September 2021 - Triofox Blog

The ability to access data when and where it’s needed is a game-changer for organizations. Gone are the days where departments had to truck files to centralized locations for storage. With cloud and mobile technology becoming more coveted, deploying a secure and efficient enterprise file sync and share solution is crucial.

Although studies show that the construction industries are lax in their adoption of cloud computing, the overarching importance of cloud technology is undeniable.

This article focuses on how Triofox can be used as an ad hoc file-sharing solution for mechanical, electrical, and plumbing (MEP) companies.

Problem Definition: Electrical Company Case Study

Outlined below is an overview of the operational workflow of a medium-sized electrical construction company:

Company A is an Electrical construction company with two branches in the US and almost 300 employees in total.
They have an on-premise file server with about 4TB of data, which is replicated in the two offices using VMware.
They also have a considerable number of field engineers and workers as they do solar and electrical installations for Oil and Gas corporations.
Field/Remote workers previously relied on VPN to connect back to the on-premise file server to access files and Dropbox to share files easily.

The following section highlights the performance issues they encountered with the initial connectivity and file sharing solution and how Triofox addresses them.

Pain Points and Triofox Solution To Them

Research has found that construction companies have difficulty with communication and coordination, which can cause delays, higher costs, and poor ROI. Our case study also reflects how changes in the work environment due to innovative circumvention influenced by the COVID-19 global lockdown heightens the difficulties.

The pain points include:

Employee frustration caused by VPN Performance issues.

Most of the employees worked from the offices in the past, so accessing on-premise file servers was not an issue. However, with the rise in remote working, hundreds of concurrent VPN tunnel connections on a firewall slows down the network, leading to multiple dropped connections and disgruntled employees who constantly have to reconnect with the system.

Lack of granular control of permissions

Most consumer cloud storage platforms make it difficult for IT administrators to follow important security procedures. For instance, even though they use Office 365, they can’t utilize OneDrive/Sharepoint because, in OneDrive, you can’t set different sharing permissions for subfolders as OneDrive folder sync breaks the permission. For their contractors who work with many project folders, permissions are challenging to manage because permissions can’t be set up for each subfolder of a project folder.

Also, IT administrators can’t control which files users are syncing and who has access to shared files when using Dropbox.

Incompatibility with estimation/database application

They use AccuBid Enterprise, a vital estimating software for their business, as it helps contractors create estimates quickly and accurately. However, this software does not integrate well with Dropbox file sync.

An ideal solution for them would be one which:

Allows their employees to access the company’s file server both from remote locations and within the company’s network.
Offers a secure file sharing alternative to collaborate internally with their contractors and externally with their business partners.

This breakdown makes Triofox an ideal solution.

Triofox file server access solution extends the functionality of local file servers, enabling cloud collaborative features while maintaining crucial attributes of on-premise servers such as data control and security.

It addresses all their pain points and delivers efficiently as a remote file-server access alternative to VPN and a secure file-sharing alternative to Dropbox/OneDrive. Here’s how.

Eliminates VPN issues with its mapped drive approach

A mapped drive serves as both a physical and logical representation of a network that employees easily understand. With this, remote working employees can easily and securely access corporate files from anywhere. Hence, employees can quickly and efficiently accomplish common tasks when using file services in their daily tasks.

Provides a granular level of control over folder structures

It’s important to have a centralized data repository. Doing so allows for easy data management and allows people in different departments to share information quickly.

Unlike other cloud solutions that allow no IT control or visibility, Triofox provides centralized access for IT managers.

Allows For Seamless Collaboration

Collaboration tools play an essential role in facilitating efficient communication as virtual collaboration can be more complicated for contractors and engineering teams that work with real-time data. Field contractors have to report to decision-makers who aren’t directly exposed to on-field intelligence. It’s important to make sure the right information gets to the right person at the right time, as timely communication aids decision-making. This ensures that projects are managed properly and issues are resolved before they become problems during on-site execution.

With Triofox, large media files can be shared as secure web links without copying them to a different service to obtain the shareable link, preventing bandwidth drain, data leaks, and redundancy. Files can also be shared with multiple people without re-uploading and sharing updated links (because they use Office 365, files and folders can be shared as links instead of attachments via Outlook).

Enable Offline Access

For on-field access with limited to no internet connection, the contractors can enable offline access to files they need and set up automatic synchronization of changes when internet connectivity is restored.

Seamless Integration

It integrates with the existing Active Directory and retains NTFS permissions on files and folders. This way, existing users still have access to network shares. Through its client agents, users can access and share files via web browsers and mobile devices.

Users don’t have to worry about ad hoc software integration problems.

Efficient Collaboration

Access to up-to-date project data enables construction workers to participate more effectively and the project team to be better organized. Files are automatically locked when in use to prevent overwriting. This makes it possible to collaborate on a project without worrying that other team members will undo or overwrite each other’s changes. Also, Triofox’s version control and file tracking feature ensures that each update is saved and traceable.

Conclusion Enterprises can be assured that sensitive data never leaves the file server while granting employees the flexibility to work from remote locations with or without an internet connection and on any device.

The global pandemics have accelerated the rise in telecommuting and remote working has brought about the need to facilitate remote access to objects stored in AWS S3 buckets. Organizations whose end users just require access to Amazon S3 need a client application that provides easy access, as Amazon S3 is not beginner-friendly. While Amazon has an S3 file gateway service/ virtual software appliance that provides an interface for on-premise access to objects in the bucket by caching recent S3 files locally and presenting an SMB or NFS endpoint, one can see how remote access can pose a problem. A clear example is outlined in the use case below.

A private investment firm migrated 2TB data to Amazon S3.
Deployed the file gateway virtual appliance on their on-premise server but used it as an SMB share via an on-premise virtual appliance.
Found it very difficult to connect when working outside the network perimeter, hence deployed a VPN to connect to the office network to mount the drive and access S3 buckets.

The problems encountered:

Multiple objects are created with every change made by an SMB client through the file gateway, and the need for lifecycle policies to be set up to curtail it and can quickly complicate things.
It’s inconvenient to connect to a VPN to mount a drive to an internal IP address before using Amazon S3 as an SMB share.

In this article, we’ll show you how to work around Amazon’s S3 file gateway’s LAN access constraints for simplicity and convenience in a remote working environment.

Why S3 Object Storage?

Amazon S3 is a highly durable, cost-effective, and scalable cloud infrastructure service for enterprises. When used as an on-premise server backup, it offers flexible storage management capabilities, even much better than other cloud computing service providers.

Scaling business infrastructure to the cloud is a digital transformation trend businesses are adopting to meet growing business needs and survive in the rapidly evolving digital world. While cost is an inhibiting factor for cloud migration, Amazon S3 offers the best cost-saving incentives, especially for businesses with big data. With S3 bucket unlimited storage capacity, companies do not have to worry about incurring heavy expenses from storing their data in the cloud or managing data centers to keep up with their growing storage needs.

The primary concern about mirroring in-office user experience to ensure seamless collaboration while maintaining security and controlling data resources to stay policy-compliant is quite challenging.

As previously stated, the S3 file gateway enables on-premise applications with low-latency access to data stored in the bucket, which means provisions should be made for users accessing those objects outside the network perimeter. While there are a number of S3 access tools available, such as CloudberryLab S3 Explorer, TntDrive, or ElephantDrive, few provide a ‘file server’ experience to simplify the process, much like Dropbox provided a user-friendly interface to store files, relying solely on the S3 bucket storage architect of the AWS.

1. High Complexity

S3 is a massive storage bucket, so IAM policies need to be updated to provide folder-level permissions for those with access to particular S3 buckets to ensure granular control over data. However, Amazon’s IAM policies can get complex, especially when many users require varying levels of access permissions to multiple buckets.

2. Data Compliance

There is no central console to monitor or account for who has access to what data or to track users’ activity. Because S3 does not have a bucket filter option, any user identity generated in the IAM can display all buckets in the linked AWS account, which could result in a compliance breach.

Triofox is a cloud file server solution that addresses these problems. Equipped with remote and mobile access features, the Triofox client agent can be used as a gateway stand-in when coupled with an identity provider (IDP) for authentication to access files stored in the S3 bucket.

How Triofox Addresses the Challenges?

1. Eliminate VPN Hassles

Triofox’s mapped drive eliminates excessive workarounds to access files (stored as objects), saving users time and enabling IT personnel to focus on more critical tasks.

2. Provides Security Without Compromising Productivity

Triofox supports native integration with Active Directory to protect sensitive files from unauthorized access while providing a seamless remote working experience for authenticated users across devices, improving productivity. End-users also have restricted access to their files and file shares, which are provided automatically when the existing identity management system is integrated.

3. Cache files for low Latency Access and WAN Optimization

Like the S3 file gateway, Triofox provides local caching to enable users offline access to recent files. A helpful feature for users working from home with lower bandwidth. In this case, an encrypted, remote agent cache is set up on each client, and only changes are synchronized to the file storage when connectivity is restored. It is also helpful for employees who need access to data but might not be in a location with an active internet connection.

In addition, access can be immediately cut off from the central console when an endpoint is compromised.

4. Maintain Data Governance and Compliance Guidelines

IT has full control over what happens to data thanks to a centralized user management panel. Every activity performed on data is logged and traceable to the user thanks to its audit trace and files log feature.

Triofox Implementation

Here’s how Triofox can be used to enhance S3 bucket access:

Deploy Azure Active Directory as the identity provider (sync on-premise AD with Azure Active Directory).
Configure and Install the Triofox server on a clean Windows Server virtual machine and integrate Active Directory, selecting S3 as the file storage (see link for complete steps).

The result is end-users can enjoy the ease of a cloud server interface. This is an excellent solution for organizations that prioritize security and productivity.