To add a Share, click Create Share to begin the process.


Screen%20Shot%202016-10-10%20at%201.29.04%20PM.png


The procedure to create a share is based on what type of cloud storage group the share is located:


Morro Data Object Storage
Works with Amazon S3 and Wasabi Hot Storage
Your Object Storage for Sync
Works with Amazon S3 and Backblaze B2
Your Object Storage for Archive
Works with Amazon S3 and Wasabi Hot Storage
Your Cloud File Storage
Works with Dropbox (Personal and Business) and OneDrive (Personal)


Morro Data Object Store and Your Object Store for Sync



Share Information

Enter the following information into the Create Share panel.


Name

The Share name can use almost any character, except '/', '\', ':'.


Comment (Optional)

Enter a description of the Share. It's useful to enter information about the share and what it's used to store.


Storage Pool

Choose the storage pool in which you would like to create the Share.


Share Type

Choose the type of Share to create.


Sync Share
Multiple-master sync allows for real-time sync between all of your devices and sites
Replicate Share
One-way sync allows for single source sync to multiple destinations.


Source

Choose the source gateway for the share.


Allow Guest Access

Turn this feature on to allow users to access the share without using credentials.
Note: When Guest access is allowed, any user with access to your network will be able to access the share.


Gateway Permissions

Set the Gateway permissions. When creating the share, you can grant access for "All Gateways" or "No Gateways". Choose no gateways for security reasons and add the gateways after the share is created.


Click CREATE to complete the process.



Your Object Store for Archive



Share Information

Enter the following information into the Create Share panel.


Name

The Share name can use almost any character, except '/', '\', ':'.


Comment (Optional)

Enter a description of the Share. It's useful to enter information about the share and what it's used to store.



Storage Pool

Choose the storage pool from the Archive Pool in which you would like to create the Share.


Folder in Cloud Storage

Enter the name of the folder where you would synchronize the files to and from the Morro Data share. There are three settings.

  1. Select root "/". This will cause Morro to sync all of the files in Cloud File Storage.
  2. Choose an existing folder "/existing-folder". This will cause Morro to sync files and sub-file and sub folders. 
  3. Create a new folder "/new-folder". This will cause Morro to create a new folder in your Cloud File Storage and create the folder.


Share Type

Defaults to "Archive". For Archive Pool, the share type must be set to Archive


Allow Guest Access

Turn this feature on to allow users to access the share without using credentials.
Note: When Guest access is allowed, any user with access to your network will be able to access the share.


Source Gateway

Choose the source gateway for the share.


Server Side Encryption


There are three 4 options for servers side encryption. The options are based on which cloud provider is selected to archive the files.


Wasabi Hot Storage


None
Default option. Files are not encrypted at rest in the cloud.
Enable SSE-C
Customer provided encryption key.


If Enable SSE-C is selected, enter an Encryption key from the cloud storage provider. If connecting to an existing folder, please use the same encryption applied to the folder so files can be synchronized down can be viewed in Morro Data.



For more information on how to use SSE-C, please refer to the article: Protecting Data Using Server-Side Encryption with Customer-Provided Encryption Keys (SSE-C)


Note: It is recommended to use the same Encryption key if the bucket already has encrypted files in it.


Amazon S3


None
Default option. Files are not encrypted at rest in the cloud.
AES256
(SSE-S3) Each object is encrypted with a unique key employing strong multi-factor encryption.
AES-KMS    
(SSE-KMS) There are separate permissions for the use of an envelope key (that is, a key that protects your data's encryption key) that provides added protection against unauthorized access of your objects in S3.
SSE-C
Customer provided encryption key.


If AES-KMS or SSE-C is selected, enter an Encryption key from the cloud storage provider. If connecting to an existing folder, please use the same encryption applied to the folder so files can be synchronized down can be viewed in Morro Data.



 

In addition, if using AES-KMS, specify the following permissions in the S3 account.

{
    "Sid": "kmsSid",
    "Effect": "Allow",
    "Action": [
        "kms:Decrypt",
        "kms:GenerateDataKey"
    ],
    "Resource": [
        "{kms key ARN}"
    ]
}


For more information on using encryption methods in S3, please refer to the article: Protecting Data Using Server-Side Encryption


Note: It is recommended to use the same Encryption key if the bucket already has encrypted files in it.


Click CREATE to complete the process.



Your Cloud File Storage



Share Information

Enter the following information into the Create Share panel.


Name

The Share name can use almost any character, except '/', '\', ':'.


Comment (Optional)

Enter a description of the Share. It's useful to enter information about the share and what it's used to store.


Storage Pool

Choose the storage pool in which you would like to create the Share.


Folder in Cloud Storage

Enter the name of the folder you would like to create in your Cloud Storage account to where you would synchronize the files to and from the Morro Data share. There are three settings.

  1. Select root "/". This will cause Morro to sync all of the files in Cloud File Storage.
  2. Choose an existing folder "/existing-folder". This will cause Morro to sync files and sub-file and sub folders. 
  3. Create a new folder "/new-folder". This will cause Morro to create a new folder in your Cloud File Storage and create the folder.

Note: Files deleted in a share that synchronizes with a Cloud File Storage account will also delete the file from the Cloud File Storage account. If the share itself is deleted, the files in the Cloud File Storage account are untouched.


Share Type

Only Sync Shares are supported in Your Cloud File Storage cloud storage groups. 


Allow Guest Access

Turn this feature on to allow users to access the share without using credentials.
Note: When Guest access is allowed, any user with access to your network will be able to access the share.


Gateway Permissions

Set the Gateway permissions. When creating the share, you can grant access for "All Gateways" or "No Gateways". Choose no gateways for security reasons and add the gateways after the share is created.


Click CREATE to complete the process.



Manage Share Permissions

To configure Share permission, select the Share you want to manage permissions.





Edit Icon
Opens the User or Gateway Permissions Panel


Edit User Permissions


Screen%20Shot%202016-10-07%20at%206.27.39%20PM.png


Click the Edit Icon to open the User Permissions panel.



Default  Access

The permissions for all users in the system.


Read/Write
Users can read and write files to the share. Users must be authenticated to access the share. Admins can specify users/groups to a Read Only exclusion list.
Read Only
Users can read files from the share. Users must be authenticated to access the share. Admins can specify users/groups to a Read/Write exclusion list.
No Access
Users cannot see the share. Admins can specify a Read Only and Read/Write exclusion lists.


Allow Guest Access

If Allow Guest Access is enabled, any user will have access to the Share. The default share created by Morro Data has Allow Guest Access enabled.


In the example above, the share has no Guest Access, which means users  must enter a user name and password to access the share. 


Default Access is set to "No Access", which means only users in the exclusion lists can access the share. 


Exclusion Lists specifies which users have Read/Write or Read Only access to the share.


Read/Write List
Users in the groups Sales, Sales - East, Sales - West, Executive, Local Admin can read and write files to the share.
Read Only List
Users in the group Marketing can only read files from the share.



Edit Gateway Permissions


Gateway Permissions determine which gateway has access to the share. By enabling restricting gateway permissions, you are creating a location based security for access to the shares in your system. 


Screen%20Shot%202016-10-07%20at%206.20.50%20PM.png


Click the Edit Icon to open the GatewayPermissions panel.


Screen%20Shot%202016-10-07%20at%206.31.19%20PM.png

Figure 1: Gateway Permissions panel


Gateway Permissions Information


Access

The Access column set the access permissions for the share. The valid values are:

  • NO: No Access
  • RW: Read/Write Access (Full control)
  • RO: Read-Only

To disable access to a share in the Team Portal, set the Access to "NO"


Prefetch

Check the box for prefetch to have all files copied to the share downloaded to the gateway immediately. When prefetch is enabled, the user does not need to wait for the file to be downloaded from the cloud before it is available.


To save the settings, close the Gateway Permissions panel and click SAVE in the Manage Share panel.


In the Figure 1, the gateway SanFrancisco has Read-Write permission. London has Read-Only access and Prefetch enabled for the share. Team Portal has No Access which means users cannot access the share from the FILE page in their Team Portal.