11.4 Managing the iFolder System

This section discuss how to manage the iFolder services for a selected server.

11.4.1 Viewing and Modifying iFolder System Information

In Web Admin Console, System page opens to the System tab to view and modify the following information:

Table 11-1 System Information

Parameter	Description
Name	The name assigned to the iFolder domain. To edit the name of the iFolder domain, enter the new name and click Save. To cancel the changes made, click Cancel.
Description	A short description about the iFolder Domain. To edit the system description, enter the new description and click Save. To cancel the changes made, click Cancel.
SSL Option	Displays the mode of communication between the iFolder Servers, iFolder Client, iFolder Web Access Console, and iFolder Web Admin Console.
Total Users (view only)	Reports the total number of users in the iFolder domain.
Total iFolders (view only)	Reports total number of iFolders that belongs to the iFolder domain.
Full Name Display Order	Enables you to set the order in which a user's full name is displayed. Select the (First Name, Last Name) option to display the first name followed by the last name. Or, to display the last name followed by the first name, select the (Last Name, First Name) option. For the changes to take effect, either a scheduled LDAP sync must take place or you must do a manual LDAP sync. To do a manual LDAP sync: In the Web admin console, click the Servers tab, select the server, then go to the Serverdetails page. In the LDAP Details section, click the Sync Now button.
Manage Group Quota Using	Enables you to define how the aggregate disk quota set for groups is managed. Select the Administrator Console option to enable administrators to explicitly manage the disk quota for groups and members of a group. When you select this option, the disk quota assigned to the users is restricted so that it does not exceed the aggregate disk usage of the group. By default, the Administrator Console option is selected. Select the Sync Engine option to enable the sync engine to manage the aggregate disk quota on groups in the back end. The sync engine ensures that the disk quota for all users in a group does not exceed the aggregate disk quota of the group. Select the Both option to use both the administrator console and the sync engine to manage the aggregate disk quota usage for groups.
Segregated Groups	Enables you to segregate groups into independent entities and ensure that members of one group are not accessible by members of another group for sharing iFolders. Select the Create Segregated Groups check box to enable sharing of iFolders only among the members of the same group.

11.4.2 Viewing Reprovisioning Status

You can move users across different servers. Click Reprovision Status to view the reprovisioning status for each user. You can view the following information:

Table 11-2 Reprovisioning Status

Parameter	Description
Type	indicates a provisioned user. indicates a unprovisioned user.
User Name	The username assigned to the user account, such as jsmith or john.smith@example.com.
Current Home	Shows the Home server assigned to a provisioned user.
New Home	Shows the new server to provision for the user.
Completed	Shows the reprovisioning status as a percentage.
Reprovision State	Shows any of the following reprovisioning states: Initializing Initialized Moving iFolder Resetting Home Finalizing

11.4.3 Configuring iFolder Administrators

This section discusses the following:

Multi-level administration

iFolder enables you to create multi-level administrators to manage your iFolder system. Using this feature you can create primary as well as secondary administrators. A primary administrator is also known as the iFolder admin user unless stated otherwise. The sections given below describe the iFolder admin user or the primary administrator and the secondary administrator.

Understanding the iFolder Admin User

The iFolder Admin user is the primary administrator of the iFolder enterprise server. Whenever iFolders are orphaned, the ownership of the orphaned iFolders is transferred to the iFolder Admin user. The iFolder admin user can then reassign the orphaned iFolders to another user or delete the iFolders.

The iFolder Admin user must be provisioned to enable the iFolder Admin to perform management tasks. iFolder tracks this user by the LDAP object GUID, allowing it to belong to any LDAP context in the tree, even those that are not identified as search contexts. The user’s movement can be tracked anywhere in the tree because it is known by the GUID, not the user DN.

The iFolder Admin right can be assigned to other users so that they can also manage iFolder services for the selected server. Use the System tab of the Web Admin console to add or remove the iFolder Admin right for users. Only users who are in one of the contexts specified in the LDAP Search DN are eligible to be equivalent to the iFolder Admin user.

IMPORTANT:You cannot assign the Admin user right to an LDAP Group

If you assign the iFolder Admin right to other users, those users are governed by the iFolder user list and Search DN relationship. The user is removed from the user list and stripped of the iFolder Admin right if you delete the user, remove the user’s context from the list of Search DNs, or move the user to a context that is not in the Search DNs.

Viewing the Admin User Details

The System page displays the following iFolder Admin details for the iFolder domain.

Table 11-3 Admin User Details

Parameter	Description
Type	Displays the Admin user icon.
User Name	The username assigned to the Admin user account, such as jsmith or john.smith@example.com.
Full Name	The first and last name of the Admin user account.

To view or edit Admin user details, click the Admin user link to open the User Details page. The User Details page displays the iFolders owned or shared by the user. Click the All tab to list all the iFolders, both owned and shared. To view the iFolder owned by the user, click the Owned tab. Shared tab lists all the shared iFolders for this particular user account. You can also change the policy settings for the selected Admin user.

Granting iFolder Admin Right to a User

You add the iFolder Admin right to one user at a time, but you can assign it to multiple users.

Repeat the following process for each user who you want to become an iFolder Admin user:

In the System page, click Add to open a list of iFolder Admin users.
Search for the user you want to grant Admin rights.
Select the User check box next to the user, then click Add.

The username is added in the list of users with the iFolder Admin right. You can assign the iFolder Admin right to multiple users.

Removing the iFolder Admin Right for a User

You can delete the iFolder Admin right from all users in the list except the original iFolder Admin user.

IMPORTANT:You cannot delete the Admin user configured during simias server set-up.

If you delete the iFolder Admin right from the username you used to log in to the server, you are immediately disconnected. You must log in to the iFolder server under a different username with the iFolder Admin right to continue managing the server.

You remove the iFolder Admin right for one user at a time. Repeat the following process for each user who you want to remove as an iFolder Admin user:

In the System page, locate the Admin user you want to delete.
Click Delete to remove iFolder Admin right from the selected user.

Understanding the secondary administrator

A secondary administrator can only be created by a primary administrator. After creating a secondary administrator, the secondary administrator is assigned a group.

NOTE:Multiple groups can be managed by a single secondary administrator and a single group can be managed by multiple secondary administrators.

The secondary administrator can manage the group members based on the policy rights that are assigned to the secondary administrator. These policy rights are set by the primary administrator. The policy rights govern the policies that the secondary administrator can set for the group members. For instance, if the iFolders per user policy is enabled for a secondary administrator, this means that the secondary administrator can set the iFolders per user policy for the group members.

Creating a secondary administrator

To create a secondary administrator, follow the steps given below:

In the System page, click the Secondary Administrator tab and then click Add to display the list of iFolder users.
Select the user that you want to designate as a secondary administrator and click Next.
To assign a group to the secondary administrator, select an option from the Select Group list.
Set the aggregate disk quota for a group by specifying a value in the Set the Aggregate Disk Quota Limit For Entire Group field.

NOTE:If the selected group has the aggregate disk quota limit already set, then Set the Aggregate Disk Quota Limit For Entire Group field is populated with that value. Otherwise, the field will remain empty.

Set the policy rights for the secondary administrator.

The following table lists the policy rights that you can set for the secondary administrator.

Table 11-4 Secondary Administrator Policies

Parameter	Description
iFolder Per User Policy	Specifies the maximum number of iFolders allowed per user. After you apply this policy, each user is limited to owning a certain number of iFolders. The users who exceed the limit receive an error message about the policy violation. If the limit is zero, users cannot create any iFolders. This policy setting does not affect the number of iFolders a user already owns. If the number of iFolders owned by a user already exceeds the limit that you set, the user can still own those iFolders. By default, the Allow check box is selected for the iFolder Per User policy. This means that the secondary administrator has the right to set the iFolder per user policy for the users of the designated group. To deny this right to the secondary administrator, you must deselect the Allow check box.
Disk Quota Policy	Specifies the maximum space that a user is allowed to use. By default, the Allow check box is selected for the disk quota policy. This means that the secondary administrator has the right to set the disk quota policy for users of the designated group. To deny this right to the secondary administrator, you must deselect the Allow check box.
File Size Policy	Specifies the maximum file size that can be synchronized. By default, the Allow check box is selected for the file size policy. This means that the secondary administrator has the right to set the file size policy for users of the designated group. To deny this right to the secondary administrator, you must clear the Allow check box.
Sync Interval Policy	Specifies the minimum synchronization interval in minutes. By default, the Allow check box is selected for the sync interval policy. This means that the secondary administrator has the right to set the sync interval policy for users of the designated group. To deny this right to the secondary administrator, you must deselect the Allow check box.
Excluded File List Policy	Specifies the file types that are restricted from synchronization. By default, the Allow check box is selected for the excluded file list policy. This means that the secondary administrator has the right to set the excluded file list policy for users of the designated group. To deny this right to the secondary administrator, you must deselect the Allow check box.
Sharing	Specifies if iFolders can be shared among users. By default, Allow to modify sharing policy check box is selected for the sharing policy. This implies that the secondary administrator has the right to modify the sharing policy for users of the designated group. To deny this right to the secondary administrator, you must clear the Allow check box.
Encryption Policy	Specifies the encryption policy for the iFolder system. By default, Allow to modify encryption policy check box is selected for the encryption policy. This means that the secondary administrator has the right to modify the encryption policy for users of the designated group. To deny this right to the secondary administrator, you must deselect the Allow check box.
Provisioning Rights	Specifies the provisioning rights available to a secondary administrator. By default, the Allow user provisioning check box is selected. This means that a secondary administrator can provision the users of the designated group to any server present in the iFolder multi server setup. To deny this right to the secondary administrator, deselect the Allow user provisioning check box. By using the Allow enabling/disabling of users check box, you can assign the secondary administrator the right to enable or disable users of the designated group. By default, this check box is selected. To deny the secondary administrator this right, deselect the Allow enabling/disabling of users check box.
Rights on iFolders	Specifies the secondary administrator’s rights on ifolders owned by users of the designated group. To allow the secondary administrator to own orphaned iFolders, ensure that the Allow ownership of orphaned iFolders check box is selected. By default this check box is selected. To deny this right to the secondary administrator, clear the check box. Using the Allow Enabling/Disabling of iFolders check box, you can assign the secondary administrator the right to enable or disable the iFolders owned by users of the designated group. By default, this check box is selected. To deny this right to the secondary administrator, clear the Allow Enabling/Disabling of iFolders check box. Using the Allow to modify rights of shared iFolder members check box, you can assign the secondary administrator the right to modify the rights of shared iFolder members. By default this check box is selected. To deny this right to the secondary administrator, clear the Allow to modify rights of shared iFolder members check box.

Click the Save button to save your settings.
After successfully assigning a group to the secondary administrator, click OK to return to the Systems page or click Repeat to assign more groups to the secondary administrator.

Editing secondary administrator details

To edit the secondary administrator details, follow the steps given below:

Click the Secondary tab to display the secondary administrator details.
Select a secondary administrator and click Edit to display the list of groups monitored by the secondary administrator.
Select a group and click Edit to display the list of secondary administrator's rights on the group. Edit the rights of the group and click Save to save your changes.

Deleting secondary administrator

To delete a secondary administrator, follow the steps given below:

Click the Secondary tab to display the secondary administrator details.
Select a secondary administrator and click Delete to display the list of groups monitored by the secondary administrator.
Select all groups and click Delete. Deleting all groups owned by the secondary administrator also deletes the secondary administrator.

11.4.4 Configuring System Policies

Use the System Policies page to manage system-wide policies.

Viewing the Current System Policies

The following table lists the system policies you can manage for any given iFolder System. Click Save to apply the modifications.

Table 11-5 System Policies

Parameter	Description
No of iFolders per users	Specifies the maximum number of iFolder allowed per user. After Applying this policy, each user is limited to own a certain number of iFolders. The users who exceed their limit receive an error message about the policy violation. If the limit is zero, users cannot create any iFolders. The policy setting does not affect the number of iFolder a user already owns. If the number of iFolders owned by a user already exceeds the limit that you set, he or she can still own those iFolders
Disk Quotas	The total combined administrative size (in MB) of space allocated for use by all iFolder users on this system. The administrative total can exceed the actual physical size of the system disks. Space is assigned as needed; it is not reserved.
File Size	Specifies the maximum file size (in MB) that iFolder system is allowed to synchronize.
Excluded Files	Specifies a list of file types to include or to exclude from synchronization for all iFolders on the system. You can use wildcard characters (such as “”, “?”) with the file types. For example, to block all files with mp3 extension, you need to specify .mp3.
Synchronization	If this option is enabled, specifies the minimum interval (in minutes) for synchronizing iFolder data for the system. Larger values are more restrictive. If the option is disabled, the value is No Limit. The interval timer is reset to the Synchronization Interval value at the end of a synchronization session. When the time elapses, another session is started.
Encryption	Specifies the encryption policy for the iFolder system. System-wide settings supersede user policies.
Sharing	Specifies the sharing policy for the iFolder system. System-wide settings supersede user policies.

Modifying iFolder System Policies

Select the policy, specify values for the policy, then click Save to apply it:

Click Cancel to cancel the changes.

Parameter	Description
No of iFolders per users	Specifies the maximum number of iFolder allowed per user. After Applying this policy, each user is limited to own a certain number of iFolders. The users who exceed their limit receive an error message about the policy violation. If the limit is zero, users cannot create any iFolders. The policy setting does not affect the number of iFolder a user already owns. If the number of iFolders owned by a user already exceeds the limit that you set, he or she can still own those iFolders
Disk Quota	Select the check box to enable a system-wide quota, then specify the total space quota (in MB) for the current iFolder domain. Deselect the check box to disable a system-wide quota. If you enable a system-wide quota that is less than a user’s current total space for iFolder data, the user’s data stops synchronizing until the data is decreased below the limit or until the quota is increased to a value that is larger than the user’s total space consumed. Enabling or modifying the system-wide quota does not affect existing individual user quotas. Any existing user quota always overrides system-wide quota, whether the user quota is lower or higher than the system-wide quota. Default value: 100 MB
File Size	Deselect the check box to disable the Maximum File Size Limit policy. If the policy is disabled, the value is reported as No Limit. Select the check box to enable the Maximum File Size Limit policy, then specify the maximum allowed file size in MB. Consider the following demands on your system to determine an appropriate file size limit for iFolders in your environment: Intended use How often the largest files are modified How the applications that use the largest files actually save changes to the file (whole file or deltas) How frequently the files are synchronized by each member How many users share an iFolder Whether users access iFolder on the local network or across WAN or Internet connections The average and peak available bandwidth Even if you set a very large value as a file size limit and if there is no quota to limit file sizes, the practical limit is governed by the file system on the user’s computer. For example, FAT32 volumes have a maximum file size of 4 GB minus 1 byte. Default value: Disabled, No Limit
Excluded Files	Specify whether to restrict file types that are synchronized by exclusion filters. Type a file extension, then click Add to add it to the list. You can only add or delete file extensions; subsequent editing is not allowed on the entries.
Synchronization	To enable a policy, select the check box, then specify the minimum synchronization interval in minutes. For example, a practical value is 600 seconds (10 minutes). Larger values are more restrictive. To disable the policy, deselect the check box. The value is reported as No Limit. Default value: Disabled The effective minimum synchronization interval is always the largest value of the following settings: The system policy (default of zero), unless there is a user policy set. If a user policy is set, the user policy overrides the system policy, whether the user policy is larger or smaller in value. The local machine policy, or the setting on the client machine synchronizing with the server. The iFolder (collection) policy.
Encryption	Select On to enable the encryption feature for the iFolder system. This permits a user to set an encryption policy for his or her iFolders. Select Enforced to enable the encryption feature for all users. When it is set to Enforced, a user cannot change the encryption settings for his or her iFolders.
Sharing	On: By default, iFolder sharing is enabled. Select On to disable sharing for the iFolder system. After applying this policy, users of this iFolder system cannot share his or her iFolders with others. However, you can change the policy settings at the user level for any selected user. Enforce: You can enforce both enable sharing and disable sharing. When you enforce disable sharing, policy settings for sharing at iFolder and User level are automatically disabled and you are not allowed to change the settings. However, you are allowed to set the policy for Revoke option. Revoke: Select Revoke to remove the shared members of all the iFolders under the iFolder system.