by NinoVidovic Ph.D.
Traditionally, IT infrastructure services have been provided via on-site hardware. More recently, an alternative has emerged for very small SMBs: moving these services into the cloud.
Right now, something new is emerging: a hybrid alternative for larger SMBs. It’s an approach which has been made possible by highly integrated, virtualized, intelligent edge systems such as clearBOX by ClearOS and HPE and Konica Minolta’s Workplace Hub.
Furthermore, the demand of today’s increasingly global business requires employees to be able to access all the services and all the company data anytime, anywhere, on any device and in online as well as offline situations. As a result, there is a requirement for a new, more agile, more secure, and more user-friendly mobile digital office.
This new mobile digital office solution is enabled by a powerful next generation of smart mobile devices such as filePodTM. This paper looks at the Mobile Digital Office implementation for SMBs using bluFON’s filePod and Konica Minolta’s Workplace Hub “IT-in-a-Box” technologies.
Hybrid cloud with edge and micro-edge appliances as “IT-in-a-Box” digital enterprise solution for SMBs
Today medium to large SMBs can get all of their IT services delivered via on-premise ‘IT-in-a-box’ edge appliance that’s complemented with transparent private and public cloud-based infrastructure and applications and mobile access devices.
All the IT management functions are centralized into a multi-tenant cloud-hosted management service. This solution requires far less IT expertise to set up and manage SMB’s IT services, which leaves companies to concentrate on their day-to-day operation and business.
Such a hybrid cloud with intelligent edge appliances offer SMBs the same IT business experience as a fully managed local IT service but delivered via the internet from secure data centers. It’s a far more straightforward alternative to owning and managing on-premise IT infrastructure, and has significant advantages:
- Cost savings: services can cost 30% to 50% less
- Improve productivity: it’s faster to get employees up and running with new services
- Low equipment investment: use existing computers, maybe buy some smart mobile devices
- Easy setup: a simple transition from on-premise IT infrastructure
- Hassle-free: cloud providers offer fully managed IT systems
- Reliable: many cloud providers already provide more than 99% availability
- Predictable: a wide range of Service Level Agreements for support and management
- Future-proof: no long commitments are needed, and the cloud provider upgrades the technology
- Remote access: users can connect to a business IT system from anywhere over the internet
- Business continuity: provides a disaster recovery solution
Also, with micro-edge appliances, IT now can extend full control over company data. These micro-edge appliances are fully managed from a central location with a reduced cost:
- Identity – authentication, and access thru remote password changes and account lock
- Content – enforcing device and selective file encryption, as well as whole volume or selectively files can be remotely deleted
- Location – the device could be tracked, locked, or data use can be restricted based on geofencing policies
- Privacy – no need to install any management/control/tracking software on employee personal devices (i.e., issues related to privacy vs. control is resolved)
- Cost – cost per managed device is reduced since IT is now managing only a single device per employee of the same type (vs. managing multiple devices of a different type)
The Hub: “IT-in-a-Box” SMB Office Solution
Workplace Hub (WPH) is an” IT-in-a-Box” solution by Konica Minolta. WPH is a hybrid system designed to offer SMBs a comprehensive IT Service provided by an on-premise virtualized system – delivered by new hardware and software (Picture 3).
Workplace Hub platform combines infrastructure and applications into a single on-premise device, supported by hybrid cloud services, including file sync and share and backup (Picture 4).
The Admin Dashboard is providing a complete overview of users, assets, applications, server and storage and enabling tasks such as reviewing resource usage, managing user rights or infrastructure status, changing site support or adding and removing applications.
The User Dashboard simplifies the way to access all key information
from one place to improve productivity, collaboration
and communication providing management of applications via the MarketPlace or by linking to third-party providers.
The POD: A Mobile Digital Workplace
FilePodTM (THE POD or Mobile Digital Workplace) is a way to secure all your files and to enable you to access company files anywhere whether you are online or offline. Given your nomadic life, whether you are traveling for work or pleasure, you need to work wherever you are. So filePodTM is the world’s first automatically and autonomously synchronizing personal file storage device, small, and lightweight. It’s number one priority – provide a secure file management system in a pocket-sized design. With a single login, and instant access right when you needed it and to all your digital files. One home. One unified view across all your cloud accounts which you can now access interchangeably without having to synchronize it to your device again. Avoid logging in over and over again.
And, very importantly, filePodTM works offline. You needed to access files even when you could not get a wifi signal. So, work on your laptop or tablet, then save the latest version of your files directly into filePodTM, and once it’s online again, it automatically syncs everything again.
Today, this portable personal file storage works with iOS, Android, Windows, macOS, and Linux. It’s encrypted and password-protected for added security. For anyone who wants the security of cloud storage, filePodTM will tame the chaos and brings order to your files.
Workplace Hub Setup
The new Mobile Digital SMB Office system consists of highly integrated, virtualized all-in-one edge appliance such as Workplace Hub by Konica Minolta, regular desktops computers, printing devices and IoT devices such as web cameras, keyless door entry systems, motions sensors and mobile devices such as laptops, tablets, and filePods. See picture of the SMB office (Picture 6).
In this particular setup. Workplace Hub is configured to provide the following services:
- User identity management service
- Local file sync and share service
- Router operating as an internet gateway with Sophos XG Firewall providing router, firewall and VPN services
- Office wireless local network
- Virtual run-time IaaS for containerized and virtualized applications
Logical diagram shown in Picture 6.
Workplace Hub User Identity Management Service
Workplace Hub provides basic user management. Users information can be loaded from an LDAP compliant user base:
- Workplace Hub user storage using Samba 4 (default option)
- Microsoft Active Directory (on-premise user base)
- Microsoft Azure Active Directory (cloud user base)
Workplace Hub stores user information only when using the default user management option (Samba).
When using Active Directory, either on-premise or in Microsoft Azure, Workplace Hub does NOT store user information. Instead, the system reads and writes user information directly into Active Directory.
Konica Minolta IT services would configure which user base the SMB customer prefers to use. The configuration is done in Basic System Settings.
The User management application allows administrators to edit values stored in custom attributes in their Active Directory. When configuring integration with Active Directory, administrators can set labels for selected Active Directory custom fields. These labels and corresponding editing interface will appear when editing users in User management.
Administrators can create, update, and delete users in their Active Directory through the User Management application.
Workplace Hub File Sync and Sharing Services
The File sharing application allows users to store files on the Workplace Hub server and share them with other users. Supported file storages:
- internal Workplace Hub storage
- Microsoft OneDrive storage
By default, the system uses the internal storage. If integration with Office 365 is configured, users have the option to choose between the internal storage and OneDrive storage.
Workplace Hub VPN services
Workplace Hub has embedded Sophos XG Firewall and VPN services. WPH VPN Service is configured by an IT Administrator using the XG Web Admin (please refer to the article Sophos XG Firewall: How to conﬁgure SSL VPN remote access).
THE POD – filePod is Mobile ON-THE-GO Workplace
Employee’s “on-the-go” (OTG) workplace setup is simple, elegant and effective (See Picture 7)
It consists of filePodTM, laptop, tablet, and smartphone. Detailed connectivity diagram is shown in Picture 8.
Setting up your filePod for the First Time
Before using the FilePodTM, you must insert an SD card. You can use any micro SD card. FilePodTM supports high-capacity SDXC cards up to 2TB. There is no limit on individual file sizes. Connect the FilePodTM with your personal computer using the supplied USB cable.
NOTE: If you are using your FilePodTM for the first time before you continue with the setup process, let the FilePodTM stay connected for 30 seconds so that the battery gets an initial charge.
In your browser, access the FilePodTM’s internal website using the following URL:https://myfilePodTM.io:8080/
Watch the Getting Started video on the main page.
Click on the drop-down menu to select your WiFi router to connect to the internet.
Your basic setup is now complete. For details on how to configure more features check out the “How to section” and videos on the FilePodTM website (https://www.filepod.io.)
FilePod – Configuring User
Register your account on the FilePodTM by entering your workplace hub email and a password. Now log in using your new user id and password credentials.
Once you are logged in, follow a simple procedure to configure your time and time-zone settings and update our user profile.
FilePod – Configuring Storage accounts
Using same web UI, you will configure all of your storage accounts that you want to synchronize with your FilePodTM.
The content of both MS OneDrive account and WPH Storage Server account are synchronized whenever there is a change in your account’s WPH Storage partition or the corresponding account directory on the FilePodTM’s SD card. You don’t have to worry about configuring the directory structure of these accounts since FilePodTM collects directory structure from both MS OneDrive and WPH Storage Server accounts.
Adding Microsoft OneDrive account
Press “+” symbol in cloud accounts and select MS OneDrive storage service. filePod connects to MS OneDrive web service. Type in your account credentials and login to your MS OneDrive account to add that account to filePod.
After you completed authentication, your MS OneDrive account will appear under Cloud Accounts showing that your FilePodTM is linked to your MS OneDrive storage
Click on the OneDrive account tab to view the directory structure for your account. You can now select which directories you want to synchronize, specific directories or all the content.
Now that you have added your MS OneDrive account to your filePod decide what you want to synchronize. Select the MS OneDrive account from the list. filePod displays content of your MS OneDrive account in the corresponding MS OneDrive account tab. Select all or only directories in your MS OneDrive account you wish to be synchronized by filePod
After making a selection and saving the setting FilePodTM would now automatically keep your selection synchronized between filePod and the corresponding MS OneDrive account directory on the FilePodTM’s SD card. You can always change your selection, but you need to click on Save Settings every time your selection is modified.
FilePod OneDrive 2-way-sync app will keep content of your filePod and the corresponding account synchronized.
Adding Workplace Hub WebDAV account
It is the same procedure for adding your WPH Storage Server account as adding Microsoft OneDrive cloud storage account. We will Use WebDAV 2-way-sync app. WebDAV (Web-based distributed authoring and versioning) allows mapping the internal storage of Workplace Hub to filePod. This enables users to manipulate files stored in Workplace Hub without logging in to the web interface.
Press “+” symbol in cloud accounts and select WebDAV app icon. filePod opens WebDAV login webpage. Type the URL of the workplace hub WebDAV endpoint: https://wph.local/services/ file-sharing-service/WebDAV/files/HOME, where wph.local is the hostname of your Workplace Hub device.
filePod connects to WPH WebDAV web service. Type in your account credentials and login to your WPH WebDAV account to add that account to filePod
Now that you have added your WPH WebDAV account to your filePod decide what you want to synchronize. Select the WPH WebDAV account from the list. filePod displays content of your WPH WebDAV account in the corresponding WPH WebDAV account tab. Select all or only directories in your WPH WebDAV account you wish to be synchronized by filePod
After making a selection and saving the setting FilePodTM would now automatically keep your selection synchronized between filePod and the corresponding WPH WebDAV account directory on the FilePodTM’s SD card. You can always change your selection, but you need to click on Save Settings every time your selection is modified.
FilePod WebDAV 2-way-sync app will keep the content of your filePod and the corresponding WPH WebDAV account synchronized.
FilePod – Configuring Virtual Private Network (VPN)
A virtual private network, or VPN, is an encrypted connection over the Internet from a device to a network. The encrypted connection helps ensure that sensitive data is safely transmitted. It prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct work remotely.
FilePodTM supports OpenVPN technology. First, download and install the OpenVPN Client plugin application from filePodTM’s private Appstore. Once you installed the OpenVPN Client app, you’ll need a profile and a password to use the VPN client.
WPH generates the profile and password. From the browser, sign in to the user portal using the Sophos XG Firewall’s public IP address and the user portal HTTPS port. In this example, the user portal is accessible at https://220.127.116.11>:<8443>
Note: The user portal HTTPS port conﬁgured in the Sophos XG Firewall can be found in Administration > Admin Settings > Admin console and end-user interaction > User portal HTTPS port
Now that SSL VPN client/conﬁguration profile file is generated you can save it in any of your cloud storage accounts e.g., WPH WebDAV or MS OneDrive (those you have already added to your filePod).
Back in filePod’s web user interface, open the OpenVPN Client app’s settings in /Settings/OpenVPN. Then click ‘OVPN Profile’ button and in the ‘Import Profile’ page, go to cloud storage account where you previously saved your unique .ovpn file from WPH VPN app. Find and select the .ovpn file and then click the ‘IMPORT’ button.
Click on the option to connect and a virtual IP will be leased to the filePod with the status Connected.
How all of this works
In addition to having local access to all of your cloud storage files on Microsoft OneDrive, it is easy to configure your filePod to automatically connect to your WebDAV server on your WPH system at office and synchronize the content of your WPH files with filePod.
Previously IT admin has configured WebDAV server on your WPH system as well as VPN service for access to your office network. The logical network of your mobile digital workplace in action from a remote location is shown in Picture 12.
Now that everything is nicely configured on Workplace Hub and for on-the-go use, you can start using filePodTM as any other ordinary USB attached device. To your laptop, tablet, or smartphone, it looks like an attached USB/WiFi drive. At the same time, it is also secure “tunnel” into the Internet. So, no more worrying about snooping and prying “cyber eyes” – you are safely connected to all Internet services. And the best thing of all there is nothing to do on your laptop, tablet or smartphone, no additional software to download and install, no new applications to configure – use your devices as if you are in your home network. The filePodTM is doing all the hard work.
Using filePodTM as Secure Access to Internet and Office Network
Connecting your filePodTM to your VPN Server via VPN tunnel has several advantages.
First, Surfing the web is just as if you are at the office when you are not
- filePodTM and WPH VPN Server allow you to easily set up an encrypted connection from anywhere in the world to your home. Although you are outside on public network, your security protection is just as if you are at home.
- You can access the internet as secure as you are at office.
- If you are at a place that controls internet access, you can use this to get around that.
- You don’t need to open additional ports on your router when you are outside and want to view your office camera or file system.
Second, you now have unrestricted access to your SMB private network from anywhere.
- In addition to being safely connect back to your office, it also allows you easily access all your network-enabled office devices, such as IoT devices, NAS file system (e.g. WPH storage server), etc.
The VPN connection is a transport service provided by security certificates; it is much more difficult to be attacked than an HTTP service provided by your camera. It also encrypts all traffic between you and your home network, whatever sites you are surfing or files you are accessing are kept in private, won’t be snooped by anyone in-between.
Using filePodTM as Ordinary Local Attached USB Drive
There are two ways how to access files on filePOD’s SD card. One way is using standard USB Mass Storage Mode, and another way is to use a built-in WebDAV server. In this article, we will show the use of WebDAV server. Please note that when using WebDAV approach, you can be accessing the SD card from your host computer using native file manager applications (e.g., macOS Finder or Microsoft Windows Explorer) while filePOD 2-way-sync applications (e.g., MS OneDrive and WebDAV 2-way-sync apps) can be accessing the SD card simultaneously.
To use WebDAV client on your laptop to access files on the FilePOD’s SD card, you don’t need any third-party software. Popular desktop operating systems like Windows, Mac, and Linux can all do this out-of-the-box.
There are two ways how to access files on filePodTM ‘s SD card. One way is using standard USB Mass Storage Mode, and another way is to use filePod’s built-in WebDAV server. The difference is that, when using WebDAV approach, you can be accessing the SD card from your laptop using native file manager applications (e.g., macOS Finder or Microsoft Windows Explorer) while filePodTM 2-way-sync applications (e.g., MS OneDrive and WebDAV 2-way-sync apps) can be accessing the SD card simultaneously.
As an example, using WebDAV to access files on the filePodTM ‘s SD card user don’t need any third-party software, MacOS can all do this out-of-the-box with Finder file manager. Mac OS X has built-in WebDAV support. On your Mac OS X computer, start the Finder application. Open the Finder, click the Go menu, and select Connect to Server to see the Connect to Server dialog and type a WebDAV server address to connect to the filePodTM built in WebDAV server. For example, you’d enter https://myfilepod.io:3000 (See Picture 15).
Accessing Workplace Hub Disk and Microsoft OneDrive
Now that your computer has “connected” filePodTM, you’ll then be able to browse its contents and download, upload, copy, paste, delete, edit and save files directly from the Finder window into your’ filePodTM’s SD card. (Picture 16).
Setting up your mobile digital office can be a fun and simple thing to do. All of the components are plug-and-play, and after connecting the power, network and USB cable and initial simple set-up and configuration would just work.
To your desktop, laptop, tablet, or smartphone filePodTM looks like an attached USB drive and secure “tunnel” into the Internet, all at the same time. It is like “Swiss army knife” of computing.
No more worrying about snooping and prying “cyber eyes” and there is nothing to do extra on your laptop, tablet or smartphone, no additional software to download and install, no new applications to configure – use your devices as if you are at home connected to your home network. All the hard work is being done by the filePodTM.
Workplace Hub | Konica Minolta Global R&D. https://research.konicaminolta.com/workplace-hub/
Sophos XG Firewall: How to configure SSL VPN for android devices using OpenVPN Connect – https://community.sophos.com/kb/en-us/134175