Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
OVERVIEW
& ARCHITECTURE
SECURE ENTERPRISE FILE SERVICES
FROM EDGE TO CLOUD
Table of Contents
Executive Summary 1
Introduction 2
Server Agents 17
Portal 26
CTTP Protocol 30
Security 41
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Executive Summary
IT is being charged with securely adopting cloud technology while also
offering modern data accessibility and protection approaches that may
unwittingly omit legacy file services. CTERA renovates data infrastructure to
meet these challenges by providing both modern and legacy file services in
a unified approach that is security-oriented and utilizes on-prem, hybrid
cloud, or virtual private clouds.
Because CTERA is the only platform that unifies EFSS, backup, and cloud
storage gateways, there are significant financial implications: any
comparable approach requires two or more vendors and the associated
overhead. To provide an environment of 80TB of user files with file sharing,
backup, and cloud storage gateways, the cost for CTERA software and
hardware is 67% less than using multiple vendors to receive similar
1
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
functionality. There would be an even larger spread when considering
additional management, storage, and administration costs needed for a
multi-vendor approach.
Introduction
Today’s enterprises are facing a challenge of modernizing critical IT use
cases such as user file storage, file collaboration and data protection by
introducing modern approaches to IT that leverage cloud infrastructure
without sacrificing security. Organizations with a global presence are
seeking to adopt IT-as-a-Service methods of user service delivery that
improve the end-user experience and leverage the cloud (including
on-premises cloud technology and virtual private cloud) to improve
flexibility and reduce costs. Enterprise File Synchronization and Sharing
(EFSS) often becomes a lightning rod in this situation, as security offices
look to replace shadow consumer IT services that end users have adopted,
2
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
but are equally critical of the shared security and data ownership models
that are introduced when adopting enterprise SaaS services to counter
Shadow IT. For 10,000s of businesses around the world, CTERA solves these
issues by enabling enterprises to modernize file services and deliver
fully-private, cloud-oriented file storage, collaboration and backup services
that unify the organizational file space, enable complete IT security, and
lower TCO and administration
The first thought towards that end is to link the disparate systems together.
But utilizing connectors between legacy systems simply adds complexity
without actually fusing the experience and management. Instead, a unified
namespace could span legacy and cloud systems to create a consistent user
experience and simplified management.
3
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Figure 1: The continuum from IT-focused storage to end
user-focused content repositories
4
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Gartner acknowledges the security dangers inherent in SaaS file sharing in
their report, “How to Mitigate the Risks of Public Cloud EFSS and Storage.”
The key challenges they identify are data geography compliance, data
provenance, ceding decryption responsibility, and over-empowering users.
While the analyst firm doesn’t specifically mention recent high-visibility
breaches of popular enterprise SaaS services such as Dropbox, Slack,
Evernote and Adobe, these events certainly influence the enterprise
conversation about IT security.
Virtualization Virtualization
Virtualization
Servers Servers
Servers
Storage Storage
Storage
Networking Networking
Networking
5
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Introducing the CTERA Enterprise
File Services Platform
CTERA’s focus is on building a private cloud storage-as-a-service platform
that centrally manages file and data protection services and unifies IT
security and governance to follow enterprise data wherever it flows. The
private cloud can be on-prem or part of a virtual private cloud.
The CTERA platform consists of four components that are all connected via
CTERA’s patented cloud protocol. The platform is securely deployed on any
private or public cloud infrastructure and data is centrally stored in any
choice of NAS or object storage. While every deployment requires a CTERA
Portal, organizations have the flexibility to select from a variety of mobile,
server and NAS endpoints to meet business objectives. Furthermore, the
solution is available as a managed service.
6
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Figure 3: Capability highlights of the CTERA platform
CTERA Portal
Roaming Users
File Access, Editing, CTERA’s Scale-Out Cloud File System
Sharing (EFSS), Backup,
Self-Restore • Service Orchestration
• Data Management & Optimization
Source-Based Enterprise
Encryption Authentication
Offices
Backup, Self-Restore, File Access, Editing,
Sharing (EFSS), NAS Protocols
7
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Figure 4: The main components of the CTERA platform
Enterprise Management,
1 Integrations & APIs
CTERA Endpoint
Laptops
Agents/Apps
AV Automation
2
CTERA Server Agents
Virtual Servers
• File/App-Level Backup
• In-Cloud+Cross-Cloud CTTP Protocol
Secure & WAN Optimized
Cloud Access
5
AES-256 + SSL
De-Duplicated Compressed
Bandwidth Control
8
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
1 Gateways: Storage appliances that provide local NAS functions and
serve as targets for CTERA workstation and server backup agents. All
data is synchronized to the CTERA Portal. Gateways support ACLs and
quotas and provide persistent storage access to users even during
network outages when disconnecting from the portal.
4 CTERA Portal: CTERA’s cloud file system that is responsible for data
synchronization, data protection, infinite file versioning, and service
orchestration. The Portal is scale-out file service delivery middleware that
runs on your cloud infrastructure of choice: where all data, metadata,
encryption and credentials are stored securely behind your firewall.
9
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Enterprise File Services Platform Use Cases
The CTERA platform is the only solution to provide the full continuum of
cloud-based file services across the enterprise. It’s one platform that
supports many use cases with unified IT control. Customers often adopt
multiple use cases as part of their data infrastructure modernization effort.
Private EFSS
Office Modernization
Endpoint Backup
10
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Cloud Server Backup
In addition to working with CTERA gateways, CTERA backup agents can
also connect directly to the portal to provide an efficient and secure
approach to protecting servers in and across clouds. By abstracting the data
protection process away from any one cloud platform, CTERA’s cloud data
protection solution enables organizations to adopt multi-cloud strategies
that eliminate the risk and minimize the cost of embracing the cloud.
CTERA Portal
11
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
End users of the CTERA platform can use CTERA software installed on their
personal computers, virtual desktops, smartphones, and tablets. The
low-footprint software provides secure data protection, file sync and share
services, mobile access, and VDI home folder redirection utilizing a copy of
data in the cloud.
Figure 6:
Adding a local folder
to the cloud file system
via right-click
Capability Summaries
File Synchronization
A PC’s local folders and files can be added to the cloud file system. Changes
to the files (made locally or elsewhere) are synchronized at all locations by
CTERA agents. Prior file versions are tracked, retained, and accessible.
Users can synchronize existing cloud folders (such as shared folders) with
their PC, so that they have a local copy of the latest version of files.
Of note, the end user has flexibility on which folders are synched and where
they are stored. CTERA does not mandate that local cloud files be placed in
a “CTERA” folder. Sub-folders can be excluded from synching.
12
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
File Sharing
Users can share files or folders with users and groups using a right-click
menu. A link to the file is emailed to the recipients. It can have specific
permissions: read/write, read-only, preview-only, or no access. The user can
require specific authentication methods and can set an expiration date. A
corporate sharing policy set in the CTERA Portal is also enforced by the
agent, preventing oversharing.
File Backup
The CTERA PC agent can back up files and folders directly to a CTERA
Portal (either on-prem, or in a cloud) or to a CTERA Gateway, which can then
back up to a CTERA Portal for a tiered approach. The Gateway and Portal
can have different retention periods. The agent enables self-service restore
of retained file versions.
There are agent settings for inclusion and exclusion sets, a scheduler, and
bandwidth throttling. The agent can back up both unlocked and locked files.
13
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Administration, Deployment, and Update
CTERA agents can be centrally managed from the CTERA Portal, and may
be deployed using platform-specific settings templates along with Active
Directory installation. The agents can be remotely updated as well.
Mobile Agents
Operating Systems Supported
CTERA mobile agents run on iOS, Android, and Windows Phone. They
enable users to view, edit, store, and share their cloud files and backups.
Figure 7:
Mobile app interface
14
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Capabilities
File Access
CTERA mobile users can access the cloud file system, including (1) files
synchronized from their other devices, (2) files shared by other
users/groups, and (3) files from other devices backed up to the Portal.
Those files can be viewed, edited, and deleted. They can also be downloaded
to the mobile device for offline access. New files can be uploaded to the
cloud file system from the mobile app.
File Sharing
Users can share files or folders by creating links in the Mobile app that have
expiration dates
Remote Wipe
In the event of a lost or exposed device, the administrator can force a device
running CTERA Mobile to log out and to erase all locally synced files. In
addition, the wiped device’s key is invalidated.
Outlook Plugin
The CTERA Agent plug-in for Microsoft Outlook enables users to send email
attachments as public links to files on the cloud file system. The plug-in
syncs attached files to the cloud file system via the local CTERA agent and
inserts public links to the files into the email body.
15
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Figure 8: Outlook plug-in interface
16
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Server Agents
Figure 10: Configuration options for on-prem and cloud
server backup through Server Agents
1. On-Prem Backup
Lan-Speed
WAN Sync to Backup & Restore
On-Prem
2. Backup to Cloud
3. In-Cloud 4. Cross-Cloud
Backup Backup
Capability Summaries
Application Backup and Restore
CTERA makes application-consistent backups of many enterprise
applications. MS SQL, for example, does not need to perform a dump in
order to be backed-up.
17
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Bare Metal Restore / Disk Image Backup
The CTERA agent can store a server’s entire disk image as a backup in the
industry-standard VHD file format. And subsequent backups are smaller and
faster because they only need to transfer changed files (“incremental”). The
full system image can be restored to another server without having to first
install the operating system or applications. It is even possible to restore the
system to dissimilar hardware.
The same properties that enable cloud-friendly backup also make CTERA
appropriate for on-prem data protection that spans numerous global
locations.
A single dashboard and set of tools unify backup processes and policies
across the on-prem and cloud environments, making it easy to manage any
scale of hybrid data protection.
18
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Retention and Tiering Settings
Administrators enjoy the ability to easily define retention periods on the
CTERA Gateway and in the CTERA Portal. You can store snapshots at the
edge dependent on your recovery objectives and retain snapshots for longer
periods in the cloud.
Backup Templates
Agents can be automatically deployed to servers via Active Directory, with
templates defining the specific settings for any given machine. Criteria
include: agent operating environments, machine names, applications, and
the region any server is running. CTERA Backup Templates define: storage
destination, backup window schedules, and if any specific backup process
should be throttled.
19
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Cloud Storage Gateways
Figure 12: CTERA Cloud Storage Gateways
Office
/Projects
CTERA Cloud
Storage Gateway
Backups
Office
/MyDocuments
/Projects
SMB & NFS
CTERA Cloud
Storage Gateway CTERA Portal
Backups
Endpoint Sync
/MyDocuments
Mobile Devices
& PCs
20
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
CTERA Cloud Storage Gateways are appliances that provide NAS, file
sharing, and backup services, while also synchronizing the files and
snapshots to the CTERA Portal in the cloud. With this hybrid cloud
approach, organizations can retain existing NAS-based business processes,
while gaining modern file sharing and cloud integration for a longer-term
evolution.
Physical Appliances
The CTERA Gateways come in a variety of models, ranging from 2TB to 64
TB raw capacity, RAID 0/1/5/6, and supporting from 50 to 1000 concurrent
users. The form factors vary by model including a short tower, and 1U and 2U
rack-mount servers.
Virtual Appliances
The gateways are also available as a virtual appliance, where the capabilities
are dependent on the selected hardware.
Capability Summaries
Cloud File System via NAS
Folders and files that are part of the CTERA cloud file system can be
accessed via the gateway using NAS protocols (CIFS/SMB, NFS, AFP, and
more). The administrator selects which parts of the cloud file system should
be accessible, and a local copy is synchronized to the CTERA Gateway. The
gateway provides local high-speed access to the files, and changes are
synchronized between the cloud file system and the gateway copy. The
gateway provides enterprise Windows NT ACLs full emulation, as well as
quota support.
21
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Backup Services
CTERA Agents can use a CTERA Gateway as the backup destination, which
can be faster than backing up over a WAN or the internet.
Files, applications, and disk-images can be restored from the local CTERA
Gateway to maximize performance.
The backup data can also be transferred to the cloud and retention policies
set how long the backups are kept on the gateway and in the cloud, as seen
in Figure 11.
22
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Failure Scenarios
Back-End Connectivity Failure
The CTERA gateway can be immune to connection issues with the back-end
cloud. In the CTERA gateway the primary file system can be stored in whole
at the gateway. If conflicting changes are made in the cloud file system while
gateway is offline, CTERA uses a conflict resolution approach to resolve.
/MyDocuments
/Projects
SMB & NFS CTERA Cloud CTERA Portal
Storage Gateway
Gateway Failure
End users still have access to their files even if a CTERA Gateway becomes
inaccessible. The files can still be accessed by mounting a secure, remote
connection to a virtual gateway in the cloud or to the CTERA Portal. The files
are also available via a web browser to the portal.
Cloud Mount
/MyDocuments
/Projects
SMB & NFS CTERA Cloud CTERA Portal
Storage Gateway
23
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Gateway Models
Local Appliance
Up to 8TB Up to 16TB Up to 32TB Up to 32TB Up to 64TB
Capacity
Included Server
1 2 2 2 0
Backup Agents
24
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
CTERA Platform Architecture
Clients
Global Admin
Application, Intelligence, Configuration, Management
Provisioning
Tenant
/Team Admin File Sync & Share Backup Networked Storage VDI Storage
Optimization
Billing
/ Chargeback
Storage Infrastructure
On-Prem or Virtual Private Cloud
25
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Portal
The CTERA Portal provides the intelligence, configuration, and management
interface to the CTERA platform. It also acts as middleware between the
front-end Agents and Gateways, the back-end cloud storage, and integration
with other systems.
Capability Summaries
Centralized Management and Policies
Administrators have role-based authority and use the CTERA Portal to
control most aspects of the CTERA platform. Agents and gateways can be
remotely monitored and managed. Administrators provision services and
agents, and also set global and local policies for backup retention, storage
quotas, and file versioning. Custom alerts and reports keep administrators
informed. The firmware/software of gateways and agents can be upgraded
through the Portal
26
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Controlling File Visibility and Sharing
Administrators can set a “collaboration firewall” that defines external file
sharing policies based on user profiles and groups. Shared files can even be
locked down with watermarks and preview-only settings. Upload policies
prevent unwanted files from entering the system.
27
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Web Interface to Cloud File System
The Portal provides internal users and external sharees a web interface to
access the cloud file system, including preview, edit, search, versioning, and
search.
Software-as-a-Private-Service
The CTERA platform is designed to run 100% within your network as a
completely automated, multi-tenant service. All components are either
deployed on-prem or in your virtual private cloud. Using CTERA’s rich
RESTful APIs, administrators can drive monitoring, billing, security, and
operational efficiencies. A delegated administration model enables tenant
admins to provision and manage their own environments, while CTERA
isolates each tenant’s security and data.
Authentication
Users can authenticate via directory services like Active Directory or
single-sign-on (SSO) through SAML 2.0 or Kerberos. CTERA offers 2-factor
authentication, and performs mutual authentication with client-side
certificate support including smartcards (like CAC & PIV). The AD/LDAP
roles and groups control access to data and administrator privileges.
28
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Security Features
(Please read the CTERA security whitepaper for security details across the
entire system.)
Security events such as user access and failed logins are monitored and
logged, and all user activities are in the audit trail. Integration with SIEM
systems via Syslog provides 3rd party audit trail retention and reporting.
Antivirus tools can connect with CTERA to keep the cloud file system clean.
AWS CloudFormation
CTERA Portal can be rapidly deployed using AWS CloudFormation and a
prepared or customized JSON template.
Rebranding
The Portal interface, Gateway interface, and Agent interface can all be fully
customized.
Failure Scenario
The portal includes a stateless application and metadata database
persistence layer. The database offers continuous replication which should
be used for disaster recovery/business continuity and backup purposes. A
new Portal service can be spun up and attached to the database to fully
resume service rapidly.
29
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
CTTP Protocol
Figure 20: CTTP Protocol Flow Diagram
Two-Factor Authentication,
Kerberos, SSO
Whole File
Fingerprint
Cleartext Chunk
Fingerprint
Encrypted Chunk
Anti-Corruption Checksum
TLS Hash
AES
Encryption
TLS
Encryption
File on Host Broken into Unique Chunk Transmitted Received Processed Stored
Chunks (Compressed)
30
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Protocol Flow (Edge to Portal)
1 Authentication
Devices, apps, and agents authenticate to the portal with a signed
2048-bit X.509 security certificate. Mutual authentication with client
certificate via OCSP is also possible.
2 Deduplication
The file is broken into chunks of variable size. The chunks are hashed
and compared with the existing list of hashes in the Portal (i.e. stored
chunks), and identifies globally unique chunks. Only the globally
unique chunks will eventually be transferred to the cloud. (The gateway
deduplicates endpoint disk-level backup prior to sending to the
Portal.)
3 Source-Based Encryption
The unique chunks are AES-256 encrypted using the appropriate
encryption key, or using a generated key that is encrypted using a
passphrase-based key.
4 Compression
Once the chunks are encrypted, they are compressed via snappy or gzip.
5 Fingerprinting
To prevent tampering with files in transit, a “fingerprint” is generated
for each file, each cleartext chunk, and each encrypted chunk. The
fingerprint is checked when each encrypted chunk is received prior to
any further processing of the chunk. The cleartext chunk and file
fingerprints are compared when the file is read.
31
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
6 Encrypted Transfer
The encrypted, compressed, unique chunks are then transferred using
TLS (previously SSL) over TCP. So the encrypted blocks are encrypted
again while they are in-flight. The TLS encryption is removed when the
chunk lands at the destination, but the source-based AES-256
encryption remains around the chunk.
This approach is different from encryption ‘at rest’ plus encryption ‘in
flight’. By encrypting at the source and not decrypting it even in
storage, there are no points at which the clear text is exposed.
7 Storage
The encrypted, compressed, unique chunks are received by the Portal
and placed in a storage node. The portal metadata storage containing
the keys may be hosted separately from the data cloud storage. The
separation of repositories allows CTERA to store a small amount of
sensitive data (e.g. encryption keys) in a fully secured site, while
managing large amounts of encrypted file data in a less secure site
(e.g. public cloud).
Loss of Connectivity
The protocol assumes that connectivity between the sources and
desitnation may be lost. So data transfers pick up where they left off in the
event of a disconnection.
32
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Improving Organizational Productivity
at Santander Bank
Santander, one of the largest banks in the world, approached CTERA seeking
to provide employees with fast and reliable file synchronization and sharing
capabilities from any device and from any location (roaming or local to an
office), while ensuring the highest possible security and data protection and
availability to tens of thousands of employees. To meet security
requirements, the solution had to be fully scalable and deployed inside
internal Data Centers, with high levels of data protection (user access
control, encryption, multi-user encryption keys, data redundancy, file
versioning, and more), as well as optimization for bandwidth and storage
efficiency (deduplication, compression and incremental data transmission).
The solution needed to provide dramatic reduction in TCO vs. existing file
services solutions, and would need to be hardware-agnostic. The solution
needed to feature full auditability, with advanced security and user access
controls, and the total project also had to provide data protection services to
thousands of company laptops and desktops.
CTERA EFSS provides a secure and storage-agnostic solution for file sync
that was deployed as a fully private solution from their datacenters using
cost-effective object storage. This internally delivered service provides
end-users the ability to synchronize files and folders across all devices and in
remote offices and collaborate on demand with CTERA’s file sharing and
team collaboration tools. CTERA’s integrated endpoint backup solution was
deployed to provide globally de-duplicated file-level and disk-level data
protection across workstations and laptops for the same 60,000 users.
In the end, the customer received a secure, private, and comprehensive
solution that provided the right mix of user service choice with IT control.
The CTERA platform seamlessly integrates with the existing datacenter
storage infrastructure, as well as domain services to easily authenticate via
AD servers and large AD forests. CTERA’s white-labeling capability also
allowed them to deliver a privately-branded, fully functional EFSS to
reinforce the solution as the only IT-sanctioned file sharing and sync service
end users were to use.
33
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
With endpoint data protection for employee workstations and laptops, all
files and backup data are compressed and de-duplicated at the source for
WAN and storage optimization and then securely encrypted before being
synced to the software-defined storage environment.
In the end, the customer transformed into a more agile and lean
IT-as-a-service delivery organization that has lowered infrastructure and
service delivery costs while also enhancing insight into user file access to
provide unprecedented levels of control across a large and global
organization
Summary
Leading global banking group company selects the CTERA Enterprise File
Services Platform to enhance user productivity and IT control.
The deployment provides secure enterprise file sync and share services and
endpoint backup to 60,000 employees in multiple continents.
34
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Modernizing Data Infrastructure at TopGolf
TopGolf is one of the fastest growing private companies in the United States,
but was experiencing a number of issues due to hypergrowth: working with
more than 40 IT vendors led to high storage costs, overloaded
administrators, and deviation from a cloud strategy; network bandwidth
issues due to using various public cloud file sharing services (plus security
and privacy concerns of SaaS file sharing); and not being able to quickly or
efficiently resolve data loss should a user’s laptop or workstation need to
recover data.
They identified CTERA as a single platform that could help fulfill its data
infrastructure modernization initiatives. Using the CTERA Enterprise File
Services Platform to deploy an internal service they are revamping their file
services and data protection agenda. Deployed as a platform on AWS and
powered by CTERA, the internal service is a fully unified solution that allows
users to sync, share, and protect files across endpoints, office gateways, and
the cloud. It includes CTERA cloud storage gateways that act as local file
servers at offices, EFSS gateways that replace public file sharing, and
endpoint data protection with user-enabled backup and restore.
ile sharing security issues were also eliminated. Deployed fully behind their
firewall in the AWS VPC, the internal service disallows any exposure of data,
metadata, security and identity management to any third-party provider.
Both CTERA EFSS and Endpoint Backup are optimized for highly efficient
35
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
and secure transmission of data across the network, with source-to-storage
AES 256-bit data encryption.
The customer also benefits from simple, secure, and user-enabled data
protection tools for direct-to-cloud backup (roaming users) or hybrid
backup models (for office users via the cloud storage gateway).
Summary
Rapidly-growing company faces too many vendors, clogged networks,
inefficient endpoint restoration, and concerns about SaaS security.
Consolidates multiple IT systems with a fully unified file sharing and data
protection platform.
Empowers users with secure and accelerated file access and collaboration
while reducing TCO by eliminating escalating network and data
infrastructure costs.
36
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
IT-as-a-Service Transformation
at a Global 30 Insurer
One of the world’s leading insurance and asset management firms devotes
significant resources to the modernization of application, service, and
infrastructure delivery throughout the organization. To support this agenda,
the IT department embarked on a major CloudOps (cloud operations)
initiative that would transform the organization into an internal cloud
services provider that leverages both on-premises and public cloud
computing resources.
The company’s search for a scalable and automated hybrid cloud data
protection solution led to CTERA’s Enterprise File Services Platform. The
CTERA-powered service allows any user in any location to activate or
deactivate a backup option for his application via a service catalog.
Provisioning new applications from the company’s IT service catalog
provides cost-effective safeguards against the accidental deletion or loss of
business-critical data. The solution protects applications spanning three
independent cloud platforms (Amazon Web Services, Microsoft Azure and
OpenStack) that the IT organization has integrated into a single cloud fabric.
The organization chose CTERA based on several key factors:
37
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
• WAN-optimized backup agents to backup/restore any cloud to any cloud
while leveraging global deduplication, incremental-always backup
methods and WAN compression.
Summary
F100 launches internal Backup-as-a-Service powered by CTERA to support
CloudOps initiative.
Solution spans multiple clouds and platforms integrated into a single cloud
fabric.
Company selects CTERA after traditional enterprise tools could not meet
requirements for agility, multi-tenancy, and scalability.
38
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Total Cost of Ownership
Comparison Viewpoint
No other vendor provides a fully-featured, unified platform that integrates
legacy file services, modern file sharing, and endpoint backup. Vendors in at
least two categories (NAS, Backup, EFSS) are needed to match the breadth
of CTERA’s fundamental capabilities. So organizations can increase their
savings by utilizing all of CTERA’s purposes: the deduplication ratio
increases, the administrative overhead decreases, and end user productivity
increases. Whereas using multiple vendors to achieve similar functionality
results in duplicate storage silos, multiple administrative interfaces,
incongruent policies, more vendors to manage, and lower organizational
productivity. Furthermore, with CTERA you only pay for the infrastructure
that you use, versus paying profit margin for a SaaS vendor’s infrastructure.
Customer Scenario
In this scenario, the organization wants a globally-distributed system (80
TB) to store, share, synchronize, and backup files across two large (20TB),
five medium (6TB), and ten small (1TB) offices. 550 desktops and 28 servers
are backed-up, and 550 users are performing file sharing.
TCO Calculations
Figure 21: TCO calculations of CTERA and comparable solution
Backup $0 $76,878
39
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Figure 22: TCO Graph of CTERA versus a comparable solution
$600,000
$500,000
$400,000
$300,000
$200,000
$100,000
$0
CTERA NAS + Backup + Multi-Vendor NAS +
EFSS Backup + EFSS
The table shows total 3-year list prices for a solution from CTERA and a
multi-vendor solution from representative vendors.
40
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
Security
Created by security experts, the CTERA platform was designed to fully
protect data from attacks or unauthorized access, with security
considerations applied to every function of the CTERA platform. This section
provides highlights of the security capabilities, and for a deeper explanation
of the platform’s security please review the CTERA Platform Security
Architecture Whitepaper.
Private Platform
CTERA can be deployed on-premises or in a virtual private cloud (VPC) to
keep your data within your network and 100% behind your firewall. Unlike
some other “private” file sharing vendors, no external communications are
necessary and no components are positioned outside of your firewall.
All network transfers use Transport Level Security (TLS) protocol, preventing
unauthorized interception of data. This wraps an additional layer of
encryption around the chunks for transport. Multiple fingerprints of files and
blocks ensures data integrity as they travel between locations, preventing
man-in-the-middle attacks and transfer errors.
Key Management
CTERA let you create and manage your own encryption keys or use personal
passphrases per user. The keys are stored in a secured database which can
be behind your firewall. CTERA allows administrators to configure the
41
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
granularity of encryption key usage: selecting a separate key per folder, per
user or per users group. Each tenant has its own set of encryption keys,
which limits damage in the event of a compromised key or tenant. Some
competitors create and/or manage the keys, which enables them to access
your data and is a vulnerable point.
Authentication
Prior to authentication, clients must be enrolled with the Portal to avoid
unexpected clients and then users authenticate their credentials to the
Portal. Administrators can choose to manage users’ credentials locally within
the Portal, integrate with existing directory services, SSO, SAML 2.0, or other
identity management services. This provides seamless user authentication
and avoids duplicate credentials. When managing users’ credentials locally,
the Portal keeps the one-way hashed passwords in the main database.
Administrators can enforce password policies, such as minimal length,
character use, and renewal cycle.
CTERA enables email and SMS-based two-factor authentication via for login
and file sharing (even for external access) to ensure only intended parties
can access files. For environments with increased security requirements,
CTERA can use client certificates that present an X.509 certificate (like a
Common Access Card - CAC).
42
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved
of data that can be synchronized or uploaded to the cloud, based on the file
size, name or extension
Multitenancy
The CTERA Portal has built-in multi-tenancy support so that different
groups of users can be assigned to entirely separate logical instances of the
Portal. This enables the system to service multiple customers on a common
cloud, which is particularly useful for managed service providers or IT
centrally serving multiple business units or isolating security for geographic
regions.
Antivirus Integration
CTERA integrates with antivirus vendors through the ICAP protocol for file
scanning, in order to ensure data protection. Files are scanned for malware
automatically and transparently, before they are downloaded from the Portal
for the first time.
43
www.ctera.com info@ctera.com USA: (917) 768-7193 Intl: +972-3-679-9000 © 2018 CTERA Networks Ltd. All Rights Reserved