Enterprise File Fabric Appliance Installation Guide version 1906

Introduction

The SME File Fabric platform is shipped as a virtual appliance. Once you have deployed it into your environment you have to follow a few steps to get the product set up and ready for use. This document will walk you through the initial install steps needed to get started.

This document does not cover how to deploy the File Fabric in your virtual environment, only how to configure the software once the virtual appliance is deployed. For production deployments see File Fabric Sizing Guide.

For the Google Cloud Platform see Getting Started on Google Cloud.

For VMWare, vSphere 5.5 or above is required.

Preparation

You need to prepare/collect the following information before you can complete this configuration guide:

  • Provided with trial email
    • Linux smeconfiguser password
    • Linux root user password
    • Appliance appladmin password
    • File Fabric license key
  • Access to request / update DNS names for appliance (recommended)
  • Outbound mail relay information (recommended)
  • Default storage system connectivity details
  • Active Directory service account, for connecting to AD (optional)

Part I - Configure Networking

Out of the box, the SME appliance comes configured for DHCP. For most production environments you will assign a static IP address. You can easily do this with tools provided and installed on the appliance. If you have DHCP with dynamic DNS enabled, you should be able to simply connect to “appliance.yourcompany.tld”. If not, and you do not know the IP address of the appliance, connect over a console session from your hypervisor.

Once the SME appliance is booted and you are ready to start, you need to log in with “smeconfiguser” to the Linux shell and start the configuration server. Before we start the web-based configuration tool, let us update the hostname.

Change the privilege to root user by issuing “su -“. As the root user, edit /etc/hostname with nano or vi.

Update the file with your real hostname..

Then identify the IP addresses, type ifconfig and look for the IPv4 IP address.

Note: If you do not have DHCP enabled on your network, you can run the smenetconf script and quickly assign a static address from the commandline. This must be run as the smeconfiguser.

Leave root privilege and as the smeconfiguser start the configuration server by typing smeconfigserver. You should see a confirmation that the config server is running:

Now open your favorite browser and got to

http://<your_ip>:8080

Here you will be able to configure network details, including domain names, and you can apply a custom certificate for secure HTTPS traffic.

Click “Configuration” to get started.

Give the system a static IP address and enter the same hostname you entered in /etc/hostname.

Then don’t forget to also create an A record in your DNS system for all 3 hostnames on this screen.

Follow the instructions on the webpages for IP Address, Domain name and SSL certificate. And when you are satisfied, follow the prompts to reboot the machine.

You can rerun the smeconfigserver at any time to go back and modify, or correct any information in your setup. i.e. you can go back and place a new certificate here at any time.

Part II - Configure Appliance and create the first organization

You must perform a few steps before you can get started with the system.

After the system is restarted, log into https://<yourhostname>/ with a browser. Use the “appladmin” username. The appliance is a multi-tenant system, so the first thing we need to do is to set up the appliance and the first tenant.

A trial key can be requested from https://www.storagemadeeasy.com/appform/.

Once you save the license, you will see the features available to you.

An SMTP server is used by the appliance to send registration and notification emails to users. It can be configured under Settings > Email & Filebox.

If you do not configure an email server remember not to use email notification when adding users.

Using Gmail for Outbound Email

Below is a sample what the configuration looks like, for an SMTP setup using a Gmail account. You will have to ask your email administrator for your specific details, or sign up for a free Gmail address:

The “Notification Email” address will receive emails from the system warning of license expiration etc. You should enter your email here.

Change Appliance Admin Email

With an SMTP server configured you can change the email of the Appliance Admin. Go to the main menu (Hamburger icon) to Password/Login.

You can also set up Two Factor Authentication (2FA) for the Appliance Admin from this screen.

Under Look & Feel is where you can upload your logos for the login page, and set a site title for the site.

Here you can enable or disable certain functionality or features. The default settings are generally good for the initial deployment, but please go through the options to familiarize yourself with advanced options. Examples are: Enable in browser editor for inline editing of office docuemnts, enable SFTP access, etc.

The File Fabric platform uses templates for organizations, in order for us to create our organization, we need to pick a template, before we do, let’s review.

Click “User Packages” and then click the pencil to modify “Organisation Cloud 20 Users” This is a good template to start from. Scroll down to the “Extra options” section and add “Content Search Enabled” and Dropfolders.

“Crtl-Click to add to the selection”

On the Add a User screen create your Organization admin user. (This will also be your organization.)

  1. User Login: Admin user login and Organization short name
  2. E-mail: Email address of organizational admin, must be unique to the system, do not use your own.
  3. Password:
  4. Name (Company Name): Full organization name.
  5. Package: The template from step 5.
  6. We do not need to split the license between organizations, leave the last field empty.

Click Save.

Part III - Configure the organization

Log out from the Appliance Admin, appladmin user, and log back in as the user you just created.

You will first see the “Add Storage Provider” screen. You have to add storage before you can continue. Select your provider and follow the instructions on the next couple of screens. There are many providers to choose from, but a CIFS share, google drive or S3 bucket are easy examples to get started with. Do not use a storage location with existing production data for the initial trial.

Once you have added your storage, Select Options from Organization Menu:

There are of course a lot of different was to configure your organization based on your specific use case(s). In this example I will set them to what I think are good starting points.

Enable personal clouds by toggling “Private User Clouds”. Enabling this will allow for both a per user home folder (Admin managed) and for users to add a personal drop box, or google drive into the SME file manager.

Here I like to turn on most of the options in order to get a feel for the SME sharing features. See screenshot below.

See screenshot below for how to toggle the options on this page:

You can provide a key here and enable encryption for all data at rest. Note, if you do, you will not be able to access your data from outside of SME.

I enable versioning, it is a nice feature to have in case of conflicts or accidental end user overwrites and deletions.

Leave the defaults here.

Leave the defaults here.

Toggle “Send email notification for file comments:” to “To all members and file commentators”

Options for you to create your organizations specific here

At this stage you either create local users or you tie SME into your corporate directory.

Under Organization, select “Auth systems”

There are a many options to consider and there is the possibility to make the integration with a highly customized AD schema, but for the sake of evaluation the product, we don’t have to make it that complicated. Below I have listed the fields where you have to add site specific information. I will skip the lines you don’t have to configure, so when you follow this list below, make sure to match the names on the screen, as they are not sequential.

  • Auth System: Toggle the dropdown to LDAP
  • Auth System Name: Give it a friendly name
  • LDAP Server host or IP: IP address or hostname of AD controller
  • Base DN: Enter a base OU of your directory to limit searches to certain sub-OUs, or leave it as “DC=domain, DC=tld” for the entire directory
  • Administrator User DN: The service account that can connect and validate AD info, should be an unprivileged service account. On the following format: “CN=LDAP Bind,OU=Service Accounts,DC=sme,DC=com”
  • Administrator User Password: Password of above user.
  • Update user roles/groups on login: Important to check, or user group membership will be managed from SME and not by AD groups
  • Login Field: What AD attribute is the login name, I suggest using sAMAccountName
  • User Name Field: I switch this to displayName, but not mandatory
  • Role Name Field: I prefer to switch this to “name”

    These are the 10 fields you have to fill in to enable AD authentication, now let’s move on to “Test settings” button, and then save your changes. Next step Authorization.

    Roles, in order to simplify management of ACLs for your data, we recommend that you assign permissions on a group – or role – level. Open up the configuration page:

If you set up AD authentication in the above step, leave the two default roles, (“Administrator”, “Member”) and instead go to “Import roles from remote source”.

On the next page, you can select to put in a partial or full name in the “Role:” field, to act as a filter before clicking “Get roles”

I chose to filter on “gs_” and can select all for import.

This process can be done many times until all desired groups are imported.

If you are doing this without AD, simply click Add new role and add the different roles you need to provide adequate segregation for your users.

When the roles are populated, proceed to importing / creating the users:

This page is set up much the same way, select “Import users from a remote source”

The import screen works much like the Roles import screen with one important difference.

As you can see in the Role section to the right we will show you what AD groups the user is a member of, so you can ensure the relevant groups are imported.

Repeat the user import until you have imported your users.

Once again, if you had skipped the AD setup, you can manually create local users. Simply click one of the Add new user buttons. Without confirmation will still give you the option to send the user a welcome email.

Earlier we connected to our default storage, now let’s configure it.

Click File Manager

And navigate into your default storage provider, in my case it is a bucket called “smestoragesme”

Unless this is the name of the root share you want your end users to see, create a new folder inside the root. I created one called FinanceShare and one called EngineeringShare.

Right click the first folder and select Convert to Shared Team Folder

Then repeat for any other folder you have created and want to be a share root. By default, in SME, a shared folder is shared with no one (except the admins) so we have to modify permissions.

Go to the settings page for shared folders:

The default tab should be the Permissions tab:

Go ahead and select the permissions Icon (2)

In the popup windows (below) select the user or group from the dropdown (1), select the permissions (2), and click apply. (3)

When you are done with the permissions, for this share click close. (4)

Your initial setup is complete, now when a member of the Engineering group logs in, he or she will only see the EngineeringShare folder:

While the members of the finance group will see only FinanceShare.

For any questions or comments on this document, please contact support@storagemadeeasy.com