- 6 Minutes to read
Introduction to Global Administration Version 8.1.x
- 6 Minutes to read
The CTERA Portal is an enterprise file services delivery platform comprising a multi-cloud Global File System as well as multi-tenant management of CTERA Edge Filer and CTERA Drive clients.
You install CTERA Portal at your own data center or in a cloud environment and use it to create, deliver and manage cloud storage applications, including a Global File System, file access via stubbing/caching, backup, and mobile collaboration. CTERA Portal is compatible with cloud storage infrastructure from multiple vendors, including EMC, Scality, IBM COS, HPE, and cloud storage providers such as AWS, Azure, Google Cloud Platform, and IBM Cloud.
CTERA Portal facilitates access to cloud storage services; handles data protection and file sync & share services; used for provisioning and monitoring global file services. This is the beating heart of the system and is the component that will run in the customer’s Datacenter or VPC. The portal ensures data consistency, maintains version history, and facilitates file sharing among users, regardless of their access method. Both global source-based deduplication and data compression are used to ensure that only incremental data changes are transferred for storage in the cloud, and that data blocks are stored only once. This dramatically reduces storage capacity needs and overall network traffic.
A CTERA Portal installation comprises a cluster of one or more VMs (servers). Each server can host any combination of the following services:
- Main database. Only one server can host the main database. The server that hosts the main database is called the primary server.
- Secondary replication server. A passive database service to replicate the primary server. During server installation, you can turn on the replication service and select the primary server from which to replicate.
- Application server. This server accepts connections and handles requests from Web and CTTP clients. Application servers are added to the cluster to increase client handling capacity. Any servers that are enabled as application servers automatically balance the connected clients between them, allowing for maximized capacity and availability.
- Messaging server. This server enables sending notifications from the portal to various consumers, for example the Varonis Data Security Platform, which is a connector running on top of the CTERA Messaging Service. In production environments that use the messaging service, the CTERA Portal must include three application servers defined as messaging servers.
- Document preview server. This server is used to process document preview requests. The document preview server supports high availability. You can install one or more servers, in order to ensure uninterrupted document preview generation and redundancy in the event of a server failure.
CTERA Portal enables you to create one or more tenants, called Virtual Portals. These virtual portals, team and reseller portals, are accessed by end-users and management staff via web-based interfaces. CTERA Edge Filers and endpoint CTERA Agents are centrally managed from CTERA Portal using a single web-based console. Template-based management, centralized monitoring, customized alerting and remote software and firmware upgrade capabilities make it easy to manage gateways of various types and sizes as well as individual endpoints – up to hundreds of thousands of connected devices – with no need for on-site IT presence in remote locations.
Both team portals and reseller portals can be defined within a single CTERA Portal installation. The global administrator manages the creation and default settings for both team and reseller portals.
Team Portal (Tenant)
This type of portal is designed for the needs of a company or team with multiple members, and as such does not include support for reseller-oriented features. The users in the portal are the team members.
Team portals are managed by team administrators, who are team members with the Administrator role. For information on managing team portals, see the Portal Administration Guide.
All users in the team portal share, by default, a single folder group, enabling cooperative deduplication between all members of the group. Furthermore, when the cloud drive feature is used, each user receives, by default, one personal folder, and can create multiple additional personal folders. Users can share personal folders. Each user also receives access to a projects folder that is visible to all the users in the portal. Users can create projects to collaborate with other team members.
When multiple team portals are created, the CTERA Portal global administrator can assign each team portal to a different organizational unit within the company or team. Each organizational unit can sign in to their own virtual portal and manage their settings. In contrast, the CTERA Portal owner can access and manage the contents of any team portal, as well as manage global settings across all virtual portals.
Provisioning is the process of assigning services and quotas to tenants.
The CTERA Portal owner provisions each virtual portal owner with services and quotas. For example, it is possible to limit a virtual portal to use a total of up to 100GB of storage space and 50 workstation agents.
The following provisioning methods are available for portal-level provisioning:
- Global plans
In order to obtain services, virtual portals are assigned to a global plan which defines a set of services that the portal will receive, and which will subsequently be used by the portal's end users. Further, the plan can specify a maximum snapshot retention policy for the portal. See Managing Snapshots.
For reseller portals, the global plan limits the total amount of storage space (and other resources, such as server agents and workstation agents) allocated to a reseller portal's end users. That is, if a reseller provisions a 10GB storage quota to an end user, then 10GB of the reseller's storage space quota is consumed immediately, regardless of whether the end user actually uses the entire 10GB of storage space. Likewise, Portal Licenses are consumed when the resources are provisioned to the end user.Note
For team portals, the global plan limits the total amount of resources used by end users. Portal Licenses are consumed immediately, when the team portal is provisioned.
- Global add-ons
In addition to the global plan, one or more global add-ons can be added to portals. Each global add-on defines a set of services that portals will receive in addition to the services specified in the global plan. For example, an add-on may include an additional 10 GB of storage space for the number of devices specified in the global plan. Add-ons can be set to expire after a specified time period and can be stacked as desired. For example, a portal may have a subscription plan for 100 GB of storage, as well as two add-ons for 10GB of storage and one add-on for 5GB of storage. While the add-ons are valid, the portal will be entitled to allocate up to 125GB of cloud storage to end users.
CTERA Portal incorporates multiple layered security features to ensure that your data is protected whether in transit or at rest:
- You can deploy the portal either on-premise or in a virtual private cloud (VPC) to keep your data within your network and 100% behind your firewall.
- All data is encrypted before it is sent to the cloud using AES-256 encryption and remains encrypted as it is stored.
- All WAN transfers use Transport Level Security (TLS) protocol over the WAN, preventing unauthorized interception of data transfers.
- CTERA Portal uses cryptographic libraries certified with FIPS 140-2.
- Manage your own encryption keys or use personal passphrases per user to prevent privileged administrators from accessing data. Password policy enforcement ensures that passwords have a minimum length and complexity, and that the password is changed frequently.
- Use email and SMS-based two-step authentication for external file sharing to ensure only intended parties can access files. You define rules based on file size, name, or type that deny or allow files to be shared externally or uploaded to your network.
- CTERA Portal provides role-based access control, using Active Directory or LDAP roles and groups to control access to data and set up administrator roles.
- CTERA Portal interfaces with Single Sign-on (SSO) management tools to provide seamless user authentication and avoid duplicate credentials.
- CTERA Portal integrates with leading anti-virus and EMM tools while ensuring that the security and governance of the data is maintained.