconview thumbnail generation in the web browser files and folders view. The generation of thumbnail takes CPU power from the CentreStack server. For big files, the generation of thumbnail may negatively affect system performance. So it is recommended to cap the feature to certain image size.

Cluster Wide Upload Bandwidth Limit(Per Worker Node, KB/Sec, 0-No Limit)

This is to limit upload bandwidth.

Cluster Wide Download Bandwidth Limit(Per Worker Node, KB/Sec)

This is to limit download bandwidth.
Languages

Cluster Manager > Cluster Settings > Settings > Languages

_images/image135.png

This section setup the web portal languages and also client application language for Windows client.

Branding

Cluster Manager > Cluster Settings > Settings > Branding

_images/image137.png

Don’t Show Tutorial Videos

At different places in the web portal, there are tutorial videos. This setting is to hide those videos, which may have CentreStack references inside.

Enable Tenant Branding -

Allow tenants in the system to have their own co-branding on a tenant-by-tenant basis. The branding can override the default Cluster wide branding when the solution is accessed via a specific URL. Most of the time, a wild card SSL certificate is used so the CentreStack solution can be bind to different URL with a common suffix. For example *.mycompany.com , while tenant1.mycompany.com is for tenant 1’s access.

Only allow branded client to access

This can lock out the generic client and only allow branded client to connect.

Branding Id

This setting only apply to full-branding clients. For the full-branding client, it is possible to lock the full-branding clients to only connect to the branded CentreStack server. When set, it will lock out the white-label clients or other non-branding clients and will not allow them to connect.
Change Log

Cluster Manager > Cluster Settings > Settings > Change Log

_images/image136.png

Keep file change log for n days

This is a cluster wide retention policy for the file change log. The file change log is in the SQL database, for deployments that are using SQL Express, it has size limitation for the database. In the deployment guide, there is option to split the file change log into MySQL database or split it to a different SQL database. This option typically is used to keep the size of SQL small.

Note

After the CentreStack running in production mode for a while, we recommend reviewing the file change log database table and the file index table to see how big those tables are.

Email Address to Receive Cloud Monitor Messages

From time to time, the cluster monitor service may send email about status, alert and here is the email address to receive the emails.

Logging DB Connection String

This is to split the file change log, device table, file index table and audit trace table out of the main database into a secondary database. The secondary database can be a Microsoft SQL Server or a MySQL Community server.

The CentreStack database is split into core part and the logging part. The core part can store the DB connection string that connect to the secondary database. This setting used to be in the web.config file.

License String – Reserved.

This is for CentreStack servers that are isolated from the Internet and can’t be activated online and has to use a license string for offline activation.
10.6 Anti Virus

Cluster Manager > Cluster Settings > Anti Virus

You can enable anti-virus protection which will ensure that the files being uploaded via CentreStack server are scanned by the selected anti-virus software.

You will first need to obtain the anti-virus service that is independent from the CentreStack server, and get it directly from the anti-virus vendor. After that, you can integration the anti-virus service into CentreStack server.

_images/image067.png

Default Group Policy

Default group policy can be applied to all tenants in the cluster. However, if the tenant also define its own group policy, the tenant policy can over ride cluster wide default group policy.

Please reference the Group Policy in the tenant administrator section for full list of policy items.

_images/image246.png

Languages

We have automated translation and provide the resource files that you can use to localize the web portal and clients in the language of your choice. If there are strings that not translated yet in the language you want, just go ahead and select the string and put in the translated string in the window for the language selected.

_images/image065.png