8.1 Planning Net Folder Creation

8.1.1 Understanding Known Issues

Before you begin planning for and setting up Net Folders, ensure that you are aware of any known issues. For more information, see Net Folder Issues in the Novell Filr Readme.

8.1.2 Planning the SharePoint 2013 Integration

NOTE:SharePoint integration with Filr is available only when you purchase an enhanced Filr license.

Filr 1.2 allows you to configure Net Folders in Filr to access files in regular document libraries on a SharePoint 2013 server. When a user uploads a file to a SharePoint-configured Filr Net Folder, that file is made available on the SharePoint server as well as to any user or group who has access to the Net Folder in Filr.

Understanding How Filr Handles Checked Out Documents

SharePoint 2013 contains the following configuration option: Require documents to be checked out before they can be edited. When enabled, this option causes files that are uploaded to SharePoint to be uploaded in the Checked Out state, making them visible only to the person who uploaded the files. This is true regardless of the application that is used to upload (such as SharePoint web portal or One Drive).

This is also true for Filr, however, to ensure that files uploaded to the SharePoint 2013 server via a SharePoint-configured Filr Net Folder are available to all Filr users with appropriate rights to the Net Folder (through synchronization to Filr via the Filr Net Folder Server Proxy User), Filr behaves differently depending on whether the Require documents to be checked out before they can be edited option is enabled on the SharePoint 2013 server.

  • If Enabled: Filr automatically checks in a minor version of the file so that the file can be seen by the Net Folder Server Proxy User, and therefore is available to Filr users with rights to the Net Folder.

  • If Disabled: The uploaded file is immediately visible to all users who have rights to the Net Folder.

User Access Synchronization Considerations

When synchronizing user access rights information from SharePoint to Filr, consider the following:

  • User access rights to files and folders within SharePoint are synchronized to Filr only for users who exist in Active Directory. Access rights for users who exist only locally on the SharePoint site are not synchronized to Filr.

  • SharePoint personal sites are not currently displayed as user Home folders in Filr.

Granting Access to a Specific Folder That Has Been Shared via SharePoint

In SharePoint, if a folder has been shared with a specific group and that group does not have access to the parent directory, you must create a separate Net Folder with a relative path to the shared folder and give the group access.

If you create a Net Folder at a higher level, the group cannot access the sub-folder to which they have access because, as dictated by the SharePoint architecture, they are not able to view the parent folder.

For example, suppose Group A has access rights in SharePoint to the following folder: http://sharepoint_site/sites/marketing/productx. Group A does not have access rights to the marketing folder, only to the productx folder. In order for Group A to have access to the productx folder in Filr:

  1. Create a Net Folder Server (as described in Section 8.3.1, Configuring Net Folder Servers) with the following server path:

    http://sharepoint_site/sites/marketing

  2. Create a Net Folder (as described in Section 8.4.1, Creating Net Folders) with the following relative path:

    productx

  3. (Optional) You might also create another Net Folder to the marketing folder, and assign the appropriate set of users access to that folder. (These users would need to have access to this folder in SharePoint.)

Configuring Access and Sharing Rights

The conditions for how access rights transfer from the SharePoint site to Filr are the same as those for other types of file systems. For more information, see Understanding Access Rights for Net Folders.

Sharing rights are mapped from the SharePoint site to the Filr system. Filr allows users to grant Viewer, Editor, or Contributor access to the file, depending on their rights on the SharePoint site. For information about the SharePoint rights that map to these roles, Understanding Sharing Rights for Net Folders.

Consider the following regarding sharing:

Understanding How Shared Access from SharePoint Transfers to Filr

If an item has been shared with a user via SharePoint, that user has access to the item within Filr within the Net Folder where the file is located. Files that are shared within SharePoint are not displayed in the Filr Shared with Me area.

SharePoint users who access SharePoint directly are able to exercise their permissions on the folder where the premissions are granted, as well as on the folder’s contents.

Understanding How Enabling the Ability to Re-Share within Filr Can Affect SharePoint

Filr allows you to grant users with the ability to re-share items with other users who do not have access (as described in Section 6.3.3, Enabling Sharing for the Entire Site).

When re-sharing is enabled, users can share a file or folder and give the users they are sharing with the ability to re-share the file or folder.

IMPORTANT:Because SharePoint does not have this same capability, carefully consider whether you want to allow users to re-share items, because doing so could grant users access to items that they otherwise wouldn’t have within SharePoint.

Configuring SSL between the SharePoint Server and Filr

If your SharePoint server is configured with SSL, you might need to export the SSL certificate from SharePoint and import it into Filr in order for the Net Folder Server to function properly.

After you have exported the SSL certificate and keypair from the SharePoint site, you need to import them into Filr (the certificate and key pair should be in .P12 key pair format):

  1. Go to the Digital Certificates page by clicking Digital Certificates from the Novell Appliance.

  2. Click File > Import > Trusted Certificate. Browse to and select your existing certificate, then click OK.

  3. Continue with Section 31.1.3, Activating the Certificate.

8.1.3 Planning the Net Folder Server Proxy User

It is important that you understand the purpose, rights requirements, expected user name format, and character restrictions associated with the Net Folder Server proxy user before you configure a Net Folder Server.

Purpose of the Net Folder Server Proxy User

The Net Folder Server proxy user is used to read, write, create, and delete files on your corporate OES, NetWare, Windows, or SharePoint 2013 file servers on behalf of users who do not have native rights to the files, but have been granted rights via a Share in Filr.

For example, User A has native Read and Write access to a file on an OES server, and User B does not have any native access to that file. User A shares the file with User B in Filr and grants User B Read access. User B can now view the file within Filr because the Net Folder Server proxy user is giving User B the ability to read it, because of the Share. If User B tries to access the same file directly from the OES server, he does not have sufficient rights.

Users with native rights to files do not use the Net Folder Server proxy user.

The Net Folder Server proxy user is not the same as the LDAP proxy user used to synchronize users and groups (as described in Base DN:).

Rights Requirements for the Proxy User

The Net Folder Server proxy user that you specify here synchronizes volume objects and file objects. Ensure that this proxy user has rights to access the files and folders for the Net Folder that will be associated to the Net Folder server. Specifically, the Net Folder Server proxy user should have the rights shown in the following graphic:

Figure 8-1 Proxy User Rights Summary

Expected Name Format for File Servers

The expected format for the name of the Net Folder Server proxy user differs depending on whether the proxy user is accessing an OES, NetWare, Windows, or SharePoint 2013 file server. Only the following syntax is supported:

OES/NetWare: cn=admin,o=context

Windows: Administrator or cn=Administrator,cn=users,dc=domain,dc=com, domain\user, user@domain

SharePoint 2013: filrad\administrator

To ensure that the Net Folder Server proxy user name is formatted correctly, use the Browse icon next to the Proxy field to browse the LDAP directory for the proxy user that you want to use.

IMPORTANT:When using Distributed File System (DFS) namespaces, the proxy user name format must be domain\user. For example, acme\administrator.

Special Character Restrictions in Proxy Names

Proxy names that contain special characters and/or spaces are not supported. For example, adminuser is supported, but @dm!n and admin user are not. Other special characters that are not supported in the proxy name are / \ [ ] : | = , + * ? < > @ ".

8.1.4 Planning Access and Sharing for Net Folders

It is important that you understand what to expect when configuring access rights for Net Folders. Furthermore, the access rights that you define on a Net Folder affect how items can be accessed by users who receive shares to items in the Net Folder.

Understanding Access Rights for Net Folders

When you configure a Net Folder, users who already have rights to files and folders on the file system rights (or on the file repository in the case of SharePoint) are granted the same rights in Filr only when all of the following conditions are met:

After you assign users access to the Net Folder, they then have a Net Folder role that is derived from the access rights that they currently have on the file system.

If you assign users access rights within the Net Folder and those users do not already have file system rights, they are not able to see files and folders within the Net Folder.

Understanding Sharing Rights for Net Folders

Users Must Have File System Rights to Share from Filr

Users who share files from a Net Folder can grant Viewer, Editor, or Contributor access to the file, depending on their rights in the file system. For users to grant these rights to another user, they must have the minimum rights that those roles require, as outlined in the following tables:

Table 8-1 NSS File System Rights Required for Net Folder Roles

Role and Minimum NSS Rights Required

Comments

To view files through Filr, eDirectory users must have both Read and File Scan file system trustee rights on the target file or folder.

To modify file content through Filr, eDirectory users must have the Write file system trustee right included with Read and File Scan.

To perform contributor functions, eDirectory users must either have

  • All file system trustee rights to the file or folder (except for Access Control)

    Or

  • The Supervisor right to the file or folder

The presence or absence of Access Control has no meaning in Filr because Filr cannot modify file system trustee rights. A Filr user with the Access Control right on the file system cannot grant file system access to another user through Filr.

It is true that Filr users with sufficient Filr permissions can share access to files and folders with other users, but this is a Filr function that leverages the file system rights of Net Folder proxy users. Access to shared files and folders is independent of any file system rights that individual users have or do not have.

Table 8-2 NTFS Permissions Required for Net Folder Roles

Role and Minimum NTFS Permissions Required

Comments

To view files and folders through Filr, Active Directory users must have Read, Read & Execute, and List Folder Content basic permissions on the target folder.

The default special permissions associated with these basic permissions are also required.

To modify file content through Filr, Active Directory users must have the basic Write permission in addition to Read, Read & Execute, and List Folder Content basic permissions on the target folder.

The default special permissions associated with these basic permissions are also required.

To perform contributor functions, users must either have

  • The basic Full Control permission

    Or

  • The basic Modify permission included with the privileges required for the Editor role (Write, Read, Read & Execute, and List Folder Content)

    IMPORTANT:The default special permissions associated with these basic permissions are also required as illustrated.

Table 8-3 SharePoint Permissions Required for Net Folder Roles

Role and Minimum SharePoint Permissions Required

Comments

To view files and folders in SharePoint document libraries, SharePoint users must have the Browse Directories, Browse User Information, Use Remote Interfaces*, and View Items permissions in the document libraries.

To modify file content, SharePoint users must have the Edit permission in addition to the permissions required for the Viewer role.

To perform contributor functions, users must have the Add Items and Delete Items permissions in addition to all of the permissions required for the Viewer and Editor roles.

Users Do Not Need File System Rights to Receive a Share

Users who receive a share for a file on a Net Folder might or might not have file system rights to the shared file. Whether they have file system rights to the shared file affects how they can access the file in Filr. Users who do not have file system rights to a shared file can gain access to the file via the Net Folder Server proxy user. (For more information about the Net Folder proxy user, see Section 8.1.3, Planning the Net Folder Server Proxy User.)

Users can access shared items through the following methods from any of the Filr clients (web, desktop, or mobile), depending on their file system access rights:

  • From the Net Folders area (by navigating to the file): Only users who have file system rights to the shared item and who have been granted access to the Net Folder in Filr. (Users are granted access to a file either through a share or from being granted access by the Filr administrator.)

  • In the Shared with Me area: All users who receive a share.

8.1.5 Planning the Synchronization Method

When you synchronize files in Net Folders, only file metadata is synchronized. Whether the content of files is brought into Filr is determined by the index settings that you choose when creating a Net Folder, as described in Section 8.4, Creating and Managing Net Folders. Files must be synchronized before they can be indexed.

When you configure Net Folders, you have the option to use one or both of the available synchronization methods (Full synchronization or Just-in-Time synchronization). Depending on the nature of your data, it might make sense to use full synchronization on some of your Net Folders and to use Just-in-Time synchronization on other Net Folders. You might want to use a combination of both methods of synchronization for other Net Folders.

Full synchronization: Synchronizes all files from a given Net Folder either at a schedule that you specify or from a manual action. All files are examined for changes, and any changes are then synchronized.

This type of synchronization ensures that all files are synchronized; however, it is more time-consuming and resource-intensive than Just-in-Time synchronization.

For information about the time required to perform a full synchronization on a Net Folder, see Section 8.1.8, Planning the Amount of Data to Synchronize.

Just-in-Time synchronization: Synchronizes individual files at the time users access the files. Only files that are accessed are synchronized.

Just-in-Time synchronization is one method that you can use to synchronize files from Net Folders to be accessed in Filr. When you enable Just-in-Time synchronization, files are synchronized the moment users access them via the Filr Web application or via the Filr mobile app. This means that data users access through Filr is more accurate and that processes to make the data available are less resource-intensive. However, this also means that files cannot be indexed (and therefore are not returned in searches and are not available to be synchronized via the Filr desktop application) until after users access them for the first time from the Filr Web application or from the mobile app. (For more information, see Searchability of Data.)

Just-in-Time synchronization provides two key benefits:

  • Allows you to make files available to your users without needing to wait for all files within a given Net Folder to synchronize. Only those files that users want access to are synchronized. A file is synchronized to Filr at the time the user accesses the file within Filr.

  • Users do not have to wait for files to synchronize based on the Net Folder synchronization schedule (which by default is every 15 minutes). If one user edits a file and saves it, another user who views the file only a few seconds later will see the recent change.

For more detailed information about Just-in-Time synchronization, as well as how to enable it, see Section 8.6, Enabling Just-in-Time Synchronization.

When you plan the type of synchronization method to use for a given Net Folder, consider the nature of the content you plan to synchronize and how you plan to use it after it is synchronized. Table 8-4 and the sections that follow describe which synchronization method is most suitable for certain types of content and the way you intend to use that content in Filr.

Table 8-4 Full Sync vs. Just-in-Time Sync

 

Static Content

Dynamic Content

Large Amounts of Data

Searchability of Data

Filr Desktop Application

Full Synchronization

X

 

 

X

X

Just-in-Time Synchronization

 

X

X

 

 

Static versus Dynamic Data

Depending on whether your data never changes (static) or is constantly changing (dynamic) should influence the type of synchronization method that you implement for the Net Folder.

Full synchronization is more suited for static content, while Just-in-Time synchronization is more suited for dynamic content.

For example, a Net Folder that contains static files, such as medical records that are read-only, might be best synchronized to Filr by running one manual synchronization and disabling the scheduled synchronization as well as the Just-in-Time synchronization. The files could then be accessed via Filr without any unnecessary load being placed on the Filr system.

Conversely, a Net Folder that contains dynamic files that users actively collaborate on, such as marketing documents for a company’s current products, might be best synchronized to Filr by enabling Just-in-Time synchronization. Users would then always have the latest information when they access a file.

In some cases, you might want to enable both scheduled synchronization as well as Just-in-Time synchronization. In such cases, consider also the amount of data that is located on the Net Folder.

The Amount of Data

The amount of data on the Net Folder should influence the type of synchronization method that you implement, because of the system resources that are required to perform a scheduled synchronization. If a Net Folder contains a large amount of data, a scheduled synchronization might consume a large amount of system resources more frequently than is necessary.

If you have a large amount of data but still want the data to be searchable, you might consider running one full synchronization so that you can then index the data and then use Just-in-Time synchronization thereafter.

Searchability of Data

Whether you want data to be immediately searchable might influence the type of synchronization method that you implement for the Net Folder, because data cannot be indexed (and therefore is not returned in searches) until after the data is synchronized.

In a full synchronization, the synchronization process begins when you configure the Net Folder. In a Just-in-Time synchronization, the synchronization process begins on a per-file basis only after a user accesses a file for the first time. After a file is accessed for the first time, the file is synchronized and is then indexed.

NOTE:File indexing is disabled by default. You must enable file indexing for a given Net Folder if you want the files in the Net Folder to be searchable. You enable indexing during the creation of the Net Folder Server, as described in Section 8.3, Configuring and Managing Net Folder Servers, or during the creation of individual Net Folders, as described in Section 8.4, Creating and Managing Net Folders.

Usage of the Filr Desktop Application

Just-in-Time synchronization doesn't apply to the 1.2 desktop client. Users can only synchronize Net Folder content to the desktop that has been synchronized with the Filr appliance, either manually, through a scheduled synchronization, or as a result of access through a web browser or mobile client.

If your users are using the Filr desktop application, it is best to run one manual synchronization and/or enable the scheduled synchronization of the Net Folder or Net Folder Server. If you don’t, the Filr desktop application might not download all of the files in the Net Folder.

8.1.6 Planning the Synchronization Schedule

You can configure Net Folders and Net Folder Servers to be synchronized at a schedule that you specify.

Synchronization in this sense means that content is simply mirrored in Filr; it is not transferred from the remote file server for replication on the Filr storage. Only metadata such as the name, path, owner, trustees, and so forth is actually stored in Filr.

Consider the following when planning the synchronization schedule:

  • Synchronizations can be scheduled only if you have configured the Net Folder or Net Folder Server to perform full synchronization as the synchronization method (as described in Section 8.1.5, Planning the Synchronization Method).

  • When a schedule is configured on a Net Folder Server, all Net Folders associated with that Net Folder Server are synchronized on the same schedule. However, if you configure a separate synchronization schedule for an individual Net Folder, this schedule is used for synchronizing the Net Folder, instead of the Net Folder Server synchronization schedule.

  • When setting the synchronization schedule, be aware that the schedule that you choose can greatly affect system performance. Consider the information in Table 8-5, Net Folder Synchronization Example and avoid the following scenarios, which can cause your Filr system to be slow or sluggish:

    • You configure Net Folder synchronization schedules among various Net Folders and Net Folder Servers in such a way so that Filr is constantly synchronizing information.

    • A single synchronization schedule is so frequent that a new synchronization begins as soon as the previous one finishes.

    HINT:If you have a Net Folder or Net Folder Server that contains hundreds of thousands of files, consider doing only one initial Full Synchronization (if you need all of the file content to be indexed and searchable), and using Just-in-Time synchronization as the ongoing synchronization process.

8.1.7 Planning a Clustered Filr System to Support Net Folder Synchronization

Performing a full synchronization on a Net Folder can consume a significant amount of resources on your Filr appliance. If you plan to synchronize thousands of files via Net Folders, you should configure a clustered Filr system that includes multiple Filr appliances.

In a clustered environment, it is a good idea to set aside a single Filr appliance to handle the load of any manual Net Folder synchronizations. (For information about how to perform a manual synchronization on a Net Folder, see Synchronizing a Net Folder.)

For more information about how to configure clustering, see Multi-Server (Clustered) Deployment in the Novell Filr 1.2 Installation and Configuration Guide.

For more information about how to set aside a Filr appliance, see Setting Aside a Filr Appliance for Re-Indexing and Net Folder Synchronization in a Clustered Environment in the Novell Filr 1.2 Installation and Configuration Guide.

8.1.8 Planning the Amount of Data to Synchronize

The time required to perform a full synchronization on a Net Folder varies depending on many factors, including the following:

  • The configuration of your Filr system (Large vs. Small vs. Clustered deployment)

  • The number of active users

  • Whether indexing is enabled (all file content is indexed and searchable, or only file metadata is synchronized)

  • The complexity and depth of the file server’s directory tree and the LDAP directory

  • Whether Just-in-Time synchronization is enabled

  • The database type (MySQL vs. Microsoft SQL)

  • The file server type (OES vs. Windows vs. NetWare vs. SharePoint 2013)

  • The number of CPUs allocated to the Filr appliance

  • The amount of memory allocated to the Filr appliance

Net Folder Synchronization Example

The example in Table 8-5 illustrates the time required to synchronize files from five Net Folders in a large Filr deployment (one Filr appliance, one database appliance, and one search index appliance) with the following environment:

  • No indexing of content

  • No active users on the system

  • No Just-in-Time synchronization

  • 100,000 files were synchronized

  • 750 sub-directories in the file system

  • OES file system

  • MySQL database

Table 8-5 Net Folder Synchronization Example

 

Number of Files Synchronized per Second

Number of Files Synchronized per Minute

Number of Files Synchronized per Hour

Initial Synchronization:

196

11,760

705,600

Ongoing Synchronization:

952

57,120

3,427,200

8.1.9 Planning the Number of Net Folders

Unless only a small number of files exist in a volume or share on a file server, it is unwise to create a single Net Folder at the root of a volume or share. Instead, create multiple Net Folders. With multiple Net Folders created, you can be more flexible with the way you administer the Net Folders, such as the synchronization methods that you use and the rate at which you synchronize data.

For example, you can synchronize the Net Folders to Filr using different synchronization methods, depending on the nature of the data that each Net Folder contains. If the data in one Net Folder is static, you can perform a full synchronization on that Net Folder. You’re then free to perform a Just-in-Time synchronization on a different Net Folder that contains more dynamic data. (For more information about the types of synchronization methods, see Section 8.1.5, Planning the Synchronization Method.)

8.1.10 Planning the Time Zone of the Filr Appliance to Match the Time Zone of any File Servers

The Filr appliance and any file servers that the Filr appliance connects to via a Net Folder should be synchronized to the same time and to the same time zone. You configured the time zone of the Filr appliance during the appliance installation, as described in Installing the Filr Appliance in the Novell Filr 1.2 Installation and Configuration Guide.

If time zones are not synchronized in this way, users might see conflicting creation and modification times for files.