With over 10 million users across the globe, ownCloud enables Data Infrastructure Modernization, realized through a common file access layer regardless of where the data lives – in applications, object stores, on-premises storage or in the cloud – all completely managed, secured and controlled by IT.
Uniquely offering both control and access, ownCloud is relied upon by some of the largest enterprises (all over the world). Paired with an Enterprise Subscription, ownCloud makes file sharing an easy choice for IT everywhere.
As a busy knowledge worker, you may be in the airport when you have an urgent request from one of your executives to send a critical file ASAP. Your flight is about to board and you don’t have time to fire up your laptop, access the internet, access the VPN, start email, attach the file, sync the client – all just to send the file. But, your mobile phone with the ownCloud app lets you go to the file and share it. Done.
With ownCloud, users have a single interface from which they can access, sync and share files on any device, anytime, from anywhere. Users can quickly find and share the files they need whether shared by others or created themselves. With features like password protection, link expiration, anonymous and full access sharing, files are managed accordingly. And, administrators can easily track and audit file sharing activities. Learn more
You are working on the final presentation for your big product launch. You save the last version on your desktop, grab your iPad and run for the airport. As you taxi for takeoff you open the ownCloud app, the latest file, which has conveniently synced from your PC to the laptop, is there waiting for your final touches.
With a sync client that keeps the web, desktop and mobile device on the same page, users don’t have to question if they have the latest file version. Running seamlessly in the background, ownCloud actively monitors any file changes and pushes the latest version to all devices and all relevant users wherever they are.
Collaborative Editing of Office Documents with Collabora Online new
With Collabora Online for ownCloud, users can access their office documents within the ownCloud web frontend, author new content, share their work and collaboratively work on the same document with others. Collaborators of that document are able to see changes in real time and to take over editing from another user. Users can also work with documents on-the-go using their browsers, and are no longer troubled with version conflicts that may occur while working on independent documents. Productivity is increased while simultaneously preserving full control on sensitive corporate data. Learn more
Workflows enterprise new
Workflows provide a means to automate file operations when certain criteria are met. Current examples comprise of ‘auto-tagging’ (automated assignment of tags with respect to certain rules/conditions) and ‘retention’ (automated deletion of files assigned to specific tags with respect to certain rules/conditions). Many further use cases are also possible and can be integrated with ‘Workflow apps’.
Have certain files that you work on more than others? Are you tired of having to search for those files every time you want to open them? Well now users have the ability to quickly set favorite files on the server. With this new feature users save time looking for their everyday files with a search filter setting that brings up all of your favorited files.
Imagine working on files with a team. There is a folder of files, and a few of you are working on the presentation – but perhaps you are in different locations, or working from home. Now imagine how difficult it is to work on a file, make changes, have those files synced to users can now add comments to files and folders. Comments appear in the activity stream and provide context, improve collaboration, and enable ownCloud to be integrated into day to day business activity.
A group of 4 working across 4 continents are starting a new project, and they need to start working on a range of documents. They meet and divide up the work, and then create a new folder in ownCloud, tag it with the title “awesome project,” share it with the group. The first user in Asia starts creating files using Microsoft Office: presentations, Excel spreadsheets, Word documents and more. As the Europeans start working, comments left by the Asian team members identify which files need to be worked on and how. Finally, the North and South Americans come online and read the history for these files in the comments, and then continue the work. With a few dozen files in the folder, each version is tracked, comments explain what has been done, and the files are all available quickly through the ownCloud tag filter in the files view. This is collaboration made easy.
Tags can be attached to files and folders, providing new metadata information about file and folder contents – the tag can be long enough to support a word or short phrase. Tag types include: 1) User Tags – publicly visible to anyone who has access to the file and, depending on settings, are either static or can be assigned, read and changed in the web interface; 2) System Tags – system visible tags that are applied and managed by admins, which may be set as invisible, visible and static, or visible and editable by the end user.
Tags can be assigned by a basic rules engine in the ownCloud admin panel with a feature called auto-tagging. This creates basic rules that can set tags and delete files based on tags. There is an admin page where the rules are set in the GUI, the specific tag types and tag names are defined, and the rules to apply tags are defined. This same admin page allows an admin to determine–based on tags–when to permanently delete a file.
Your IT project doesn’t start with a blank slate. There are storage systems, servers, private cloud management tools, log managers, backup tools, and more already deployed in the enterprise. ownCloud delivers choice. If storage can be mounted on Linux, ownCloud can use it – SAN, NAS, direct attached, virtual, software defined – whatever is needed. Further, with the ownCloud file system abstraction layer, API based storage, such as S3 or Swift compliant gateways are simple to integrate. And on the off chance a different object store interface is required, it can easily be added.
With ownCloud, you can also leverage storage that already exists; FTP, Swift, S3, Dropbox and more. Administrators can decide to store the most sensitive data on-premises and less sensitive data in the cloud while making all of your files available through a single interface and enabling compliance with your chosen security and governance policies.
To be compatible with as many backend storage systems as possible, ownCloud is designed to store all file metadata in the ownCloud database. This includes information like sharing activity, file IDs and more. For extremely large ownCloud instances, it can be more efficient to hand some of the file handling and metadata storage off to backend storage systems that support, for example, versions or file sharing. As the database is often a bottleneck in extremely large systems, offloading these activities and metadata from the database, performance improves, and the same hardware can scale to support even more users – particularly useful for extremely large instances.
The new storage API not only offers better scalability, but it also enables ownCloud to leverage storage that has, until now, been unheard of in file access solutions – such as tape. In this manner, ownCloud can leverage the most cost effective storage possible, while still providing employees, partners and suppliers the frictionless experience they seek in accessing their files.
Files Drop is the write-only upload addition to ownCloud. It is what it sounds like – anonymous users can now drag a file into the upload-only interface and drop it, and the file will be uploaded to ownCloud.
Who would use this? Well, there a quite a few use cases. The most popular is the FTP replacement. Say you have a large log file to upload to the support desk for one of your favorite network devices. The support desk can give you a URL, you drag the file into the browser at that URL, and the support person can immediately see the file and work with the logs. Since the support person does not see the contents of the ownCloud directory, and the upload is managed by ownCloud’s security features like the file firewall, it provides an excellent and fast way to upload large files in a controlled and secure manner.
Branding via ownBrander
ownBrander allows you to easily create a custom branded web frontend, mobile (Android and iOS) and desktop sync client. With ownBrander, you provide your own customized artwork and let the wizard help guide you through the process. Customers can access ownBrander through their customer accounts (customer.owncloud.com).
Download the ownBrander guide to get a better understanding about the use cases and capabilities of ownBrander.
Data Infrastructure Modernization
You work in IT at an organization that has unstructured data spread across multiple data silos such as Windows networks drives, Microsoft SharePoint, FTP servers, object storage (e.g. S3) or public cloud services (e.g. Google Drive, Dropbox or other WebDAV-enabled services). Having previously created policies and set permissions at the user, file, application, storage or cloud level, you want the ability to preserve and reuse those same policies and permission. With ownCloud, you can provide users with a single point of access to all of their unstructured data where permissions, ACLs and compliance requirements are respected and can be met and/or configured at a file, object store or user level. Files stored in data silos are made available within ownCloud securely and benefit from ownCloud’s feature portfolio.
Data Infrastructure Modernization is realized by a common file access layer to bundle information, regardless of where the data lives – in applications, object stores, on-premises storage or in the cloud. Users can access company files on any device, anytime, from anywhere – completely managed, secured and controlled by IT. Data is kept where it is, while IT is able to manage sensitive information and business risk, leveraging existing data management, security, governance tools and processes.
Your employees are working on a project in SharePoint but the team leader is on the road for the next three days and needs access to SharePoint files from her laptop and phone. While SharePoint enables collaboration, it doesn’t offer easy access when on-the-go. With ownCloud, the team leader can access all SharePoint files through the same ownCloud interface used to access files on the Windows network drive, Dropbox or other corporate data silos. Credentials are passed automatically while preserving the Access Control Lists (ACLs) which have been established. Road trip problem solved.
With SharePoint integration, ownCloud users can directly access their SharePoint document libraries. The administrator configures the app in the ownCloud administration page allowing the app to connect to one or more document libraries using SharePoint web services interfaces. ownCloud treats SharePoint as an external storage location, translating ownCloud commands into SharePoint commands and enabling mobile, web and sync client access. Learn more
Windows Network Drive
ownCloud administrators can integrate one, or multiple network drives within a single ownCloud instance. Whether user home directories or departmental share drives, the administrator configures the app in the ownCloud administration interface as well as the requisite credentials. Once configured, ownCloud treats the Windows network drives as external storage locations, allowing users to access, sync and share files stored on the Windows network drive(s) through all their devices.
ownCloud‘s open architecture, mobile libraries and APIs allow IT to rapidly extend core functionality and enhance the solution to meet user needs. Extend ownCloud with custom functionality through REST APIs that expose ownCloud’s user management, file management, file sharing and activity events, allowing you to customize ownCloud as needed.
ownCloud’s sharing API enables third-party apps to set and query files shared within ownCloud. ownCloud also leverages the WebDAV standard for file access, enabling other software to interact with ownCloud and manage files. ownCloud is highly extensible, enabling the addition of new APIs quickly via plug-in applications. ownCloud gives you to the power to integrate apps that customize your deployment.
Encryption & Security
ownCloud is software provided to you, to install in your data center; managed by you, to your policies, following your procedures. Encryption at rest secures your files on the server and still allows sharing among users. The File Firewall ensures all access requests meet rules set by the administrator, and existing infrastructure – such as intrusion detection and log management – can provide added layers of security. With WebDAV, mobile libraries and the ownCloud API as well as several enterprise-only apps, secure file sharing is in your control.
Want to customize your encryption environment to meet your unique needs? While encryption is a critical part of your overall data protection plan, traditionally it has been a “one size fits all” solution with limited to no ability for you to customize. ownCloud’s Encryption 2.0 changes all of that, adding modularity and flexibility into your overall encryption architecture. You have the ability to manage your encryption keys in your key stores, and to customize encryption to meet your specific regulatory and business needs.
Learn more about ownCloud Encryption or about optimizing ownCloud security. Visit the ownCloud Security page to learn more.
With ownCloud, uploaded files are scanned with ClamAV, preventing the potential for automated distribution of infected files. ClamAV works within ownCloud to detect Trojans, viruses, malware and other malicious threats. Files are scanned for virus upon initial upload to the ownCloud server. And, with minor customization, you can expand your antivirus protection with external virus scanners to scan files on your chosen storage server.
Say your corporate policy dictates that only employees of a certain group can access files when traveling internationally and data may only be accessed from remote offices. Moreover, a file tagged ‘confidential’ cannot be accessed from a web browser in China, where your company does not have offices. ownCloud’s sophisticated file access rules engine provides the means to easily implement policies that enhance control and govern access to files. It is the last line of defence for the system and can prevent accidental or malicious, unauthorized access to files, even if a user account is compromised.
File Firewall inspects access requests made on an ownCloud server. It is applied by using tags, as well as other criteria, such as IP address range, device type, file size, subnet, geography, time, group membership and more. If those rules are not met upon every connection, the request is denied. If the rules are met, the connection and – ultimately file transfer or action – is allowed.
Meet retention requirements when you configure rules in the Workflow app which allow you to retain or delete files based on parameters you define. ownCloud enables admins to set document classification rules and then, based on the defined classification, take action to enforce those rules. By leveraging a combination of new system and user tags, admins and users can decide how to classify a document. Further, admins can set policies that determine how long to retain a file based on the classification, and then automatically delete the file at the end of a defined retention period. All file activities are logged and prove compliance with internal or regulatory requirements.
Logging and Auditing
Admins can log account level activities such as logins, file sharing activity, file updates and more – giving admins the information they need for compliance reporting and auditing of ownCloud. Logs may be configured to feed an enterprise log manager or SIEM solution such as Splunk for added security. Not only do you remain in control of your data, but you have the tools to actively follow file sharing activities. Watch the video on how to manage ownCloud logs using Splunk.
Looking to leverage your existing Active Directory, LDAP or openLDAP directory? Have tens of thousands of users in a single flat OU? No problem with ownCloud’s built-in LDAP and AD integration. A user logs into ownCloud with their Active Directory or LDAP credentials and is granted access based on an authentication request handled by the Active Directory or LDAP server. ownCloud does not store these passwords, rather these credentials are used to authenticate the user.
Attributes such as user quota, email, avatar pictures, group memberships and more can also be pulled into ownCloud from a directory with the appropriate queries and filters.
SSO via Shibboleth/SAML
Already have a SAML based identity provider (IdP)? Drop ownCloud into your existing infrastructure and authenticate with your chosen IdP, whether it is on-premises or in the cloud. SAML via Shibboleth allows Single Sign On (SSO) across the organization and the globe, providing you with secure authentication within the ownCloud server, as well as the desktop clients and mobile apps. In addition, ownCloud provides flexible APIs, enabling integration with OAuth, 2-factor mechanisms, custom authentication mechanisms and more.
2-Factor authentication adds another layer of access security. The authentication method confirms a user’s identity utilizing a combination of two independent components. Instead of simply requiring a username/password combination, an additional access token (time-based one-time password/TOTP), which can be obtained via mobile phones for instance, is needed to gain access to ownCloud accounts. This not only improves access security, but also provides administrators with an option for disabling individual tokens. Time-based one-time passwords (TOTP) can be obtained through services like Google Authenticator or an Open-Source implementation of the TOTP standard. The feature may be extended to support additional authentication devices via the PrivacyIDEA ownCloud App
Don’t have a directory? No problem, ownCloud can handle user management for you. View ownCloud users in a single window, sort and search users by user display name, last login, group, or even storage location. New users can be added with a click of a button, sending out an email, while user avatars make it clear who is sharing files and with whom. User management is quick and efficient for admins to add new groups and edit attributes such as group memberships, quota limits, display names and group admin rights.
If you are using ownCloud to manage users, user provisioning can be accomplished within ownCloud via the Provisioning API. This enables the use of existing data center automation tools and scripted deployments, allowing external systems to trigger authenticated user provisioning and reporting activities. This application enables a set of APIs that external systems can use to create, edit, delete and query user attributes, to query, set and remove groups, to set quota and to query total storage used in ownCloud. Group admins can also perform the same functions for groups they manage. Admins may further query for active ownCloud applications, application info and to enable or disable an applications remotely. With the ownCloud Provisioning API, you can save steps and simplify management of ownCloud.
File Ownership Transfer
When a user is removed from the system, this app allows administrators to move files that they owned in ownCloud to another user, and still retain the shares of the files and folders they owned. Note: it does not transfer files and folders shared with the removed user, only the files that they own.
Federated Cloud Sharing
You are collaborating with another research center on sensitive data but they are on the other side of the world. Your organization has very strict usage guidelines around data sharing…and so does your collaborator. With Federated Cloud Sharing from ownCloud, both organizations can maintain their individual control while sharing designated files and folders across time zones and geographies—all while maintaining the access at any time, from any device.
With Federated Cloud Sharing, users on one ownCloud installation can collaborate with users on other ownCloud installations while each server maintains its respective security and governance protocols. Files shared between users are no longer confined to a single shared folder or ownCloud instance; users can access the latest file versions and selectively sync the most critical shared files. And, when sharing with users on other ownCloud instances, their names will appear as an option for sharing if they have been configured as a trusted server. To the end user, it appears as if they are using a single ownCloud instance, even though the users are distributed across multiple ownCloud instances. This also means that mobile and desktop users can take advantage of these sharing capabilities, providing a seamless, frictionless way to collaborate with their files inside and outside the organization.
Full Text Search
ownCloud offers a full text search functionality (based on Elasticsearch), that allows you to find documents and files based on the content within your files, rather than just the file name. This is made possible via the Elasticsearch [https://www.elastic.co/products/elasticsearch], an open-source search engine that indexes files in ownCloud and thus enables very performant searching on content level.
Custom Features enterprise
ownCloud Enterprise Edition offers many great features, however, some customers require certain capabilities that may not be readily available. For those customers the engineers at ownCloud go out of their way to deliver these capabilities by opening consulting projects.