Novell Documentation: iFolder Enterprise Edition

September 4, 2002

Updates were made to the following sections. The changes are explained below.

Using the Novell iFolder Management Console

In-Depth Look at Authentication, Encryption, and Synchronization

Understanding the iFolder Architecture

The following changes were made in this section:

Location	Change
Authentication and Synchronization	Clarified the wording on how to enable and create a User account.

Using the Novell iFolder Management Console

The following changes were made in this section:

Location	Change
Defining Your User Context	Clarified the wording in this section.
Enabling Users to Access iFolder	Clarified the wording in this section.
Setting Global Client Policies	Added the following description of what On, Enforced, and Hidden represent: If a policy is marked On, this means that this policy, by default, is selected or checked in the iFolder client. However, the user still has a choice to keep the default or unselect it. If the policy is marked Enforced, the option will be grayed out in the iFolder client. Thus, users will see it, but they will not be able to change it. If the policy is marked Hidden, the user will not see the option in the iFolder client. For example, if you enforce and hide the option to request encryption of the iFolder data, the data will be encrypted and users will be unaware of the transaction.
Setting Global Client Policies	Added the following paragraph on encryption: The encryption option in this interface refers to the opportunity that a user has to encrypt their data as it travels from the workstation to the iFolder server. If encryption is chosen, the user data is also stored on the iFolder server in its encrypted state; however, the user data is never stored encrypted on the local workstation.
Adding iFolder Servers	Added the following paragraph on encryption: Port 80 is used to send the encrypted username and password and data from the iFolder client to the iFolder server. iFolder uses RSA* encryption to encrypt the username and password, and Blowfish* encryption to encrypt the user data. Port 443 is used to access the iFolder Management Console and the Java applet via SSL and HTTPS.

In-Depth Look at Authentication, Encryption, and Synchronization

The following changes were made in this section:

Location	Changes
Overview	Added more information about the process associated with enabling and creating a User account.
Authentication and Encryption	Added the following information about encryption: The iFolder client talks to the iFolder server over HTTP port 80, which is a clear text, unencrypted port. Thus, the requests that are transferred between the iFolder client and iFolder server are never encrypted; however, the username and password are always encrypted and the data is encrypted only if the user selects the encryption option or if you enforce the encryption option from the iFolder Management Console. iFolder uses RSA* encryption to encrypt the username and password and Blowfish* encryption to encrypt the user data when it travels between the iFolder client and server. If data encryption is chosen, the data is actually encrypted as it travels across the wire to the iFolder server and is stored in its encrypted state on the iFolder server. However, the data is never stored encrypted on the local workstation.
Synchronization	Added a the following clarification on the iFolder ability to synchronize only the delta block changes of a file: There are some applications that rewrite the complete file regardless of how minor the change. Microsoft Word, for example, behaves like this. Thus, if the application that you are using completely rewrites the file, iFolder will recognize it as 100% new content and synchronize the whole file.

Location

Changes

Overview

Added more information about the process associated with enabling and creating a User account.

Authentication and Encryption

Added the following information about encryption:

The iFolder client talks to the iFolder server over HTTP port 80, which is a clear text, unencrypted port. Thus, the requests that are transferred between the iFolder client and iFolder server are never encrypted; however, the username and password are always encrypted and the data is encrypted only if the user selects the encryption option or if you enforce the encryption option from the iFolder Management Console.

iFolder uses RSA* encryption to encrypt the username and password and Blowfish* encryption to encrypt the user data when it travels between the iFolder client and server. If data encryption is chosen, the data is actually encrypted as it travels across the wire to the iFolder server and is stored in its encrypted state on the iFolder server. However, the data is never stored encrypted on the local workstation.

Synchronization

Added a the following clarification on the iFolder ability to synchronize only the delta block changes of a file:

There are some applications that rewrite the complete file regardless of how minor the change. Microsoft Word, for example, behaves like this. Thus, if the application that you are using completely rewrites the file, iFolder will recognize it as 100% new content and synchronize the whole file.