Windows Server 2012 R2 Work Folders–The On-Premise Solution for Controlling Sensitive Data

While many small and medium size businesses are moving their IT infrastructure to Azure for hardware and operational cost savings, there are still times when technology solutions will need to stay on premise due to the sensitivity of data as the prevalent reason.  Microsoft provides excellent hybrid solutions with Windows Server 2012 R2 that allow your customers to address on premise requirements as well as take advantage of services in the cloud.  One such on premise solution provided with Windows Server 2012 R2 is Work Folders.

Work Folders is a new feature delivered with Windows 8.1 & Windows Server 2012 R2 providing users access to their work files from anywhere while keeping the data on premise in centralized local storage.  Work Folders provide the means to better control the organization’s data.

Users can be directed to store documents that must stay on premise to the Work Folder location on the user’s device.

These documents would get synced to the Sync Share Folder on the designated on premise file server. The file server can be set up to automatically classify the document based on content, if configured using File Server Resource Manager, and encrypt the document using Windows Rights Management Services before syncing the document back to all the user’s devices. This allows a seamless experience for the user while keeping the organization in compliance and preventing leakage of sensitive information.

Work Folders can utilize existing deployments of Folder Redirection, Offline Files, and home folders. You can specify a folder that already contains user data, which enables you to adopt Work Folders without migrating servers and data or immediately phasing out your existing solution.

Work Folders is part of the File and Storage Services role. Work Folders functionality is installed by using the Add Roles and Features Wizard which will add the Work Folders page to File and Storage Services in Server Manager.  The sync shares service will also be added (providing host sync shares functionality) as well as the SyncShare PowerShell module.

Work Folder sync can be accomplished to the organization’s server hosting Work Folders through the internet via  implementation of a publically registered domain name.  A public CA certificate would be required for the server hosting Work Folders as well for the reverse proxy server.  Publishing rules would be set up on the reverse proxy or network gateway.

For more information on Work Folders take a look at following resources:

• Introducing Work Folders on Windows Server 2012 R2 (blog post)
• Introduction to Work Folders (Channel 9 Video)
• Work Folders Test Lab Deployment (blog post)
• Designing a Work Folders Implementation
• Deploying Work Folders

Kathleen Molosky, PTS