This article demonstrates the best practices and options available for deploying a Morro solution for a business with two offices. The office where the administrator is located is considered the local office and the other office is referred to as the remote office.
In this example, the business is headquartered in San Francisco, where the administrator is located, and the European office is located in Amsterdam (the remote office). Each office will have a Morro CacheDrive installed on the network.
The deployment process is divided into two steps: installing the hardware and managing the solution.
Install the Hardware
First, acquire two Morro CacheDrives (cloud storage gateways) - one for each office.
Follow the setup process outlined in the article Morro Account Sign Up. It is also recommended to read through the article Create an Account for Your Solution to become familiar with some key points about the account setup process.
During this process, the first gateway will be installed. In this example, the gateway will be named "G-SanFrancisco". After the account is setup and the first gateway is installed, ensure that users can access the network drive by following the steps in the Quick Start article.
Install the second gateway with the name "G-Amsterdam". Refer to the article Add Gateway for information on how to add a gateway.
Once the installation is confirmed, send the gateway to the Amsterdam office and have someone there connect it to a network with Internet access and power it on.
Note: If you are based in San Francisco and plan to deploy the CacheDrive in both offices at the same time, installing both devices locally is the preferred method of installing devices that will be used at remote locations. For information on how to install the already in the remote location, follow the section Manually Discover Device in the article Add Gateway.
Manage the Solution
Select a gateway by clicking the device badge to open the Gateway Management panel.
Perform the following tasks for both local and remote gateways:
- Manage the name of the gateways.
- Edit and manage access permissions.
- Gateway maintenance tasks: firmware update, reboot, shutdown, delete, diagnostics
Connect to Shares from Your Client Computer
Once the basic setup is done, you can immediately share files between the two offices.
If you click on the FILE SYSTEM page in the Morro Cloud Manager, you will see that a GlobalShare1 has already been created by default. This share is where you can copy your files, and the files will be synced with the remote office's CacheDrive. See figure below:
The share is accessible via your local area network. To access the share using Windows, use the Windows File Explorer and type \\G-SanFrancisco if you are in the San Francisco office or \\G-Amsterdam if you are in the Amsterdam office.
For more information on how to connect the share see the articles:
Manage Access Permissions
For advanced operations, you can set up access permissions based on users, groups, and gateways.
There are three permission levels (what level of access is allowed):
- Read/Write (RW) access - full access
- Read-Only (RO) access - limited access
- No access
There are three permission types (how the permissions are defined/controlled):
- User based share permission (including guest access option)
- Group based share permission
- Gateway based share permission
The access permission will be defined by the most restricted permission control. For example, if a user has Read/Write permission to a share, but the gateway has read-only access to the share, then the user will have read-only access permission to the share. If that gateway is the only gateway in the team account, then that share is read-only regardless of the user's permissions.
There are two ways to manage permissions for the share: the FILE SYSTEM page and the DEVICES page.
Manage Permissions from the FILE SYSTEM page
From the FILE SYSTEM page, you can specify access permission to the share by user or by gateway.
When a SHARE is created, you can specify which gateway has access to the share - "All Gateways" or "No Gateway".
Select the "Gateway Permissions" dropdown list.
Choose "All Gateways" or "No Gateway". For security reasons, it is recommended to choose "No Gateway" first and then assign the appropriate shares to the gateway.
Manage Permissions to Share by Gateway
To manage the gateway permissions after the share is created, click the pencil icon next to "Gateway Permissions" in the Manager Share panel.
You can assign the permissions (read/write, read-only, or none) for each gateway. In this case, "SanFrancisco" is the local Gateway and "London" is the remote Gateway. "Team Portal" is the virtual gateway accessed via the web browser or Morro Connect.
In this figure, the share has read/write (full access) from the San Francisco office (via SanFrancisco), read-only from the London Office, and is not accessible from the web-based Team Portal.
Make sure to go BACK to Manage Share panel and SAVE your changes.
Manage Share Permissions by User
Click the pencil icon next to "User Permissions" in the Manage Share panel to manage User and Group based Share permissions.
In the following image, the example shows a share with Guest Access disabled and default access set to "No Access". This means that users and groups not in the exceptions list cannot access the share. In exceptions list, groups "Accounting" and "Executive" are given Read/Write access and user "cjoseph" has Read-Only access permissions.
Manage Permission from the DEVICES page
When adding a gateway, you can set the shares the gateway has permission to access as "All Shares" or "No Shares".
To manage the share access permission for a gateway, click on the device badge for the gateway to open the Manage Gateway panel.
Click on pencil icon next to "Accessible Shares" panel. Assign the permissions (read/write, read-only, or none) for each share.
In this figure, the gateway has read/write (full access) to shares "Accounting", "HR", and "Sales", etc., it has read-only access to the share "Design", and it is not have access to "Rassilon".
Make sure to go BACK to Manage Gateway panel and SAVE your changes.
The Manage Gateway panel gives an overview of the accessible shares. The following image shows the Share access permission defined for the gateway G-Amsterdam:
- Share "Account (Ac)", "HR (HR)", "Sales (Sa)" all have full-access permission from Gateway "SanFrancisco". It shows Green dots on the Share Icons.
- Share "Design (De) is read-only which is indicated with a Orange dot on the Share Icon.
- Share "Rassilon" is not accessible from Gateway "SanFrancisco" and there is no Share Icon listed for this Share.