iFolder: Data Accessibility, Where and When You Need It
Articles and Tips: article
Senior Research Engineer
01 Oct 2001
Thanks to Matt French of Novell and Linda Kennard of Niche Associates for their contributions to this AppNote.
Few experiences are more frustrating than not being able to access the latest version of your data files. Mobile users have resorted to all kinds of schemes to ensure they have the latest and greatest data: copying files back and forth between desktop and laptop, burning files onto a CD, e-mailing files to themselves. With NetWare 6, Novell introduces iFolder, a new Net service that allows you to access your files any time, anywhere-all you need is an Internet connection and a Java-enabled browser. This AppNote provides a technical overview of this innovative technology.
iFolder, Net services, NetWare features
iFolder, NetWare 6
network administrators and users
familiarity with NetWare
In preparing this AppNote, I thought of an experience that happened to a co-worker of mine on one of Novell's Developer Tours. Three of us were scheduled to present in South America. In preparation for a slide presentation in Brazil, my colleague had set up his laptop on the podium in front of the room while the attendees were taking a break in another room. Once the break was over, the group began filing back in. Before starting the presentation, my colleague announced that he needed to take a quick break and left the room.
During his absence, the other two presenters were busy preparing for their own presentations and nobody witnessed what happened next. When my colleague returned, he discovered that his laptop was gone-someone had disconnected the cables and walked off with it! Rather than panic, my co-worker noticed that there was a desktop computer in the rear of the room. Lucky for him, he had a backup of his presentation on CD-ROM and he was able to give his presentation using the desktop computer. But the experience could easily have been disastrous had he not had that backup on CD with him.
Of course, it is not every day that your laptop gets stolen, but there are situations that can be just as devastating. It is difficult to guard against every possible scenario: a failed hard drive, a flaky LCD display, even pesky customs agents. But now there is a solution to these types of problems: Novell's new iFolder.
Novell iFolder provides a solution to the common problem of storing and retrieving data from any location. This new Net services software solution for mobile professionals allows your files to automatically follow you everywhere- online, offline, all the time-across multiple systems and the Net. Files saved in an iFolder are always available on your hard drives or through a browser, since changes are automatically and intelligently updated across all your systems through any simple Internet connection. iFolder also provides worry-free security, ensuring that all your files are always safe, secure, and up to date.
Initially designed as a solution for Internet and Application Service Providers to enhance their customer offerings, iFolder is now being included as a part of NetWare 6. Network administrators will thus be able to deploy iFolder for all of their users to use.
This AppNote provides a technical overview of iFolder, from installation and configuration to security and synchronization. More information is available at http://www.novell.com/products/ifolder/.
Novell iFolder ensures that your data is always current, secured, backed up, and available to you via the Internet. But iFolder's guarantee that you will always have access to the most current version of your data is only a small part of what this innovative product can do for you.
Before we dive into the complexities of iFolder, it is important to understand the basics of how it works. Figure 1 shows a typical iFolder implementation.
Typical Novell iFolder environment.
Using Novell iFolder, you can designate any network server as an iFolder server and publish information to a personal iFolder created on that server. Once your folder is established, you can install the iFolder client on the computers you regularly use and download information from your personal iFolder to any of those computers.
Once the iFolder client is installed on one or all of your computers, the contents of your personal folder will exist on both your computers and the NetWare 6 server. This is called subscribing-the client computer subscribes to the iFolder on the NetWare 6 server.
To maintain data integrity, Novell iFolder seamlessly synchronizes the contents of all of your iFolders, no matter where you work on them. This is possible because the subscribing computers communicate regularly with the server-ensuring that the most current information is distributed to all of the subscribing computers. If a discrepancy is detected in your personal folder information, Novell iFolder locates the change that was made and only communicates the changed data to the server or subscribing computer that does not already reflect the change.
iFolder is available to you wherever you are-at work, at home, or on the road. All you need is an Internet connection and a Java-enabled browser. Currently supported browsers include:
Internet Explorer 4.0 and above
Netscape Navigator 3.04 and above
Netscape Communicator 4.04 and above
Note that for Windows 2000, you must use Internet Explorer 5.0 and above.
Novell iFolder also provides enhanced security options for iFolder users. By encrypting the information located in your personal folder, Novell iFolder eliminates the need to deploy a virtual private network to access your information. In fact, the iFolder directory structure is so secure that even administrators with rights and access to the iFolder server cannot view the contents of your personal iFolder.
When you access your iFolder while connected to the Internet, iFolder automatically downloads and launches a small Java applet. This applet displays the contents of your client iFolder in typical Windows tree fashion. From this window you can create, delete, move, and rename folders and files. You can also upload and download files. Additionally, the applet provides all the cryptographic functions necessary to decrypt and re-encrypt the contents of encrypted iFolders.
At first glance, you might be tempted to categorize iFolder as just another Internet storage solution. But iFolder is much more than a simple storage solution. Here are just a few of the advantages iFolder offers.
iFolder saves you from having to jump through hoops to access your data. You no longer have to copy files to floppy disks, create CD-Rs, or e-mail files to yourself. With iFolder, the latest version of your data is just a few mouse clicks away in your Web browser.
With iFolder, you can maintain multipel folders on multiple clients, thus providing an automatic backup of your files. Say goodbye to data loss!
Since iFolder's synchronization only sends the part of files that has changed, updating files is very efficient and fast, even at modem speeds of 56 Kbps.
The remainder of this AppNote describes the installation, deployment, and operation of iFolder in greater detail.
Installation and Deployment
This section provides an overview of iFolder installation and deployment.
Installation Considerations for iFolder
Step one to making iFolder a reality at your company is to install iFolder on your NetWare server(s). This installation process will probably vary according to your company's needs and network. However, there are a few basic considerations that you should be aware of before you install iFolder.
You need to install iFolder v1.0 software on at least one Web server at your company. iFolder runs on NetWare 6 or NetWare 5.x with Support Pack 2 or higher installed. In both cases, the Apache Web Server for NetWare needs to be installed.
iFolder will also run on Windows NT 4.0/2000/XP servers running either Apache Web Server or Microsoft Internet Information Server (IIS). Novell plans to support Linux and Solaris servers in future releases of iFolder.
In order to work properly, iFolder needs some sort of solid authentication. It can use Novell eDirectory or any other directory service that supports Lightweight Directory Access Protocol (LDAP) v3.0. You can use an existing directory tree for authentication, or you have the option of creating a new one for this purpose. You can then place this directory tree on the same server or on a separate server during the iFolder installation process.
If you want iFolder to be accessible company-wide, you need to decide whether you want iFolder to work on your company's intranet, extranet, or both, and place the server accordingly. For example, to make the iFolder services available across the Internet, you need to place the iFolder server either outside your company's firewall or within your company's "demilitarized zone" (DMZ). (Most companies have a DMZ, which lies between the private network and the firewall.)
If you choose to place the iFolder server behind the firewall, you will need to configure your firewall to accept packets from the iFolder clients. Since iFolder is built on standard Internet protocols (TCP/IP and HTTP), this shouldn't be too much of a problem. iFolder also uses Novell's Internet Folder Protocol (IFP), which is tunneled within HTTP which rides on top of TCP/IP. So, assuming you have opened your company's firewall HTTP port (port 80), you do not have to open more ports to allow iFolder clients access to your iFolder server.
Once you have made these decisions, install iFolder as instructed in the product documentation. You will also need to configure the basic iFolder options. The more important ones include:
User Preference Settings. These are settings such as Automatic sync, Synchronize to server delay (in seconds), Synchronize from server interval (in seconds), Remember password, and Remember pass phrase. You can configure these and all other settings so that users do not have the option to change your initial settings. Alternatively, you can use the default settings and allow users to configure their own settings via their iFolder client.
Disk Space Utilzation. This controls the size that an iFolder folder can be on the iFolder server. Default size is 200 MB.
Security Options. The security options allow you to specify which of the three available types of personal iFolders you will allow users to create on your iFolder server: Clear text only, Encrypted with pass phrase, or Encrypted with pass phrase using an escrowed key. You have the option of allowing one, two, or all three of these options.
Note: With iFolder, the pass phrase is like a password. But where you use the password to log in to your iFolder account, the pass phrase is used to encrypt your iFolder contents.
Novell's Deployment Experiences
Novell Engineering is well-known for convincing our internal IS&T department to deploy new products for general employee use when they are in Alpha and Beta release. iFolder is no exception. Initially iFolder was installed on a NetWare 5.1 server, with Service Pack 2, running Apache Web Server v1.3.17. The Apache Web Server is one of the most popular Web servers on the Internet, because it is open-source (free) and works well. Apache Web Server for NetWare is currently available for download at http://www.apache.org/dist/httpd/binaries/netware. Additionally, the February 2001 issue of Novell AppNotes contains a great article entitled, "How to Use NDS eDirectory to Secure Apache Web Server for NetWare." (You can access this article online at http://developer.novell.com/ research/appnotes/2001/february/02/a010202.htm).
The iFolder engineers next configured the iFolder server to use XIOtech Corporation's Magnitude Storage Area Network (SAN) solution. This product uses a fiber channel switch which allows the system to communicate with several storage systems. Novell's configuration provided over 1 TB (terabyte) of storage space, configured as an array of Redundant Array of Independent Disks (RAID) Level 5 to provide 680 GB of fault-tolerant/duplexed usable space.
To make iFolder available over the Internet, Novell engineers placed the iFolder server in Novell's DMZ and configured the company's firewall to allow external users to access the iFolder server (the domain name is iFolder.novell.com). Since iFolder utilizes Internet protocols, Novell did not have to open a new port on the firewall to enable access to iFolder. Instead, Novell engineers configured the company's firewall to accept packets addressed to iFolder.novell.com that come through the HTTP port 80.
Novell engineers used a currently-available eDirectory tree for security, mapping access through the company's corporate portal: i-login.net. This way all employees would have access to iFolder.
Novell engineers set the per-user disk space restriction to the default of 200 MB; users can change this limitation if they need more space. In addition, Novell engineers use the iFolder Management Console to fine tune iFolder's performance, monitor performance, and provide essential diagnostics.
Contents of clear-text iFolders are synchronized and stored on the iFolder server in clear text. If you give your users the right to create only clear-text iFolders, the contents of those folders will not be secure, since none of the data will be encrypted. However, if you enable users to create encrypted iFolders, the contents of their personal folders will be secure. Contents in encrypted iFolders are transmitted and stored in encrypted format on both the iFolder server and client.
The encryption scheme used by iFolder is called Blowfish. Created in 1993 by Bruce Schneier, Blowfish is a fast symmetric block cipher designed as an alternative to the Data Encryption Standard (DES). In encryption, fast is good. Blowfish can use keys from 32 bits to 448 bits to encrypt data. Novell uses 128-bit keys for iFolder encryption. When you create a folder that uses encryption, you must supply a pass phrase. iFolder uses this pass phrase to generate the 128-bit key which is then used to encrypt and decrypt your iFolder data.
The main difference between iFolders two security schemes-escrowed keys and non-escrowed keys-is that escrowed keys are stored on an escrow server to which a trusted person at your company has access. If an employee leaves your company, that person's data is recoverable by getting the escrowed key and using it to decrypt the data. With the non-escrowed scheme, the keys are stored on the iFolder client, if at all, making it practically impossible to obtain them.
iFolder security is so tight that only those with explicit rights to a given folder can see the files or even the directory structure in the folder, because it, too, is encrypted. Additionally, since the iFolder data is encrypted on both the network wire and on the hard disk, you do not need to deploy a Virtual Private Network (VPN). Thus iFolder gives you security without inconvenience.
iFolder Client Configuration
After you have completed the iFolder server installation, iFolder automatically creates a no-frills home page on the server. The default home page contains the minimal necessary information. You can modify this page if you want to, since it is an HTML file.
One of the items on the home page is a link to download the iFolder client, which is a must to take advantage of iFolder's capabilities. You can download the client to as many computers as you will be using. The iFolder client is compact (2 MB) and runs on Windows 9x/NT/2000.
Once the client download completes, the iFolder server prompts you to log in. The iFolder server uses the information you provide to authenticate you to the system. If you enter your correct username and password, iFolder will proceed to create your personal iFolder. An icon for the iFolder client appears in whichever directory you named as the target directory. To unpack and launch the iFolder client installation wizard, simply double-click on the icon and follow the prompts.
Installation of the client creates a personal iFolder on the iFolder server and a matching folder on your client computer. You also have the option of creating and publishing more than one folder. After client installation completes, your iFolder is located in C:/MyDocuments/iFolder/username/Home. In addition, a shortcut to this folder is placed on your desktop. Clicking on this shortcut opens your iFolder, as shown in Figure 2.
You can access your iFolder from the shortcut on your Windows desktop.
Your iFolder looks and behaves like any other Windows folder. You can copy, cut, paste, and move files, and perform other tasks just like you can with any other Windows folder (see Figure 3). The only difference is that folders and files that you publish in iFolder are syncronized to your client and also the iFolder server.
You can perform file operations with your iFolder just like any other Windows folder.
You can edit these files any time you want, even when you're not connected to the Internet. Once you reconnect, the files will be synchronized, making them up-to-date on your client and on the iLogin server.
The iFolder server and iFolder clients compare and update, when necessary, the instances of your iFolder during any of the following situations:
When you first open your iFolder while connected to the Internet
When you manually synchronize
At present automatic synchronization intervals
Note that iFolder does not send the whole file to update it; it only sends the portion(s) of the file that include the changes. iFolder does this with 1 KB packets. The method of synchronization that iFolder uses is so efficient that, in most cases, you will not realize that iFolder is updating your personal iFolder. This is true even with a 56 Kbps modem connection!
iFolder synchronization uses a three-step process:
iFolder determines whether or not the iFolder client is current with your server iFolder.
If the iFolder client is not up-to-date, the client updates itself by requesting changes from the server.
If the iFolder server is not up-to-date, the client updates the server by sending those changes to the server.
iFolder users a four-byte number to maintain the synchronization state of your iFolder server. This number is exchanged by the iFolder client and iFolder server to keep track of synchronization. Some of the things the number does include:
Numbers are maintained for each iLogin client/server folder pair.
If the number the client sends matches the server's current number, then the server knows that the client is up-to-date.
If the number the client sends is different than the server's current number, then the server knows that the client is not up-to-date.
When the iFolder server determines, from the number, that the client is not up-to-date, the server uses the iFolder's directory data to determine where the change(s) occurred. The iFolder server is able to determine from the directory information which folders or files have changed.
After determining what has changed, the server notifies the client, and the client then requests the changes from the server. Remember, the client and server only exchange the data that changed-not the whole file(s).
If, during one of your iFolder synchronization sessions, you accidentally overwrite a version of a file that you needed to keep, you have the ability to recover it. To do this, go to your Windows Recycle Bin and recover the file. Your file will return to your iFolder.
Note: Restoring a deleted file will automatically synchronize the change.
If you need to force synchronization to start, right-click the iFolder icon in the Windows System Tray across the bottom of your Windows desktop. Select Sync Now (as shown in Figure 4). Synchronization will immediately start.
The Sync Now option is selected from the iFolder icon in the System Tray.
Novell iFolder is an innovative new Net service that allows you to access your data from any Internet-ready computer with a Java-enabled browser. Returning to the story of the presentation in Brazil, if my co-worker had had iFolder at his disposal, things would have been a lot less stressful. When he left his office to go to the airport, the latest version of his presentation would have been stored in the home directory on both his iFolder server and on his laptop. All he would have had to do was boot up the spare computer, attach to the Internet, fire up a browser, install the iFolder client on the computer, log in to the iFolder client, and synchronize his files to the computer. As if by magic, he would have a local copy of his presentation!
* Originally published in Novell AppNotes
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.