Enabling hybrid storage with Egnyte

By Shyam Srinivasan, Egnyte Product Manager

This article discusses integrating Egnyte and Google Cloud to deploy a hybrid cloud and on-premises model.

Egnyte, a Google Cloud Technology Partner and a 2016 Gartner Magic Quadrant Leader for Enterprise File Synchronization and Sharing (EFSS), offers Google customers the ability to create a hybrid SaaS file sync and share infrastructure that harnesses the power and flexibility of Google Cloud services with the security and centralized IT administration of on-premises content management.

With Egnyte Connect, customers who require that some content remain on-premises and who must avoid a cloud-only model can easily use Cloud Storage in addition to their on-premises storage.

Egnyte delivers EFSS services that anticipate IT and business needs, so users can easily, securely, and intelligently access and share files stored on premises and in Cloud Storage. Egnyte provides unparalleled flexibility, unified visibility, and centralized control over data to facilitate collaboration and to optimize legacy and future infrastructure investments. Egnyte Connect also works with Google Workspace.

Integrating Google Cloud with Egnyte Connect

Enterprise organizations often need to collaborate on large files, such as videos, construction blueprints, or medical imagery. Storing these file types in the cloud might result in undesirable latency using a pure cloud-based storage approach, and potentially business disruption if internet connectivity is lost. The problem is compounded for geographically dispersed organizations, where some locations might have an unreliable or narrow pipe to the cloud.

Egnyte's hybrid deployment model offers the option to deploy an on-premises storage device located at each of the user facilities which is connected through Egnyte's Storage Sync product to the cloud. Content stored in a public cloud is synchronized through Egnyte to this on-premises storage. As a result, access to content is real-time and reliable. Users based in different locations can collaborate on their content while maintaining version control and having access to the most recent content.

Large, unwieldy files aren't the only concern of companies with hybrid model enterprise file sync and share needs. Additional considerations include regulatory or compliance requirements, or business continuity requirements that ensure the organization can function if internet connectivity is disrupted.

Companies that are interested in a hybrid model want:

The cloud as a file server for a portion of their corporate data
Collaboration on sensitive files with strong IT control and administration
On-premises storage seamlessly synchronizing with cloud storage
A single location to view, manage, and access on-premises and cloud data

Visualizing the architecture

The following diagram illustrates a hybrid storage solution using Cloud Storage and Egnyte Connect.

Diagram showing Cloud Storage and Egnyte Connect

Objectives

Create a Cloud Storage bucket for Egnyte Connect to use.
Create a service account.
Create an Egnyte Connect trial account.
Connect the Cloud Storage bucket to Egnyte Connect.

Costs

There is no additional charge for customers to download the app that integrates Egnyte Connect to a new or existing Cloud Storage account, but you must have paid subscriptions to both Egnyte Connect and Cloud Storage before you start your integration.

Egnyte is typically priced as a software as a service (SaaS) solution, with monthly per user subscriptions starting at $8. For more information on Egnyte Connect pricing, visit the Egnyte website.

When you finish this tutorial, you can avoid continued billing by deleting the resources you created. For more information, see Cleaning up.

Before you begin

Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
In the Google Cloud Console, on the project selector page, select or create a Google Cloud project.

Note: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.

Go to project selector
Make sure that billing is enabled for your Cloud project. Learn how to confirm that billing is enabled for your project.

Deploying the architecture

This section walks you through getting a trial Egnyte account and setting it up, creating a new storage bucket and service account in Cloud Storage, and integrating the two products.

If you are already use Cloud Storage, you can get started by creating an Egnyte Connect trial account to use with Cloud Storage. If you are already an Egnyte customer who is interested in using Cloud Storage, contact Egnyte customer support to proceed.

Set up a Cloud Storage bucket

In the Cloud Console, go to the Cloud Storage Browser page.
Go to Browser
Click Create bucket.
On the Create a bucket page, enter your bucket information. To go to the next step, click Continue.
- For Name your bucket, enter a name that meets the bucket naming requirements.
- For Choose where to store your data, do the following:
  - Select a Location type option.
  - Select a Location option.
- For Choose a default storage class for your data, select a storage class.
- For Choose how to control access to objects, select an Access control option.
- For Advanced settings (optional), specify an encryption method, a retention policy, or bucket labels.
Click Create.

Set up a service account

Create a service account:
1. In the Cloud Console, go to the Create service account page.
  Go to Create service account
2. Select a project.
3. In the Service account name field, enter a name. The Cloud Console fills in the Service account ID field based on this name.
  
  In the Service account description field, enter a description. For example, Service account for quickstart.
4. Click Create.
5. Click the Select a role field.
  
  Under Quick access, click Basic, then click Owner.
  
  Note: The Role field affects which resources your service account can access in your project. You can revoke these roles or grant additional roles later. In production environments, do not grant the Owner, Editor, or Viewer roles. For more information, see Granting, changing, and revoking access to resources.
6. Click Continue.
7. Click Done to finish creating the service account.
  
  Do not close your browser window. You will use it in the next step.
Create a service account key:
1. In the Cloud Console, click the email address for the service account that you created.
2. Click Keys.
3. Click Add key, then click Create new key.
4. Click Create. A JSON key file is downloaded to your computer.
5. Click Close.

Create an Egnyte Connect trial account

Go to the Egnyte Free Trial page to create an Egnyte Connect trial account.
Activate your new account by email.

Configure Egnyte and Cloud Storage

Log into your Egnyte Connect account. The first time you log in, you are prompted to configure your Cloud Storage settings. This is a mandatory step that must be completed before you can begin using Egnyte Connect.
Click Go to Google Configuration.

The Storage Provider section in your account's settings opens. You can find this section under Settings > Configuration > Security & Authentication.
Enter the storage bucket name and private key from Cloud Storage that you created earlier.
Click Save. A checkmark next to the Saved button displays if your Cloud Storage settings were accepted:

You're ready to begin using Egnyte Connect. Check out the Egnyte Getting Started guide for some useful resources to kickstart your trial.

Reviewing security features

Egnyte takes a holistic view of account security and breaks it down into four components: user, device, content, and network security.

User security

Egnyte ensures strict user and login enforcement, including SAML 2.0 Single Sign-On (SSO), Active Directory, and two-factor authentication. Additional user security comes from subfolder permissions, minimum password length and strength, password rotation, password history, account lockout, and more to ensure that only users with the right credentials can access data.

User security components:

Active Directory integration
Google Single Sign-on Using OpenID, Active Directory Two-Factor Authentication
Read/Write/Delete/Owner folder
Subfolder permissions
Guest access roles
Password rotation
Minimum password length and strength

Device security

The rapid increase in mobile usage has enabled significant productivity gains, but it has also created potential security concerns. To address these concerns, Egnyte Connect features a comprehensive set of tools specifically for mobile users.

Egnyte delivers additional options including mandatory passcodes, idle-timeout settings, and automatic file wipe after a set number of incorrect passcode attempts. Admins can also control whether files can be downloaded for offline access, and if a device is stolen, the employee or admin can remotely wipe the offline files in the Egnyte application.

Additional security features include local encryption and certificate-based device trust, so only authorized devices are allowed to access files.

Device security components include:

Passcode use enforcement
256-bit AES on-device encryption
Remote-wipe for mobile & desktop clients
Trusted device
Offline file access controls
Automatic offline file expiry

Content security

Protecting files when they are at-rest sitting on a hard drive is as important as when they are being accessed. Egnyte Connect addresses this by using 256-bit AES encryption and storing the encryption key in a secure key vault in a completely separate, decoupled database. In addition, multiple domains can be used, each with unique encryption keys to further isolate and protect content. And for greater security, Egnyte can be configured so that files and metadata reside and can be accessed only on-premises and never touch the cloud.

Content that is stored at-rest in Google Apps storage accounts is encrypted using the same standards as other documents stored in Google Drive.

Content security components include:

Tier III SSAE 16 compliant data centers
Data center redundancy
Crypto-shredding of deleted files
Physical premises and rack security
Network redundancy
Available customer-managed encryption key solutions

Network security

Egnyte takes a multi-layered approach to network security. First, data is encoded during transmission using 256-bit AES encryption. ICSA-certified firewalls are deployed to police the traffic between the public networks and Egnyte's data center servers. SSL encryption and a network Intrusion Prevention System (IPS) to monitor and block hackers, worms, phishing, and other infiltration methods are also incorporated.

Egnyte network security details include:

256-bit AES encryption in transit
Network Intrusion Prevention System
ICSA-certified firewalls
Third-party security audits
Real-time network monitoring
Network security experts on staff

Cleaning up

To avoid incurring charges to your Google Cloud account for the resources used in this tutorial, either delete the project that contains the resources, or keep the project and delete the individual resources.

Delete the project

In the Cloud Console, go to the Manage resources page.
Go to Manage resources
In the project list, select the project that you want to delete, and then click Delete.
In the dialog, type the project ID, and then click Shut down to delete the project.

What's next

Egnyte Helpdesk for Admins
Egnyte Security White Paper (PDF)
Getting Started Guide for Admins
Deployment Guide
RV1 Compliance Standards for Privacy and Data Protection (including EUDPD, ISO/IEC 27001, HIPAA, FINRA, 21 CFR Part 11, SSAE16 and more)
Try out other Google Cloud features for yourself. Have a look at our tutorials.