Categories
Cloud Entrepreneurship NiHao Cloud Documentation Products and services Sotfware & Developers & DevOps Storage Tools & How-Tos

Active Directory AD and OpenLDAP for Security and SSO

You might be please to know that the Sesame Disk by Nihao Cloud storage now supports AD and OpenLDAP for Security and SSO. The idea is for you to be able to bring your own LDAP users from your server and thus secure your accounts using the same credentials as the ones people regularly use for day to day work (SSO) on their computers at the office, etc. Let’s explain how the system works.

Allow me to stat by saying that the system we use is very mature and has been working for many years now. We can not complain about the customers we have and the growth we have experienced along these year. From the start we have been about providing Security, convenience and reliability. Well for that purpose is that we are releasing this new feature.

NiHao cloud Storage Logo

LDAP the who?

Just for your own benefit LDAP/ OpenLDAP and Windows Active Directory are the same family of Tree like Database system Protocol and tools. They help keep information stored in the form of a hierarchical tree. It can be used for many purposes, but storing organizations users databases and directories are one of the main usages they have. The more popular forms of this software are Windows Active Directory (AD) made by Microsoft and OpenLDAP which as defined on the official website:

“OpenLDAP Software is an Open Source suite of directory software developed by the Internet community.

OpenLDAP Software is based upon prior work by the University of Michigan.”

Taken from: https://www.openldap.org/software/ on July 2021.

Finally on this regard, just to mention how popular it actually is in the market. Nowadays is used by millions of organizations and billions of users if you count the people who do not know they are using it. For instance: Aside from the windows implementations there are various software that use it and/or integrate with it; Zentyal, Samba, Exim, postfix, MySQL and many more. Those are just a small list of packages or technologies that integrate or are able to work with LDAP. Aside you can develop extensions using LDAP in almost every major programming language out there; Python, PHP, C#, Golang, java, etc.

Why would you use this feature?

If you happen to have existing users in your own Windows Active Directory or OpenLDAP running on Linux/unix systems. Well now you can bring those same users as they are and use then to access your files Cloud Storage. By the way The LDAP SSO integration works with all multi user plans and storage sizes in Sesame Disk. Meaning from a few GB to petabytes unlimited of Cloud Storage. No mater if it is for two users to thousands of users.

The system can be used via LDAP from anywhere in the world. Including Chinese Cloud Storage Users as well as of course any where else in the world.

Products supporting AD and OpenLDAP for Security and SSO

While doing all this you can also benefit for all of the standard features. For instance the Seafile Client for synchronization of files. Second the new generation of Pay as you go products Ondemand. Also check our you can find details about products in this link.

How to get AD and OpenLDAP for Security and SSO working?

To start you need to singup for one of the paid plans to be able to use the feature. once this is done you when you go to the billing dashboard, you will see one additional button for LDAP as per the following image.

Billing dashboard with LDAP SSO integration.
Billing dashboard with LDAP SSO integration.

Here you Click on the button External LDAP Users (SSO). Then you will see a New Window like the following image.

LDAP users dashboard
LDAP dashboard for sync

At this point another pop window will open. If this is your first time opening the LDAP connect you will also see the help message with a light blue background. as per the image bellow.

AD and OpenLDAP for Security and SSO Integration.
Help for Active Directory AD and OpenLDAP for Security and SSO Integration.

Here you can close the help pop up window, and it will not be displayed by default anymore. Now, let’s go over that help message as it has important instruction for the integration to work.

Help for Active Directory AD and OpenLDAP for Security and SSO Integration.

For the system to be able to integrate with your LDAP or Active Directory to give your users SSO on our system. You need to make sure our system is able to read your LDAP/AD Controller. Before you start, please make sure you complete these steps:

First buy the users.

Make sure you have purchased enough users capacity in our system to integrate the users you need. Meaning that if you need to have 10 users with storage, by as many. Now, with that said you can always start small and add more as you need. Keep present that our teas system will apply here for the pricing.

Second give us access

Give our IPs (servers) access to the server and/or relevant firewalls in your network. This servers need to be able to reach the LDAP servers via TCP. We have various ways to secure the communications over internet like SLL/TLS encryption. That should be more than enough for most organizations. If you have higher security requirements, we can also create VPN connections to the network of our VIP customers. Your security is very important to use, therefore on this regards we are very flexible.

Third create a user in your own LDAP.

Create a user in your LDAP/DC with access to read the users you intend to integrate with our system. This is the user that our system’s LDAP reader needs to read and keep your users updated. It does not need to be admin of you directory, just having read of ID, name(s), email and password should suffice in most cases.

Fourth and final configure and test.

Fill up the config form and make sure you press “Test connection”. The system will tell you if it can connect to your DB or not. Lastly in case of error will try to tell you why it failed.

After this Four steps you should be good to go!

Here is the form to configure with the above parameters:

LDAP connect config form.
LDAP connect config form.

Once the test is successful, you should be good to go and then you should be able to import your own user. You can click on the “Back” Button and proceed to synchronize users. There you will be given options to chose from all the users that your LDAP user has access to read. there you will have options to manage what users to integrate, etc.

If you find any issues reach-out to support and we will get you sorted.

Hits: 10

Categories
Cloud General Topics and tips NiHao Cloud Documentation Products and services Storage

Ondemand; unlimited & pay as you go!

Ondemand is our new cloud storage subscription product, aside we have created a whole family of similar products that are metered. This is a pay as you go option to the more traditional fixed cloud storage plans. Now, Is this pay as you go product for you? Here in this article you will find the fundamentals to empower you to make a decision. The names of this family of products are; Freemium, Ondemand and StarterPlus, please see them in the prices page for reference.

no_ad

Ondemand metered product
Ondemand Product

Ondemand Cloud Storage Highlights

  • First the product gives you freedom and flexibility to design your plan according to your needs. You will know “how” soon if you keep reading.
  • Second you pay for what you really use.
  • Then quantity of users, traffic and storage in your bill go independently from each other. This particular will be very flexible for many use cases with asymmetric consumption.
  • Third there are specifics that apply to all of our products:
    • As our standard you will get resiliency and durability of data with point in time recovery backup. We have 3 copies of every file in 3 different data centers at all times.
    • Too Web office, API , Client software access.
    • Then admin panel for the organization and clear billing dashboard. As well as low latency and speed globally.
    • Nimble VIP customer support as we do for all products and customers.
    • Moreover lower standard prices for larger teams.
    • More, much more!

Those are just some highlights about the Ondemand. Now, this post you will get a full illustration about the Great, the good the bad and the horrible about this new product. Moving on!

Users

As you will appreciate on the picture attached, your users will be billed monthly on fixed amount. Just so you know it will be per month per user according to price tiers. Meaning this product has many price tiers we design to make it very affordable on entry level as well as for organizations with many users or a LOT of users. In fact the more users you have the cheaper the users get. Now entry level is cheap and you also get 20 GB included traffic and storage. Then for the rest you pay as you go (Ondemand). Then for your benefit we will talk about Storage and Traffic respectively.

Users are billed like all other “older” products in NiHao Cloud.

Storage

As a matter of fact the bill will be the amount you have consumed over time along the month. Meaning that periodically the system will measure your storage, and calculate your monthly average consumption. Lets to an example thought exercise about this.

Let say you get the product with 4 users. This would be 8 USD for those 4 users every month plus the storage and traffic they consume. Let talk about traffic now. If those 4 users start exchanging using internal links. Just some office documents, they might work the whole month and not consume more than 20 GB in total. In which case the system will not bill anything.

Now, this is not most cases probably. If the users start using the system to store more data than 20 GB. Then the system will measure the storage every so often and record that measurement. E.g. today 15GB you store, tomorrow 55 and the next day 11GB. What the system does is to average those over 3 days and you pay that average. Notice it will not be the highest value.

Freemium, Ondemand, StarterPlus
The family of metered or pay as you go products

How can your bill go crazy with storage?

Someone from your team would need to upload a LOT. When we say a lot we mean a LOT, remember this is by default unlimited. Now, you can set quotas per users to avoid this if desirable. That way gives you the flexibility of having unlimited. Then at the same time you can control on a user per user basis with quotas.
In case you set a limit for the account on purchase of afterwards in billing dashboard, your storage can NOT surpass said limit. Your bill for storage will never be higher than the limit you have set, but you would need to change it ti store more “things”. Let us move on to traffic now.

Traffic

Currently we are billing traffic on the basis of your uploads and downloads of the user(s) under your organization in the system.

For example, if you are have worries about the traffic bills, be careful with viral content and big files shares sent publicly. E.g.: a 2 GB video that you or your team shares in Facebook and then 20 000 people watch it, that is 40TB of traffic.

Given the above example, if you set a limit, this may cause critical service interruptions that will be inconvenient for you or your business. This means that if any of the user(s) on your plan shares or upload/download. Then the access to the files is many thousands of times a day, you may exceed the limit. Let say you exceed the limit.

What then?

  1. We do not delete your files because of this reason.
  2. If you or your team shares files and folders, they will not be publicly available anymore, the system will unpublish the shares.
  3. The system removes all privileges of the users.
  4. Your bill might be higher than the limit you set as the system runs periodically.

When this happens, you need to either increase the limit, remove the limit or wait until the end of the billing period to be able to use the system features again. Once the limit does not apply anymore, if you need to re-publish(share) the same files and folders. Then you will need to create new shared links manually or via API and send them again to the people who need them, etc.

Ondemand traffic too high!

As you may already know, in our system you can create public links. This is indeed a very useful function. People will be able to access those links by anyone who is given the link. For security they can not be scanned, but they are public. This means that if you make a big file public in social media or if someone malicious get’s hold of your public links, they can inflate your bill. In this case your bill might be very high.

Ondemand Product Afterword

Fists that system notifications and warnings will be sent to you via email about your usage and consumption as you configure it in your account. Now, we recommend you to check your billing dashboard frequently. This will help you monitor your team’s current consumption if you have worries about the bills.

Our recommendation of this product is if ether of the following is your case. Let say you do not know how much you really need to store en traffic. Second in case you have very asymmetric consumption patterns. For instance a website that serves a lot of content, but do not need to store a lot. Other case is when you have very low consumption or very high consumption.

Aside from the Ondemand product you can also use other FIXED price products. Finally here is a detailed description of all of our products.

Hits: 32