Secure Access to Network File Shares - SharePoint(WebDav) and Windows FileShare(SMB) for iOS Device


Options



Before You Begin

Purpose

In this tutorial, you learn how to containerize and grant access to the various intranet documents and network file repositories such as SharePoint and file share to the mobile users from within the secure container workspace.

overview

In computing, a shared resource, or network share, is a computer resource made available from one host to other hosts on a computer network. SharePoint is a web application framework. SharePoint integrates intranet, content management and document management. Web Distributed Authoring and Versioning (WebDAV) is an extension of the HTTP that facilitates collaboration between users in editing and managing documents and files stored on World Wide Web servers.

File Manager is a client within Secure Workspace which allows user to access Shared folder / files. SharePoint is a server hosting File(s) / Folder(s).  File Manager client connects to the SharePoint for File(s) / Folder(s) access.

The policies, permissions and privileges of the users to the network file shares are still maintained by those repositories such as SharePoint. However the mobile users can continue to access and be productive on their mobile devices, as much as they are, on their desktop environments.

Time to

Approximately 1 hour

Pre-requisites

  • Workspace Registered using KINIT JSON URL.  
  • Active Directory infrastructure with SharePoint and File Share support
  • In our case, MS SharePoint 2010
    Note: This OBE uses a windows machine iamserver2.idc.oracle.com, where MS SharePoint 2010 is installed and configured. SharePoint is running on a different machine than the one where the Active Directory domain controller is installed and configured (which in our environment is windowserver1.idc.oracle.com).  However it is important that the SharePoint machine must be on the same domain as the Active Directory domain (idc.oracle.com).
    • Validate domain

    Observe that the AD domain is idc.oracle.com on windowserver1.idc.oracle.com and iamserver2 machine
    is a member of the idc.oracle.com domain.

    Validate domain2

    Observe the AD machine where the domain controller is running.

    Validate domain1

    Before starting this tutorial, you should complete the following OBE:


Sharing Folders and Files for User Access

Creating Shared Folder in Windows

  1. Navigate to the Windows machine iamserver2.idc.oracle.com. Open Windows Explorer and create a new folder or use an
    existing folder that you want to share.

    win_fs_1

  2. Create a new folder on your C drive namedshare. Create a text file named Hello with some dummy text such as Hello World.

    win_fs_2

  3. Right-click share folder and select Properties. From Sharing, click Share.

    win_fs_3

  4. On the File Sharing window, Select Find People from the drop down list. Add the group finance (which is automatically discovered as this windows machine is part of the AD domain idc.oracle.com where the users/groups are defined). Click OK.

    finance group

  5. All the users who are members of finance group, should be able to access the share folder on the C drive. Change the permissions to Read and Write i.e, all user who are members of the finance group will be able to read and update or write content in this directory location. Click Share.

    win_fs_6

    Click Done.

    win_fs_7

    Click Close.

    win_fs_8

    6. Observe that the network path and the share folder is now shared.

Create Shared Drive Using SharePoint

  1. On the SharePoint machine, iamserver2.idc.oracle.com, verify if SharePoint 2010 is installed and configured
    correctly. From the browser, Navigate to http://<hostname>/default.aspx. When prompted, enter the SharePoint
    administrator's username and password.

    sp_fs_1

  2. You can centrally administer SharePoint using SharePoint 2010 Central Administrator tool or configure it using the
    SharePoint 2010 Products Configuration Wizard.

    sp_fs_2

  3. On the windows machine, Right-Click Computer node within Windows Explorer. Select Map network drive.

    sp_fs_3

  4. On  Map Network Drive, Select a Drive say Z:Specify folder as \\iamserver2.idc.oracle.com\
    This will display all the folders under the root SharePoint site. You are logged in as administrator. Every employee
    who wants to access their documents shared on a network drive, should login with their own credentials.
    Select Connect using different credentials. Click Finish.

    sp_fs_4

  5. When prompted to enter credentials ,Specify the credentials for vishalp@idc.oracle.com. Select Remember my credentials
    and Click OK.

    sp_fs_5

  6. Observe the WebDav drive Z and all the folders under the root site, which the user  vishalp has access to in the Shared repository.

    sp_fs_6

You have now completed creating a shared folder in the windows machine and also shared a drive using SharePoint.

Configuring File Manager in Access Console

  1. Login to access console (http://<hostname>:7777/access  as oamadmin@idc.oracle.com/Oracle123 ). Click on Mobile Security Tab. Select Mobile Security Policies from Mobile Security Manager option. Click on existing Policy “MDM MAM Policy”. Click on Workspace tab to edit Workspace policy in the File Manager Section. 

    Oracle headquarters buildings
  2. Select Allow to enable File Manger. Edit File Manager server based URL under Application Settings with http(s)://msmserverhost:msmserverport/mfm. Click Apply to save the policy
    Oracle headquarters buildings

Verify Secure Access to the Network File Shares

Manually Accessing New Shared Folders and Files

  1. Navigate to your mobile device and login to secure workspace as vishalp@idc.oracle.com/Oracle123. You should see the File Manager icon, since you have selected File Manager Allow in the Policy.

    Secure Mobile Workspace

  2. There are two ways to browse and access the SharePoint files. You can use App Catalog (+catalog icon on your secure workspace) to install Shared Folder App (this is called Direct browsing route) or you can Manually browse required folder(s) using file manager.

  • To browse manually, Click on File Manager to access Shared Files > Enter Address Manually as shown in the following screen.

    File Manager

  • Enter network file share address in the address field and click on done.  For example: smb://iamserver2.idc.oracle.com/share(network file share address).
    Note the url as smb://iamserver2.idc.oracle.com/share
    Note the protocol used for FileShare is SMB(Server Message Block). Click Done.

    address field

  • You can see hello.txt file listed as shown in the screen. This was the file we had created under shared folder "share" under Pre-requisites section.

    Hello Text file

Manually Accessing the SharePoint Files

You can manually access the SharePoint files.

  1. Navigate to your mobile device and login to secure workspace as vishalp@idc.oracle.com/Oracle123. Secure Mobile Workspace
  2. Click on File Manager to access Shared Files > Enter Address Manually as shown in the following screen. File Manager

  3. Click on File Manager to access Shared Files. Enter Address Manually as shown in the following screen. Enter SharePoint address, for example: http://iamserver2.idc.oracle.com/in the address field and click on Done.  

    Shared Files

  4. This will display all the folder from the root down that the user has access to, as shown here. Note the protocol used for SharePoint is WebDav.

    root folder

    Note: If you want to display only a particular folder in the catalog you could restrict it using the url such as http://iamserver2.idc.oracle.com/Lists which will display the contents of the Lists folder only. The files/folders you have access to, is controlled within MS SharePoint itself (based on user privileges). Here you are only controlling the content in SharePoint that you want to make accessible from the mobile device.

Configuring File Manager and Browsing Shared Folders

Workspace allows you to access Shared folder /file using Shared Folder App.   Like, Web App, Shared Folder is a shortcut link to access the Shared Folder.

Creating a Shared Folder App in the App Catalog.


  1. Go to Access Console > Mobile Security > Mobile Security Manager > Mobile App Catalog.
    Click on Add to add to create new App, and fill in app details as shown below and click Add. 

    Mobile App Catalog

    Fill in app details as shown below and click Add. Here we have used http://iamserver2.idc.oracle.com/ for Target Folder.

    App Details

  2. Click OK on the confirmation window.

    confirmation window

    The new App is available.

    New App

  3. Navigate to  Mobile Security tab > LauncPad > Mobile Security Manager > Mobile Security Policies. Click on MDM MAM Policy. Under Apps and Configuration tab, add MySharePoint app using the Add button under Apps section.

    Apps and Configuration

  4. Click Apply.

    apply

  5. Navigate to the mobile device and login to the secure workspace as vishalp@idc.oracle.com.
    Tap on the Catalog icon. 

    Catalog App

    Select MySharePoint app from the catalog.

    MySharePoint

  6. Tap on Install to install the MySharePoint app to the secure workspace.

    install MySharePoint

  7. Once the app is installed within the secure workspace, launch it by tapping on the MySharePoint folder. 

    MySharePoint folder

    It should automatically display the contents of the SharePoint repository that is accessible to vishalp user from the root directory down.

    contents

Move, Copy or Delete shared File/Folder using File Manager

Once you are able to browse to shared folders / files, you can tap on the folder / file to view the content.   Also, you can copy, move or delete file(s) or folder(s).

  1. Click on Edit icon on the top right corner. Now you can select any file/folder and then tap on Copy/Move/Delete icons at the bottom to perform appropriate actions.

    edit

  2. In order to Copy or Move, you need to choose destination file location where you want to paste or move. Mobile File Manager client asks to browse the location, once done click on Paste or Move button as shown below.

    move or copy     contents

  3. You can also create a new folder by tapping on the folder+ icon on the top left corner. Provide the name of the folder and click Create as shown below.add folder     new folder

SharePoint Access from Browser

You can use Secure Browser to browse SharePoint contents.

  1. Login to secure Workspace >  Tap on Browser icon > Type the SharePoint Address in the Address Bar:  http://iamserver2.idc.oracle.com
    You should now  see the contents of the SharePoint in the Secure Browser.

    contents of SharePoint

Basic Authentication for Accessing Shared Folder

By default, Workspace uses Kerberos SSO (either NTLM or SPNEGO) to access the File Servers or Share Point. Kerberos SSO is possible only when the File Server is in the same Kerberos domain and Workspace is registered with KINIT or PKINIT authentication mode. If the file server(s) are not in the Kerberos domain or if the Workspace is not registered using KINIT and PKINIT then, Basic Authentication can be used as alternative to access file server.

  1. To setup Basic Authentication, Go to Access console > Configuration > Settings > Mobile Security Manager Settings > Server Settings

    server settings

    In this page, select the Basic Authentication as shown below.
    Check the option AuthN challange Enabled - This option allows you to set Whether the server should offer HTTP Basic authentication to the client. If checked, server will offer HTTP Basic authentication upon any unauthenticated requests. If unchecked, HTTP Basic credentials will be accepted by the server only if such credentials are sent proactively by the client, and all other unauthenticated requests will be rejected by the server without offering for authentication.

    Check the Non-SSL allowed option - This option allows you to set Whether the server should allow HTTP Basic authentication over a non-HTTPS connection. If unchecked, the server will allow Basic authentication only if the connection is secure. If checked, the server will allow HTTP Basic authentication over insecure connections as well. This sends login information over the network unencrypted, and is a SEVERE security risk. Checking this is strongly discouraged.

    Click Apply.

    Basic Authentication

  2. Navigate to the mobile device. Login to secure Workspace. Tap on File Manager icon. Browse the desired location - http://iamserver2.idc.oracle.com/. This time File Manager should prompt you for Basic Authentication credentials.

    contents of SharePoint

    Enter the basic authentication credentials to access file(s).

    contents of SharePoint

Want to Learn More?