Cluster Administration

If you are the default cluster administrator, after you login, you will be directed to Centerstack Administrator dashboard portal page. If you have the Enterprise option instead of the Service Provider option, the first login may direct you to the default files and folders view.

If you are at the files and folders view of the web portal, you can elevate twice to the cluster manager web portal. First step is to go to the “Management Console”,

_images/image002.png

and after that, click on the “Cluster Management” to go to “Cluster Manager”.

_images/image003.png

Note

This section documents the cluster administration for master administrator.

Cluster Manager Web Portal

Cluster Manger is web based management tool for the whole cluster. It is organized into tabs. These tabs include “Tenants Manager”, “Cluster Admin”, “Cluster Branding” and so on.

Tenant Manager

For the Enterprise Package, the “Tenants Manager” tab will be hidden since it is one-tenant only. For the Service provider Package, the “Tenant Manager” tab is where you can find a list of tenants on the system and where you can manage tenants.

_images/image004.png

Note

the tenant manager URL is at : http://<hostname>/management/TeamsMgrPage.aspx

Cluster Admin

Cluster Admin tab is to change the properties of the default administrator and also to add additional people to be the cluster administrators.

_images/image005.png

Cluster Branding

Cluster Branding is for changing the logo, bitmaps and other branding related information. There are two branding supports. One is self-service built-in branding, which is completely controlled by the “Cluster Branding” settings on the “Cluster Manager”. The other is full-branding service. Both rely on the “Cluster Branding” to change the look-and-feel of the web portal. Built-in branding will work with white-label clients, which upon the first connection to the cluster, will download the branding related information and use the branding related information. As compared to full-branding service, the full branding clients will have artworks, logo bitmaps and related information burned into the client binaries.

1. General

Under the general tab you can specify the name and other settings as specified below.

1.1 Product Name

This is where you will specify what you would like to call the product. This is the name that users will see when they login either in web portal or the client applications. You can also choose a color theme which you would like your users to see when they login to the portal. You can choose a color theme that is close to your company colors.

Product Name
_images/image006.png
1.2 Feedback Email

Users’ feedback will be delivered to this email address.

_images/image049.png
1.3 Home Page URL

This is the URL of your ‘Terms of Use’ page.

_images/image051.png

2. Web Portal

The best way to get icons to work is by putting the icon files on the same server and reference the icons via relative link. For example, you can create a sub folder under the Install Folder of the CentreStack, such as under root/imagetest folder. The dimensions for all icons for each setting under web portal should match what is displayed for each setting. The branding of the icons and images require the icons and images with the same width/height as specified or same aspect ratio if the resolution is higher.

2.1 Application Icon Url

The is the image that is displayed next to the product name in web portal.

_images/image007.png
2.2 Drive Icon Url

This is the icon that will be used for the cloud drive.

_images/image052.png
2.3 Logo Url & Login Page Left Image
_images/image008.jpg

Please follow the same steps for branding settings for ‘Login Bakcgroud Image’, ‘File Share Stamp...’, ‘Login Page Note:’, ‘Change Password URL’, ‘Tutorial Page URL’.

2.4 Download Page

You can choose not to show the download link for different clients here.

_images/image053.png

3. Windows Client

The application icon and drive icon URLs can be specified here. Also, you can put in your company name under ‘Manufacturer Name’ along with the ‘Contact Info’ email. You also have the option here to create your own branded MSI Windows client. You can also use your own code signing certificate in order to digitally sign the MSI package. The advantage of creating your own MSI client package is that when users download and install the Windows Client you provide, they will see your company name along with your branding during the client installation.

_images/image055.png

4. MAC Client

You can configure the MAC client and MAC client installation package branding under here.

4.1 Client Branding
_images/image056.png
4.2 Installation Package Branding

There is some preparation work required in order to create the MAC client branded installation package. Please read the description and follow all the steps listed under this setting.

_images/image057.png

The transform of Mac installation package is done by a bash transform script (transform.sh). Prior to the transform, there are some preparation work.

Step 1 - Acquire Apple Mac Developer Account.

The Mac Installer (PKG) file will need to be signed by the Apple Mac Developer Account. Otherwise the pkg will be blocked by the later Mac OS such as 10.9 or 10.10.

After you acquire the Mac Developer account, you can download the signing certificates, one for signing application files and one for signing installer package.

You can find the name of your certificates from the KeyChain Access application.

For example, the signing certificate names may look like these:

Note

“Developer ID Application: Gladinet, Inc. (CX8U2YJ96P)”

“Developer ID Installer: Gladinet, Inc.”

You can modify the transform script will use these certificates.

Step 2 - Prepare your branding information.

All the branding information such as product name and branding artworks are contained in one single directory. You can use the testbranding folder as an example and replace all the information contained inside to have all the branding information ready.

The folder will be an input command line parameter to the transform script.

Step 3 - Prepare the PKG files.

In the standard Gladinet Mac binaries, there are a couple DMG file. DMG files are Mac image files. When you mount the DMG files, you will see a PKG file in each of the DMG file. The PKG file will be the input to the transform script.

Once you have the PKG file, the signing certificate and the branding folder, you are ready to do the transformation.

Step 4 - Change the transform script to use your certificate.

Locate the two lines inside the transform script,

readonly SIGN_APP_STR=”Developer ID Application: Gladinet, Inc. (CX8U2YJ96P)readonly SIGN_PKG_STR=”Developer ID Installer: Gladinet, Inc.”

and replace these two lines to use your own certificates.

Step 5 - Apply the transform

The syntax for the transform is

transform.sh branding_dir mac_pkg_file

The generated branding installer will be called output.pkg in the same folder

You can read the transform.sh shell script for more details.

5. Android Client

Branding android client can be done in your own environment using the steps listed under this setting.

_images/image058.png

First download the zip file from the web portal and extract it. There is also a readme.txt file inside the zip file.

System Requirement:

  • Java SDK 1.7+ (Required)

  • JAVA_HOME environment variable is set (Required)

    Example:

    JAVA_HOME=C:Program FilesJavajdk1.8.0_25

  • .NET 4 framework (Required)

  • Perl (Required)

  • Android SDK (Optional)

step 1. unzip the zip file. It will contain

  • inputdir : the input branding directory, you will need to update the files in the folder for your own branding.
  • GladinetCloud-6.6.32727-release.apk (or apk with higher build number) : the android apk package for the current release
  • AdjustStringXml.exe : helping transform string values apktool.bat - wrapper around apktool.jar
  • apktool.jar : tool to unpack apk file and pack apk file
  • jarsigner.exe : you will find this file in JDK
  • readme.txt : this file transform.cmd - the command to run to transform
  • zipalign.exe : you will find this file in Android SDK. Help make the apk file ready for Google Play submission.
step 2. Prepare the inputdir, this is the input directory for all the branding material.
  • Update the png files to your own branded images

  • common.txt: update the strings defined in the file
    • accesspoint - this is the access point you want to use by default

    • configstore - this is the on-disk folder that will store persistent settings on android device

    • packageid - this is the package id for your android package. Usually it is in the reverse DNS name format.

    • common.keystore - the keystore to use by default.
      • You can follow how-to-create-keystore.txt to generate your own key.
      • Before generate your own key, please rename current common.keystore
      • please update transform.cmd for the password for the key
“%JAVA_HOME%binjarsigner” -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore “common.keystore” “%outputfile%.temp” android -storepass android

# (Example above for how to generate keystore. Change password defined above after -storepass)

step 3. Generate your own branded apk

step 4. You can test the APK file generated and submit it to your own Google Play Developer Account.

6. iOS Client

Branding iOS client can be done in your own environment using the steps listed under this setting.

_images/image059.png

First download the zip file from the web portal and extract it. There is also a readme.txt file inside the zip file.

System Requirement:

Mac OS X 10.10 or 10.9 (Required) XCode iOS Developer Account

First unzip the .zip file. It will contain:

  • inputdir - the input branding directory, you will need to update the files in the folder for your own branding.
  • iosbrowser.ipa - the ios package for the current release, which will be transformed into your own branding
  • transform_ios.sh - the shell script that will do the transform of package into your own branding

It also contains a readme.txt file which has the following content.

How to brand your iOS Application:

1. First you will need to have iOS developer account with Apple. If you plan to release your application to Apple App Store, you will need the normal developer account. If you plan to put the iOS application for enterprise deployment, you will need the enterprise account.

2.You need a Mac OS X 10.10 machine with XCode installed. XCode is a free download from Mac App Store.

3. From the XCode, you can connect to your iOS developer account, download the certificate and create the mobile provision profile.

summary: after step 1,2,3 you will have the certificate ready on your Mac OS X machine; in the keychain. You also have the mobile provision file ready. You can download your mobile provision file from your iOS developer acocunt web portal.

  1. There are two sample inputdir, the inputdir is sample for enterprise application and inputdir_appstore is for Apple AppStore deployment. You will need to prepare the inputdir following the examples.

    4.1-change the parameters in the common.sh to match your iOS product.

    • ACCESSPOINT:

      this is your CentreStack server’s external DNS name, make sure the HTTPS is ready before you try iOS application because by default it connects via HTTPS

    • PRODUCTNAME :

      Product Name

    • PRODUCTNAMENOS:

      Product Name without any space, all in one word.

    • BUNDLEID:

      The bundle id will need to match the application ID you created in the iOS developer program

    • PACKAGEID: Same as above

    • IOSPACKAGEID: Same as above

    • FULLIOSID:

      the team prefix and a dot and the BUNDLEID together

    • CERTIFICATENAME: your certificate to sign the iOS Application

    4.2 various bitmap files, replace the bitmap files, make sure you have the same resolution as the samples.

    4.3 embedded.mobileprovision - this will be your own mobile provision profile downloaded from your iOS program.

  1. the ipa file. The ipa file is the original iOS application package.
  2. transform_ios.sh
The two transform_ios.sh is almost identical. One tested for AppStore with inputdir_appstore input folder. The other tested with Enterprise package with inputdir.

How it works.

The transform_ios.sh will open up the original iOS package in the ipa file, take bitmap files and input parameters from the inputdir folder and replace those in the ipa file.

At the end, it will package the ipa file back into one package, sign it with your own certificate. and the resigned package becomes your own branded package, with access point hard-coded to your access point.

The branding of the icons and images require the icons and images with the same width/height as specified or same aspect ratio if the resolution is higher.

The rest of the branding entries are self-explanatory.

6.Email Service

There are many places in the CentreStack that need to contact the users via email. So the “Email Service” tab is used to set up the email account used for contacting users via email.

Most of the time, your email service requires user name and password to send out-going email via SMTP. If your email service doesn’t require user name or password, you can put dummy email and password there.

_images/image009.png

7. Export/Import

You can either export the branding settings to another CentreStack cluster or you can import branding settings from another CentreStack cluster in this cluster under this setting.

_images/image060.png

8.Cluster Server Farm

Cluster Server Farm has two types of nodes, one is “Worker Node” and the other is “Web Nodes”.

_images/image010.png
Web Front Node:

The Account Management, Sign-in and Load-balancing services will be installed on this physical machine (or virtual machine). Depending on the load, you may need 1 to N such nodes. Normally, we recommend for every web front node, you can have 10+ worker nodes. When you have small deployments, you can skip web front nodes and combine them into worker nodes. All the installation work is the same. If you do not need web front node, you do not need to assign them in the cluster manager.

Example:

ACME Corporation deploys two web front nodes node1.acme.com and node2.acme.com. Each node is running a copy of CentreStack server connecting to the same SQL database.

ACME Corporation acquires a domain name (DNS) of cloud.acme.com which is load balanced to node1.acme.com and node2.acme.com.

When Users point their browsers to https://cloud.acme.com it is directed to one of the node for login page.

Note

NOTE 1: If you have hardware load balancing available, you do not need to use web nodes at all.

NOTE 2: Windows 2012/R2 comes with Network Load Balancing (NLB). If you use NLB, you do not need web nodes at all.

Basically, if you have any existing load balancer, you can omit web nodes.

Worker Node:

This type of node will contain services like Web Browser Based File Manager, Storage Service Connectors, and etc. Again, additional nodes can be added as the load increases. Because there is cache information located on each node, users will have an affinity to a single node once it is assigned. If the load balancer distributes users evenly to all worker nodes, the cache information may exist on all worker nodes.

_images/image011.png

In a production environment, almost 100% of the time you will need to check “Always force SSL on Login”. When this is checked and when the CentreStack detects incoming connection is HTTP, it will do a redirect to HTTPS. If you turn on SSL, you will need to setup SSL certificate first.

However, if you have SSL-offload, such that SSL is offloaded to a hardware appliance, and after that, the incoming connection is HTTP between the hardware appliance and the CentreStack. In this SSL-offload case, you will NOT check “Always force SSL on Login” because it will create infinite redirect loop because the incoming connection is always HTTP as far as CentreStack is concerned.

_images/image012.png

In a production environment, almost 100% of the time you will need to check “Always force SSL for Native Clients”. Especially, in the case of SSL-Offload, you MUST check “Always force SSL for Native Clients”. Otherwise, the CentreStack may think that the incoming connection is HTTP so it will continue to encourage the native clients (such as Windows client) to use HTTP instead of using HTTPS.

_images/image013.jpg

When you have your own load balancer, you will disable worker-node load balancing. CentreStack has built-in node-affinity load balancing, which can be per-tenant or per-user. When you have your own load balancer, you may have session-affinity or just simple round-robin, either one is fine.

Worker Node Properties
_images/image014.png

You may need to modify worker node properties when you setup SSL and the DNS name for the cluster.

The Node Name needs to match the worker node’s hostname.

The External URL needs to match the worker node’s external URL. In a production environment, this typically is in an https:// format with the node’s DNS name.

The Internal URL is the node’s internal URL, typically in the form of http://local-ip-address format.

Disable management functionality – You can create an internal facing worker node (that doesn’t have an externalURL) and only allow management functionality on this worker node. This is a security feature.

Zone

The concept of zone is to associate worker nodes with the location of the storage. When you think about zones, you will think about your storage location first.

For example, I have storage in LA so I have an LA zone. I also have storage in NY so I have a NY Zone.

You can have worker nodes from different zones as well and assign users to specific zone. If user’s home directory is coming from LA zone, the user will need to be assigned to LA zone.

_images/image015.png
Worker Node Health

You can use the Cluster Info tab to check out the worker node health.

_images/image016.png

Last Reported– You want to see this field has small numbers such as 6 seconds, 10 seconds. If you see sometime like 3 hours ago, that means the node is not reporting the health.

Total Requests Processed – You want to see this number as big as possible. This number is accumulative since the service was last re-started. So the bigger the number, the more stable the service is. Also when you have multiple worker nodes, you want to see the Total Requests distributed evenly among the worker nodes.

Request Executing – You want to see this number as small as possible. This mean the number of requests that are concurrently executing in the server. In general the number smaller than 100 is normal. Bigger than 100 is abnormal.

Last Request Time – You want to see this number as small as possible. This means the number of milliseconds for the last request. In general, numbers smaller than 3000 or 5000 are normal, which translates to below 3-5 seconds.

Pending Change Notification – For the files and folders that are changed, there is change notification written to database. In general, you want to see pending queue as short as possible.

Active Node Request – This are the clients out there contacting the server. Usually it is just for the reporting purpose.

Pending Change Polling– This is the clients out there polling to see whether there are files and folders that are changed. Usually the smaller the better.

Active Clients – For reporting purpose.

Note

If you don’t see the node performance report, check the Internal URL setting of each worker node.

_images/image017.png

9. Reports

Under reports you can look at the upload graphs and storage statistics.

9.1 Upload Report

Upload report tab shows you graphs for all the uploads that have taken place on the last sixty minutes, 24 hours, 30 days and the whole week.

_images/image063.png
9.2 Storage Statistics

Under storage stastistics, you can see a quick overview of the overall storage statistics, size distribution and file type distribution pie charts, and users who have used most storage so far.

_images/image064.png

10. Cluster Settings

Under cluster settings, you can configure auto-client update, web applications, and other settings like 2-Step Verification, multiple domain support, etc.

10.1 (Client Version Manager) Client Auto Update

For Windows Client and Windows Server Client, there is auto client update feature. Each upgrade package contains the updated clients. By clicking on the “Publish” button, the newer package can be published to clients out there.

Daily Upgrade Limit: This is a per-worker node setting. For example, if you have 2 worker nodes, and set the daily upgrade limit to 100, maximum 200 clients will be upgraded per day.

Apply to Users: This typically is used for testing prior to push the client out.

_images/image018.png
10.2 Application Manager

You can also configur Web Apps under ‘Application Manager’ tab in Cluster Settings. This will enable the users to edit documents using the web apps.

10.3 Settings
_images/image019.png

Hide Login Failure Message – When checked, the login failed message will be replaced by a very generic “Login Failed” message. When un-checked, it may return more meaningful login error, such as user-not-found, authentication-error and so on.

Enable Content Management Policies – Reserved

Enable Tenant Branding – When enabled, each tenant administrator will see the tenant branding page so they can further customize the look and feel of the product.

Hide ‘Forgot your password’ link on login – Most often it is used when Active Directory integration is set. The user will need to do forget-and-change password the normal Active Directory way instead of the way CentreStack provides.

Don’t retry when login failed – Most often it is used when the Active Directory user has low failed-count on lock-out policy. When the user’s password is wrong, a few retry can lock out the user’s Active Directory account. The retry feature can be used when there is no Active Directory lock out or when the lock out count is high.

Show ‘purge storage option’ when delete user - By default when a user is deleted, the user’s home directory storage content is not touched for later use or review. If it is desired to delete the user’s content when the user is deleted, this can show the purge option.

Enable Multiple AD Domain Support– When you have multiple Active Directory from multiple forests, you can turn on this option. The CentreStack software is capable of automatically search for domains in one single forest. However, for multiple forests, the software will allow you to manually enter the root of each domain when this option is enabled.

Turn on 2-step Verification – CentreStack supports Google Authenticator, Amazon Virtual MFA soft token for 2-step verification. When this setting is turned on, users will see the option to configure 2-step verification in their web portal.

Don’t send email notification when purge deleted content – When user deleted version folder or deleted items alls into the Trash Bin, the purge is asynchronous and scheduled at a later time. This setting controls the notification.

Web Browser Session Time Out – When the web browser client is idle for certain amount of time, you want to time out the web session. When set to zero, the web browser session will not time out. For a proof of concept environment, since users are doing more testing work, it is recommend to set it to zero so the web browser session will not time out.

Branding Id – This setting only apply to full-branding clients. For the full-branding client, it is possible to lock the full-branding clients to only connect to the branded CentreStack server. When set, it will lock out the white-label clients or other non-branding clients and will not allow them to connect.

License String – Reserved.

Logging DB Connection String – Related to split database.

11. Languages

We have automated translation and provide the resource files that you can use to localize the web portal and clients in the langugage of your choice. If there are strings that not translted yet in the language you want, just go ahead and select the string and put in the translated string in the window for the language selected.

_images/image065.png