How to securely web enable access to CIFS / SMB File Shares

One of the predominant use cases that many companies have is to enable file access to SMB file shares that live behind the corporate firewall , or indeed  are hosted on IaaS infrastructures (such as Amazon FSX or Azure Files), without the need for a VPN and without reconfiguring permissions whilst using Active Directory or LDAP for authentication and also ensuring that data is secure and compliance legislation is satisfied.

This has of course become even more of a requisite during the recent Covid-19 pandemic in which there is a pressing need to enabled. such access for remote workers.

Global storage Metamodel

Accessing files over CIFS/SMB network over VPN using a mobile network is possible but access can be patchy, clients apps limited and it is often extremely slow.

The File Fabric enables this using its built in CIFS / SMB connector. This blog post will step through how to web enable SMB file shares.

In our example we have the following Windows File Share that we wish to make available:

remote smb acces

We have installed a branded Enterprise File Fabric instance that resides behind the users firewall onsite with access to the same subnet as the windows share.

First we will login to the Appliance.

SME Login

Next, as we have not yet added a storage provider we will are asked to select a storage system to use, we will choose CIFS:

CIFS Cloud File Server

This will invoke the CIFS wizard:

Windows file shares cloud

Once we fill in the relevant authentication details for the CIFS share the File Fabric will connect and ‘smart index’ the file metadata (no files are copied or replicated), and build its storage meta-model.

CIFS Cloud File Sharing

Once this is complete the SMB file shares can be access via the File Fabric’s Web File Manager.

SMB Web Access

The File Fabric can be given a public URL for external access to internal SMB file shares in which users authenticate using existing Active Directory or LDAP credentials and in which password lockout policies and GEO / IP restrictions can be applied for enhanced security.

Bring Your Own Device (BYOD) is also supported with full restrictive control over all users and client access:


Also the Windows Shares are available from the variety of mobile and desktop Apps that the File Fabric supports. Below is an Android App example.

Android SMB

Such shares can also be accessed through the File Fabric’s desktop cloud drive which appears to the end user as a network share or as a ‘home drive’ similar to what they are used to using from the office.

Also note that locking is supported when using the SMB Share in this way.

Additionally note that if we wished to we could also have setup the File Fabric for multi-factor authentication to add another layer of security:

SMB Two factor

SMB multi-factor authentication

Any interactions with the resultant files are audited and the event logs are available for compliance officers or to be used for subject access requests. Additionally if the File Fabric’s Content Discovery module has been configured the File Fabric will check the contents of files that exist,  and any that are uploaded, to ensure they do not contain PHI or PII data. If they do it can quarantine the file for further inspection.

It is also important to note that the File Fabric’s access is totally proprietary and bi-modal ie. access can still be direct with no usage of the File Fabric. Any new files will just be picked up next time the user logs in. If you are talking with another vendor we recommend you ask whether the data is encrypted in any way and access can only be via their product. If it is, you are completely locked in and your data is completely locked into their product.

In summary we have stepped through how to add and configure a CIFS / SMB File Fabric connector to enable SMB file shares to be easily exposed and accesses using the Enterprise File Fabric.

Next Steps:

Take a trial of our enterprise product and test out remote access to your own company shares.

Watch a video demo of remote access to SMB shares.

Facebooktwitterredditpinterestlinkedinmailby feather
The following two tabs change content below.
The Leading Enterprise File Fabric