Mobile access of files hosted on corporate file servers from Windows and iOS devices!


We all have used or currently use cloud drives, e.g. OneDrive, Box, DropBox, and so on. However what if you’re an organization that needs provide mobile access to files, however you need to keep some or certain files locally on the file server? How about CAD files or other documents that may not work well in a cloud based storage?

Fortunately there is a solution that allows mobile access to file server shares and it’s called Work Folders.

Requirements:

  • Domain Controller access for authentication
  • Windows Server 2012 R2 File Server
  • Windows 7+ (Pro, Ult, Ent) and/or Windows RT
  • iOS 8
  • Update! Android now supported - 3/11/2016
  • An SSL cert

Why use Work Folders?

  1. Work Folders is great for companies who are cloud adverse and wish to keep their files on their own servers (WS 2012 R2) but need a method for mobile devices to access.
  2. Good replacement for companies who want to move away from offline files.


Let’s get started

Here’s my Work Folders architecture and best of all it’s all hosted in Azure!

clip_image002

Install Work Folders from Windows Server 2012 R2 Add/Remove Roles in Server Manager and run through the brief wizard to complete the installation:

clip_image003

After Work Folders are installed, we need to configure a Work Folders file share in Server Manager.

Specify a path to the file share, add user groups from the domain, and specify device policies if desired:

clip_image005

After the Work Folders file share is configured we need to publish a URL to connect devices to Work Folders. This is where the SSL cert comes in.

We also need to make sure there is pointer from the DNS registrar that points to the application proxy, e.g. workfolders.yourdomain.com. The record can be an A or CNAME record.

For security purposes, on a server within your DMZ (or if you have a web proxy appliance) we need to create a reverse proxy connection.

In my diagram (below) my reverse proxy sits on the edge of my network. I used Windows Server 2012 R2 Application Proxy.

As I published the URL, I specified the SSL certificate (associated with my fileserver) installed on my Application Proxy as the cert to use.

Publishing an app using Windows Server 2012 R2 Application Proxy is very simple so I won’t detail it here.

clip_image007

My application proxy setup points https://workfolders.domain.com to http://fileserver.domain.com

Once everything is set up it’s time to test Work Folders.

 

Windows PC
Search for Work Folders and launch. Then select “Set up Work Folders”:

clip_image009

Depending on how your set up work folders, you can sign in using an email address which will convert it to http://workfolders.domain.com. Work Folders will automatically use the domain name of the email address to construct the URL. Or you may type in the URL directly.

clip_image011

If Windows Authentication was selected a login prompt will appear.  If Active Directory Federation Services (AD FS) was selected login will happen automatically.

Once logged in we see a screens similar to the ones below:

clip_image013

clip_image015

clip_image017

Open up the Work Folders folder on the PC and we see files that were populated previously:

clip_image019

Statistics on Work Folders file share from my PC:

clip_image021

 

Apple iOS
Download the iOS Work Folders app from iTunes: https://itunes.apple.com/us/app/work-folders/id950878067?mt=8  (for Android, download Work Folders from Google Play)

Launch Work Folders and enroll the iOS device using the same techniques described above for the PC. Select a passcode, and begin accessing your files.

clip_image022 clip_image023

clip_image024


Auditing and Logs

Logs are located on the Work Folders server under SyncShare:

clip_image026

Work Folders is a great solution to expose files to end users while maintaining control and access to those files within your datacenter.

 

Additional information:

Comments (1)

  1. Anonymous says:

    It’s hard to ignore the world of mobility. We often carry a one or more devices such as a Windows PC

Skip to main content