Welcome to the CentreStack Server Deployment Guide. This guide describes deployment tasks for CentreStack, the managed file synchronization and sharing solution.
CentreStack includes the CentreStack server, which runs on Windows server platform, and client agent applications for Microsoft Windows, Mac OS X, and mobile clients for the Android and Apple iOS operating systems.
This guide is updated to match build 8.2.3960.37642
CentreStack is a managed file sync and share solution. It differentiates from other file sync and share solution (EFSS) by focusing on the security, control, file server and team collaboration. CentreStack does really well in the following areas:
- maintain Active Directory security and permission of NTFS permission on files and folders
- provide on-demand access that honors read-only, and write permission in real-time.
- mirror local network share on file server to team folder collaboration in the cloud
CentreStack is pure software built on top of the Microsoft Web Platform:
- Windows Server,
- IIS (Internet Information Server),
- .NET Framework
- WCF (Windows Communication Foundation)
Since CentreStack is built on top of Microsoft Web Platform, it integrates very well with Microsoft components such as NTFS Permission, Active Directory and File Server network shares.
It provides file access and sharing functionality through client agents for PCs, Macs, File Servers, Web Browsers, and Mobile Devices.
The services can be deployed in flexible combinations to meet different needs. There are two primary ways to deploy the CentreStack solution.
deploy CentreStack solution in the same network as the File Server and Active Directory server, in a single company deployment mode.
deploy CentreStack in a centralized location, such as in Amazon data center, or Windows Azure data center, or in a data center where MSPs (Managed Service Provider) have their infrastructure.
For Hosted-CentreStack (as compared to self-hosted centrestack), CentreStack server is already deployed on CentreStack.com. In this case, you don’t need to deploy CentreStack server. Instead, you can start using the web portal and client agents directly.
For this document, from this point on, it refers to the deployment of the Self-Hosted CentreStack server and its related client agent applications.
There are three different infrastructure components (logical components that can co-exist in same server). In the smallest deployment unit, the three different components can co-exist in one single machine (all-in-one deployment).
Web node is responsible for the Account Management, Sign-in and Load-balancing.
Normally, we recommend for every web node, you should have 10+ worker nodes.
When you have small deployments, you shall skip the web node and use worker node directly since worker node by default contains web node functionality.
All the installation steps are the same. If you do not need web node, there is no need to assign them in the cluster manager. Worker nodes by default has web node functionality so no need to separate the functionality out in small deployment.
ACME Corporation deploys two web front nodes node1.acme.com and node2.acme.com. Each node is running a copy of CentreStack software connecting to the same SQL database.
ACME Corporation acquires a domain name (DNS) of cloud.acme.com which is load-balanced to node1.acme.com and node2.acme.com.
When Users point their browsers to https://cloud.acme.com, their connection will be redirected to one of the nodes for login page.
NOTE 1: If you have hardware load balancing available, you do not need to use web nodes at all.
NOTE 2: Windows 2012/R2 comes with Network Load Balancing (NLB). If you use NLB, you do not need web nodes at all.
NOTE 3: Basically if you have any existing Load Balancer, you can skip web nodes.
This node contains services like Web Browser Based File Manager, Storage Service Connectors, and etc. It is responsible for data related activities such as file upload and download, permission, control and change notification.
Additional nodes can be added as the load increases.
Since Worker Node and Web Node run exactly the same binary code, most of the time, Worker Node by default contains Web Node functionalities and the Web Node can be skipped.
The database contains persistent information for the system. Database is a critical component for the smooth operation of the CentreStack server farm. Local database with latency less than 10 millisecond is recommended.
If you have hardware load balancer or any other load balancer, you do not need web nodes from the above picture.
Multiple CentreStack single-machine nodes connected together by pointing to the same database and share the same configuration information from the database.
The whole CentreStack cluster operates as if it was a single entity. The smallest cluster is one single CentreStack worker node, which contains all the functionality and different logical nodes together.
Another term for the cluster is the CentreStack server farm.
Master Admin/Cluster Admin¶
In this guide, we refer to the admin user as the user that manages the whole CentreStack server farm. The server farm can be as small as one single CentreStack server and the admin user will still need to manage it regardless of the size of the server farm.
The Master Admin is the very first user that registers with the CentreStack. Typically, it is the user who installs the CentreStack server software.
Since this user later may set up optional Active Directory connections, it is recommended that this user is not an Active Directory user to avoid circular dependency.
CentreStack is a multi-tenant ready solution. A tenant here usually is mapped to
- a company (if you are the company IT)
- a client of yours (if you are a managed service provider)
Tenants are created by the cluster administrator.
These are the users who actually use the product but are the admins for their teams (tenant or company).
This is the very first tenant account user. Usually, the Tenant User is created by Master Admin.
The Master Admin is also the Tenant Admin for his own team/company. Tenant admin can later delegate administrative tasks to other team users.
By default the cluster administrator can help the tenant administrator on the management scope.
The team user is a user under a specific Tenant. Team users are created by the Tenant Admin. Team users can be coming from three different places.
- Native CentreStack User
- Active Directory User from local LDAP
- Active Directory User from remote Server Agent
The guest users are users outside of the team users domain but receive file or folder shares from team user. Team user creates guest users through the file sharing or folder sharing activities.
Access Client Agents¶
- CentreStack contains various access clients which include
- Web Browser Based File Manager,
- Windows Desktop Client,
- Windows Server Agent Client,
- Mac OS X client and
- Mobile Applications.
These client agents provide file access and sharing features from the native client operating systems.
The discussion of the access clients are outside the scope of this deployment guide.
CentreStack is built on top of Microsoft Web Platform including
- Windows Server
- Internet Information Server 7/8 (IIS),
- .Net Framework 4.5,
- SQL Server or SQL Server Express.
The base operating system can be either
- Windows Server 2008 with Service Pack 2 or R2,
- Windows Server 2012, Windows Server 2012 R2 or
- Windows Server 2016
We recommend Windows Server 2012/2012 R2/2016 since .Net Framework 4.5 comes directly with these newer server OS platforms. It is easier and faster to install CentreStack software on Windows Server 2012/2012 R2 or Windows Server 2016.
The CentreStack server installer is capable of installing all the dependency system components such as .NET Framework and etc. For installation, a clean machine is recommended.
Windows Server 2008 (SP2/R2), 2012/R2, 2016¶
The base operating system provides the base of the Microsoft Web Platform. It will be loaded with the mentioned Microsoft components before the core CentreStack is installed.
The CentreStack installer will install all the dependency Windows components.
Base Operating System with English locale is recommended. (The User Interface can be in different locale.)
SQL Server or SQL Server Express is used to store static configuration information such as the user name, email, storage configuration, files and folders sharing information and others.
It is recommended the SQL Server has daily backups since it contains configuration information for the service to run properly.
If you have SQL Server Standard Edition or SQL Server Enterprise Edition, you can take advantage of the high availability features like Always-On Clustering or Always-On Fail Over Group.
The CentreStack server installer is capable of installing SQL Express. If you only need a all-in-one deployment for a single server deployment, the installer can install SQL Express automatically.
.Net Framework 4¶
CentreStack Server is built with .Net Framework 4.
We recommend .Net Framework 4.5 as it works better with remote clients that have Internet Explorer 10 or 11.
The CentreStack Installer will install .NET 4.5 automatically.
Internet Information Server¶
CentreStack services are hosted inside the Internet Information Server (IIS). It provides brokerage functionalities between the Access Client Agents and the backend storage. It is also a value-add layer on top of the backend storage.
The CentreStack Installer will enable IIS Service if not already. So no manual step required.
Recommended Hardware Specification¶
|Memory:||4GB, (8+GB is better for production environment)|
|Windows 2008 R2, Windows 2012 or R2, Windows 2016|
|CPU:||Intel, minimum 2-Core, prefer 4-Core (or 2-vCPU/4-vCPU if on a virtual machine)|
Virtual Machines are recommended. Clean machine built from base OS with English Locale is recommended. After providing the clean machine, the CentreStack installer will install the rest of the system components automatically.
For user counts smaller than 1000, a single CentreStack server is enough. Most of the time, an all-in-one server deployment will be sufficient. In this case you will install the CentreStack Server in a single physical or virtual machine. The default CentreStack installer will install all the components (Database/Web Node/Worker Node) on one machine.
For user counts greater than 1000, it is recommended to have the SQL Server node in a separate physical or virtual machine.
The rest of the worker nodes will share the load for the users in a capacity of 1000 each.
In this case a virtual machine is recommended for each worker node and you should use a wild card SSL certificate for each worker node.
In some big deployments, the SSL can be off-loaded to hardware load balancer such as Citrix NetScaler or F5 BIG IP.
The capacity of 1000 is referring to concurrent users. It is possible that you may have 5000 named users but only 1000 of them are using the product concurrently. So, in this case the per-server capacity can be 5000 named users.
(Concurrent-User is defined as the users making requests in a 10-second period. For example, if you make a request A, and I make a request B, if the time-difference between request A and request B is less than 10 seconds, request A and request B are concurrent).
EXAMPLE: If you have 300,000 users in your company, you may need between 30-60 worker nodes (5000 – 10,000 named users for each worker node)
Our recommendation is to have your own load balancing device if possible. However, CentreStack is capable of using Web nodes for load-balancing if you do not have an existing load balancer.
Web node runs the same CentreStack software. If you have more than one Web node, you will need another load balancer to load balance to web nodes anyway. So, if you ever need to have more than one web node, you may as well have your own load balancer and omit web nodes.
For example, from the worker node1, node2,… node N, you can pick a subset of nodes such as node1 and node2. You will acquire a domain name such as cloud.acme.com and will round robin cloud.acme.com to either node1.acme.com or node2.acme.com. This way, when an end user points the web browser to https://cloud.acme.com, it will be load balanced to one of the web nodes in the selected subset for login purposes. After login the CentreStack load balancing will take over and do the rest of the load balancing.
If you have hardware load balancer such as F5, you can skip web nodes, and have F5 directly load balance to a farm of worker nodes. You can also use Network Load Balancing feature which is included in Windows 2012/R2/2016 for load balancing.
Active Directory Integration¶
There are two ways to connect Active Directory into CentreStack.
First way, if the Active Directory is in the same Local Area Network (LAN), direct LDAP/LDAPS connection is recommended.
Server Agent Proxy¶
Second way, if the Active Directory is in a remote office, such as in customer’s premise, away from CentreStack server, a client agent software “Server Agent” can be installed on the remote file server and help import Active Directory users over to CentreStack.
CentreStack allows you to connect to multiple active directory services.
“Proxied AD User”
It is also possible to use Active Directory from remote location where the server agent (included client software) is used. In this case “Proxied AD User” will be referred to users imported from server agent’s side of the Active Directory.
“AD user” is reserved to refer to users from local LDAP Active Directory.
In the CentreStack system, for each tenant, there is one mandatory primary storage and there can be multiple, optional auxiliary storage services. The primary storage is the tenant’s default root storage folder.
If you setup the CentreStack in Amazon EC2 environment, the primary storage usually is an Amazon S3 bucket.
If you setup the CentreStack on-premise, the primary storage can be your file server storage and the auxiliary storage can be other cloud storage services or other local file server storage. OpenStack Swift is also a popular storage service in private enterprises.
CentreStack can be setup in a Rackspace data center on Cloud Server, Windows Azure VM, IBM SoftLayer Data Center and connect to Cloud Files, Azure Blob Storage, and SoftLayer Object Storage (OpenStack Swift based) respectively.
CentreStack can also be setup next to a File Server and connect directly to a File Server Network Share.
If you will later have multiple CentreStack worker nodes in the cluster, make sure you use storage service connector in a way that can be accessed from all of the worker nodes.
For example, C:\ Drive of a specific worker node is not a good one to be accessed from all worker nodes. However, if it is published as a network share, it is good for all worker nodes.
Only the CentreStack database contains persistent configuration information. All other components are stateless and replaceable. In a disaster recovery scenario, as soon as the SQL Server is restored, other worker nodes can be re-installed and will start working immediately. You can also point the worker node’s database reference to the new SQL Server; it will work immediately with the information from the database.
The worker nodes are stateless so it is not required to backup any worker nodes. They can be provisioned by a clean OS with a copy of CentreStack. As soon as they are connected to the same database they become a node in the cluster.
Storage (Files and Folders)¶
You will also need to back up your storage services. Most of the time, if you are using Cloud Storage services such as Amazon S3 or OpenStack Swift, the service has built-in redundancy. For local storage, DFS replication, RAID array or Microsoft Storage Space can all be options to provide storage service redundancy.
You can prepare a Windows Server 2008 Service Pack 2 or R2 server or Windows Server 2012/R2/2016 and install CentreStack. In this scenario, Active Directory is typically at the same site and primary storage is from file server or NAS storage.
In this case, most of the time you are using CentreStack as a way to replace VPN to provide access to onsite file server from mobile devices and remote devices.
Business Access use case - provide access to file server via CentreStack to mobile devices. When employees are in the office, they access the file server their normal way without noticing any difference, and while on the road or from remote location, they can use mobile and remote device to access file server network shares.
Normally, a managed service provider (MSP) manages your IT services, such as hosted exchange servers, hosted file servers etc. You can ask the same managed service provider to install and manage the CentreStack for you in their data center.
Usually from this deployment scenario, if the file server is already in the same data center, typically it turned into the “Private On-premise” deployment.
If on the other hand, the file servers are away from the data center, this gets turned into “Business Continuity” use case, where server agent can be installed on the local file server and connect the local file servers to remote CentreStack server in the data center.
Virtual Private Cloud¶
In this deployment scenario, you would deploy the CentreStack solution in a virtual private cloud environment such as Amazon EC2. CentreStack is also available in the form of AMI image to facilitate creation of EC2 instances. In this deployment scenario, the typical primary storage connection is to the Amazon S3 storage. You can also setup CentreStack solution in an environment like HP Helion (OpenStack) Cloud, with a Windows Server 2012 connecting to OpenStack Swift storage.
Please reference multi-site deployment.
Access Clients and CENTRESTACK¶
The access clients will be configured with an access end point in the form of https://cloud.acme.com, where cloud.acme.com is the DNS name of your CentreStack server. The communication from the access clients, such as login request will be protected by SSL over HTTP (HTTPS).
CentreStack and Active Directory¶
If the CentreStack is configured with Active Directory, CentreStack will authenticate users on behalf of the active directory by contacting the Active Directory over LDAP or LDAPS. There is no direct communication between the access clients and the Active Directory.