Get the Most Out of GoAnywhere: Secure Mail, Folders, and Gateway

Brooke: Good morning everyone. Thank you for joining us for another webinar in our Get the Most Out of GoAnywhere series. Today we're going be talking about the security benefits of our Secure Mail and Secure Folders modules as well as GoAnywhere Gateway. You might've joined because you're a current GoAnywhere customer and you're interested in trying them out or learning how to use them better or maybe you're completely new to GoAnywhere and just want to learn more about the product. Whatever your reason for joining we're glad you're here and we'll do our best to help you out with the info you need today. So, before I introduce our speaker, a few housekeeping notes. We are recording this event so after the webinar is over, you'll receive an email from us with a link to the recording in case you miss any parts or want to share it with a colleague. The event is scheduled for an hour. If you have any questions throughout the event, please submit your questions through the Q and A window, which is at the bottom right of your screen. And to make sure we don't miss any questions, please send your question to all panelists. We have some team members on the line, and they'll be monitoring for questions and we'll also try to answer some questions live at the end of the event pending time. And lastly at the end of the webinar you'll see a quick survey pop up. Please do fill that out. It helps us understand how we did and what was most helpful to you today. And if you need any follow up from our team please be sure to mention that in the comments. Alright. So I'll introduce today's presenter now.

About the Presenter

Presenting the content today is Chris Bradley. Chris is the Lead Technical Writer for the GoAnywhere team which means he knows the product inside and out and will be a great guide for you today. So, with that Chris I will let you take it from here.

Chris: Alright, good morning. Can you hear me okay?

Brooke: I can hear you just fine.

Chris: Perfect. Like Brooke said my name is Christopher Bradley. I'm the Lead Technical Writer for HelpSystems, and I have been involved with the development team, training and technical writing for GoAnywhere Suite of Managed File Transfer products for over four years. In today's webinar I'm going to talk about a few common ad hoc File Transfer security challenges that companies encounter with their employees and how two of GoAnywhere MFT's File Transfer solutions address those challenges. Then I have a few live demonstrations prepared to run through a few use cases at a high level to show how to implement these solutions in your organization. Then I will briefly mention our GoAnywhere Gateway reverse proxy and how it further helps the security of your environment and if there's time left at the end, I'll open it up for question and answer.

Common File Security Challenges

Common Email Challenges

So, what are some common file sharing email challenges that people have? So, email is probably the most ubiquitous file sharing platform in the world. Everybody has email but it's somewhat of a limited way to share files. Email is very old, and it was built around the premise of sending alphanumeric characters over the web. File transfers was something that was added on to email much later in its life and email's just not really made to handle big large file transfers.

So in your organization your probably have tons of file size or file type limitations that you're not going to let your users send and receive for email to protect your network. If you need to have reliable read receipts, if you have like service level agreements that you need to send files to people, and the timing of the files are critical, email doesn't have really great reliable read receipts. You can't really confirm when critical files are received when you're using email. And if you're sending and receiving messages and you send out a message that has data that you didn't want to get out to the, outside of the network, you can't recall that message once it's made it to the recipient. There's really, once a message is sent there's no calling it back and bringing it back. If you have sensitive files you need to email to trading partner, there's not a lot of way to ensure that it's going to be encrypted and secure end-to-end when you're using email.

Common Challenges to Ad Hoc File Transfers

With other ad hoc file transfers, when you're trying to transfer files between diverse architecture that requires third party tools a lot of your users are limited. They can't send something over 10 meg over email and so they're going to look for a Cloud solution like Dropbox or FileZilla. If they're going to find FTP they're going to find all these different third party tools that they're installing inside of your network to send files that you don't know about. Sometimes if you're working with Amazon or Azure Cloud Connectors, say like an Amazon S3 bucket or Azure Cloud, your users are sharing credentials amongst themselves.

So they might have a single account that they set up in Amazon IM and they're creating config files and they're using third party tools like Cloudberry to share those config files and sending those connections to other people in their team and so there's no central administration. You have no idea which users now are uploading and downloading files and you have no access control over that. So, once you've created say, an Amazon account, and you've set out the configuration and like say the secret key or the access key to that S3 bucket and somebody shares that with somebody else, and they all have complete access to that folder, there's no access control. People are downloading and sharing files. And if you're using a mixed network, if you've got FTP and you've got Azure, where's all the activity for all of those file transfers being logged? Is it across a bunch of different systems? And how easy is it to identify when these files are accessed or modified? And if people are sharing files through email or FTP or through an Azure connection, how do we know that those files are encrypted and protected properly so that they're only accessed by the right people?

What is GoAnywhere MFT?

So what is GoAnywhere MFT? If you're an existing customer and already have GoAnywhere for Managed File Transfer, hold tight for just a moment so I can quickly go over what Managed File Transfer is and how it works for your enterprise.

At its core, GoAnywhere streamlines the exchange of data between your systems, employees, customers and trading partners. So how does it do that? Well it starts at Workflow Automation and it replaces your legacy scripts, your legacy scripting with project Workflows that handle the file encryption, compression and data translation of your files. So for example, you could replace your shadow or back script with a project in GoAnywhere, that connects to an SFTP server, downloads and encrypted CSV file, decrypts the data, moves it to a database and then archives the CSV file in the new location. Now it does all of this through an intuitive drag and drop user interface without any coding involved. For this workflow automation you can run these drops on a scheduled basis. So you can set up and run these drops in advance or even create things called Folder Monitors which will look for new files in different FTP locations and automatically kick off a workflow to process those files.

GoAnywhere MFT can be installed on nearly every platform: Windows, Linux, IBM i, Unix, Macs. And it provides file services like SFTP, FTP, FTPS, FTP, AS2 and HTTPS and it can work with all sorts of file services like SMB, email, WebDAV. It can connect to Cloud computing, so it can connect to Amazon, Azure and web services through SOAP and REST connections and it can connect to and work with almost every database. So, SQL server, MySQL, DB2, Oracle, you name it. It can also be integrated with your existing applications. So, if you have applications that you want to integrate your automation with, GoAnywhere can work through, with scripts and programs and commands and it can also integrate with other applications like MQ and SNMP or iCat. So it can do all of this without installing any software on any third party PCs. All of the software's built in to GoAnywhere to make all of these connections and do all of this Managed File Transfer.

And we also have Agents. Agents are a small piece of software that can be installed on any system throughout the enterprise, including Cloud, and they can be managed by a special deployment of GoAnywhere MFT. So you can configure and schedule Agent file transfers from businesses processes all over your network. So, these Agents run outside of the network and when they find files or information and data that needs to be processed they can call up to GoAnywhere for instruction and GoAnywhere will send the instructions back to the Agents where the Agents can process those files and move those files across any of the applications or databases or file services that the Agents have access to.

The administrator interface can be accessed from any modern browser and system alerts are built into the system that will immediately notify you of any issues that occur on the system. And these can be integrated to a syslog server. So if there's any kind of failure in any GoAnywhere that's causing file transfers not to work, an administrator user can be notified and then an alert can be sent over to syslog server. So, if it's like 3 a.m. your IT department can be notified, and you can be alerted and you can figure out what the issue is there.

And then every event that occurs throughout the system for all the different file sharing and data movement in your enterprise is recorded to a log and this is reporting module can contain 24 different predefined system reports as well as tools to create your own reports. So, we have audit logs which monitor all the file transfer services and files coming in and out on the Web User actions that are gonna happen in GoAnywhere and then we have a separate reporting module with the 24 predefined system reports and the reporting tool to create your own reports.

So while all of this can happen in GoAnywhere, I'm going to be focusing on just two of our ad hoc modules. The Secure Mail module and Secure Folders.

How Secure Mail Addresses Email Security

So what is Secure Mail and how is it going to help with our email issue? I've got a quick little diagram to step through. So, when an employee uses Secure Mail to send a file to a recipient, when that email is sent it's actually sent to the GoAnywhere MFT server. The package or the file upload is going to be stored on GoAnywhere MFT, and it's going to be ADS 256 bit encrypted and an email notification is going to go to the recipient with a link to download the files. So that email notification can have a password. So they'll get the link and the password and when they select a link they're going to download that file directly from GoAnywhere MFT, securely over an HTTPS connection and the file's going to be un-encrypted and then sent to the recipient for them to do.

So, Secure Mail can be sent from within a user’s web browser, or we have a Microsoft Outlook plugin. Users can log into the web client with their LDAP, Active Directory, and we have SAML single sign-on. So, if your users need to connect out to the web client, they don't need to bring new credentials. They can use the credentials they're already using to login to the network. So, we want to make this very easy for them. The easier the secure mail is the easier it is for your users to adopt it and stop using their other file sharing methods and move to Secure Mail. URL links are sent to the recipient and that includes randomly generated UUID. So it's a random string of characters for a link to that package. And then the passwords are used to open the message and those passwords can also be sent in an external separate email message. Now, because the file is encrypted automatically on the server and is sent or downloaded through a secure HTTPS connection, the senders and recipients between the files don't need to worry about any keys or certificates and the user, who's going to send the file, doesn't have to worry about setting up encryptions for the file because everything happens automatically. And there's no file size limitations or file type restrictions and the only caveat I see to this is unless you want there to be. So, while GoAnywhere is designed to allow you to upload a file size with any limitation and any file extension, an administrator can limit those on the network if there's some file sizes that you just don't want users to upload into your network or if there's a certain file type that you just don't feel comfortable to ever come across your network, you can set up those limitations.

And with Secure Mail, multiple files can be attached to a single passage. So it's not just one email, one file, you can upload hundreds of files in a single package and then send that link to all the links to the user so they can download the files one at a time as a ZIP file. And then of course a sender can recall packages. So, since we're only going to be sending a link to the user, and the files are stored in GoAnywhere, we can go into the Web Client and we can shut off that link and make it so that the package cannot be accessed anymore. So, if a file does get outside of the organization and you need to recall it, we can go look at that, like ensure that no files have been downloaded and if not we can go ahead and recall that package.

Secure Mail Live Demonstration

So let's jump into a live demo of Secure Mail. Alright, so I've got the Web Client open. Users can login with the unique credentials store in GoAnywhere. Or like I said before GoAnywhere can sync user accounts from Active Directory or LDAB servers, so users don't need a second set of credentials to remember. GoAnywhere also has SAML single sign on, so if the user is already authenticated through an internal website or an internal portal, the Web Client will log them directly into the Web Client. And what I didn't mention before is we also have radio secure ID for two factor authentication into the Web Client. So if your users are already using secure tokens or key fobs, they can use them to log into the Web Client as well.

And then the Web Client branding can be updated to suit your company needs. So, if you want to update the logo with your company or change the disclaimer to something about your security policy you can do that as well. I'm going to login with the user account that I've created. Okay. So I've given this Web User access to only two other ad hoc software sharing features. There are more features that were discussed in the other webinars so, later on in the webinar Brooke is going to talk about some of the other webinars that we have done in the past, and so you can learn all about even more of the ad hoc features that are available. I'm going to go into the Secure Mail module.

So, Secure Mail is just like an inbox. Anything that you have in email is going to be immediately familiar to you with Secure Mail. So, it does have an inbox and I'll explain that in just a second. You can compose a Secure Mail message. And you have an ability to request files. So if you've been in an organization where you regularly need to get files from outside of your organization, you can use the Request Files Feature to send a link to a user where they can upload files to you and then those go to the inbox. We have a draft so if you're composing messages you can save them for later. And then you can create some Secure Mail templates. If you've got a regular user that you've got kind of like a form letter that you need to send to regular users you can create templates so you can re-use that over and over again. An outbox for securing a message, messages that are being ready to send and then sent items where you can see all of the Secure Mail messages that we sent.

And then there's also an address book. So, if you've got contacts or groups of contacts that you want to regularly send Secure Mail messages to you can use the address book. So I'm gonna compose a quick message. I'm gonna send this to myself. Now to upload files, I can drag and drop the files directly from my desktop or I can browse to attach files. I'm just gonna go into my desktop. I'm gonna grab a file, and it's gonna upload the file to the server. And then when I click Send, it's gonna give me options. How do I want to protect this package? So, right now it's gonna default to the UUID. So it's going to send just a unique URL to the user to access the package but I can also password protect the package. And I can let the system generate a new password automatically or I can specify one and then if I want I can include that password in an email or I can have it, I can not include the password in the email and then I can give that user the password in a different format. Maybe I can call and tell them what the password is. So, or another method. I can limit downloads. So if I only want this user to download the file 10 times or if I only want them to download two times or one time, I can specify how many times they download and then after that download has been, the max has been reached, they can't access the package anymore. And then I can allow them to reply. So they can reply to the message and then they can upload files to me and message reply. So I sent the message. And what the users going to get, the recipient, I'm gonna grab, there we go.

So the recipient’s going to get a Secure Mail message that's going to look like this. The some of the files have been sent from you to me in our example. Its password protected packaged. So I can grab this password. I can click here to download the file and then it lists the file. So someone sent me the automation server requirements. So I can click to download the file. It's going to take me to the GoAnywhere Web Client where I can specify the password. And then now that I come in here I can read the message. Please download the requested file. The message I specified in the portal. And then I can download the files directly here. Now as I download the files on the package there was nine and as I download the files it's actually ticking down to show that I can only download this so many times. Can also reply to the sender. And then if the sender allowed it I can add an attachment and I can, I can give them attachment that's going to be sent back to their inbox. The package is being sent. So, with that Secure Mail message being sent and the user accessed it, I can go into the Sent Items folder and then I can look and see, I can select one of the messages and I can see the activities of this message and if I find the message that I sent, by reading the activity I can see the maximum amount of downloads and then I can look at the activity of those Secure Mail packages and see is this package at least on this one, there was two total, no downloads yet, but I can see all the activity that happened on the Web Client. So the attachment was successful. The package was created successful. They went out to the user. So if I grab one, let's see.

So this one's still waiting. Now, if I sent the wrong information, if I sent the wrong PDF or I need to recall a package I can look at this and see this is zero downloads, 10 remain. There's no, hasn't been any activity. The files haven't been downloaded which is great. So I can come into the Secure Mail sent items and I can revoke this package. I don't want this package to go out to the user any longer. So I revoke the package. And now the next time a user tries to select that link, they're gonna get an error message telling them that the package is no longer available. So I've pulled that message back and the user won't be able to see it anymore. If we sent a file request, so we use the file request feature, the user's gonna get a message very similar to the other Secure Mail message asking you to upload your file. So they're gonna be provided a link to upload the files and so please use link to upload the files. They can grab a new file, send that file, and then in my Secure Mail inbox, any packages that they send me are gonna appear in the Secure Mail inbox and then I can download the files that they also provided to me. So there's kind of two way communication. So you can securely send messages and large files to your users and your users or recipients, they can send those messages back to you. Okay. If you want to use the Microsoft Outlook plugin, with the Secure Mail module this is included and this includes, this provides you toolbars to send Secure Mail messages directly from Outlook. And so, with this installed, you get a new toolbar for Secure Mail messages. And so you can add a recipient. And a message. And then you can attach files through Secure Mail.

So I'll grab a copy of my updates here. I can attach a file and create a message and when this is sent through Secure Mail, this attachment is stripped out of Outlook, it's sent to the server over HTTPS and then it's ADS 256 bit encrypted on the server and then it'll follow the same process that you just saw. The user's gonna get a new message saying you have a package available and then you can download that. And the user really never needs to even leave Outlook if they're using Outlook Toolbar to go and send these Secure Mail messages. It's very convenient. So, one thing about this toolbar is that it uses curve Rost single file and a curve Rost authentication and it has a silent installer. So if you wanna roll this out to your entire organization, it can use your Windows credentials, the users Windows credentials to send those packages and enable this toolbar. Okay. So,that's how the end user is gonna use Secure Mail but let's look at some of the things that an administrator can do from the administration side of GoAnywhere. So, like I mentioned before the administrator is also HTML5 browser based. So, you don't have to VPN and work on the server locally. You can access it from any web browser that can access the server. And my login credentials are tied to my Active Directory account. And I can login to the portal where you see I've got a dashboard that shows me things that are going on with my system, first I want to look at some of those logs. So we have some audit logs and we have all the service logs for the activity that's happening on the system and then I have my HTTPS log or you can see that all the events, all the files and the downloads and reading of the package is recorded to two logs and I can look at the log details to get more information about those events like where that package and where that file is being stored on the local server before it's being downloaded. And as an administrator there might be times where an end user sends something and I wanna pull that file back.

I can go into the service Secure Mail Package Manager and as an administrator I can see all the packages that are available to be downloaded and currently on my system. And I can see which ones are active and which ones are revoked and I can go and look at these. I can look at this package and I can see any activity on this package and I can see the file that is being shared. And if I wanna revoke that package as an administrator, I can go and just delete the package, confirm the delete and then the package is deleted and revoked and the user can no longer access those files. So the last feature I wanna talk about with Secure Mail is the integration with AntiVirus and data loss prevention servers using the industry standard iCat protocol. So this integration ensures that any integration sent from Secure Mail can be scanned from an iCat or DLP server that you provide. So you saw on the log that every event that happens on the system is captured to a log. With GoAnywhere we can also create what is called a trigger and that launches for these events and it invokes an action when that event occurs. And so if you want to set up a trigger you would go to the Workflow menu and choose Triggers. And this, on our demo server there's already a bunch of actions. I think there's 30 different types of events that you can monitor for and invoke a project workflow. And one of those events is called Before Secure Mail Send.

So, when somebody sends a Secure Mail, when they click that send button, if one of these triggers is enabled and you're watching for that event, that trigger's gonna be invoked and so I have one here called Scan Secure Mail. And so when the scan, before say send Secure Mail trigger send, it's gonna invoke this trigger and you can put conditions by it. So, any Secure Mail is gonna be sent but we can go ahead and add, what limitations or how do we wanna scan the data or the configuration of those emails before they go out the door? Now this one, if you've been on our other webinars with Dan Freeman, this condition is gonna look for an event with Dan Freeman's email and it's going to kick off that DLP or that iCat tasks. So, the condition here, Dan Freeman, he's the only person that this is going to affect. So any of email that Dan Freeman is going to send through Secure Mail, we're gonna send it to a DLP server and just make sure that Dan isn't trying to get any data outside of the network. We can also change it to not equals Dan Freeman. So if we were to change it over to not equals Dan Freeman, then Dan Freeman would be the only employee who could send a Secure Mail message outside of the network without it being scanned. So he may be, he might be in a different role where he's allowed to send, a file that's got sensitive information in it whereas other, everyone else would not be allowed to do that automatically. And so when this trigger kicks off, that's gonna invoke an action and it's gonna call a Project Workflow, and Dan's got his Project Workflow to set up and it's going to read the package contents, it's gonna read the files and the data that's on the server, it's gonna send it to the DLP server, or the AntiVirus server and it's gonna check to make sure there's no sensitive information, that there's no viruses on that Secure Mail message and if there is it's gonna use the primers of the project to stop the message from being sent and then it can do kinda whatever you need it to do. So if you wanna archive that file, if you want to send email alerts to administrators letting them know that Dan Freeman has once again tried to send out some unsecured data or tried to send out a virus, you can send a message directly to Dan letting them know that the policies doesn't allow those kinds of files to be sent outside the network. It's really, the skies the limit on how you want your project to work. We covered a lot of that in the previous getting the most of GoAnywhere Workflow's webinar.

So, if you want to learn more about Project Workflows and how they can be integrated into Secure Mail and BLP or AntiVirus scanning, I would definitely recommend you watch that previous webinar. And that is the end of the webinar I have for, no, not the webinar, the content that I have for Secure Mail. I want to jump in and start talking about Secure Folders now. Jump back into the presentation. Okay.

How Secure Folders Provides Secure File Sharing

So what are Secure Folders? Well they provide users HTTPS or Web Client access to a variety of network locations such as the GoAnywhere MFT Agents that can be installed outside of your network and in the Cloud. Any Amazon S3 buckets, Azure Blob and then file sharing networks like FTP, FTPS or SFTP. They also provide access to Network Shares. So if you have network shares on your own network that you want to provide Web Client access directly to, that'll work and then they also work with WebDAV servers. So you can think of this as kind of like a single pane of glass view to give users access to all these different locations from a single place with only one set of credentials for them to remember. So rather than users having FileZilla installed on their desktops to try to manage any SFTP or FTP file transfers, and then maybe like an Amazon S3 connector or an Azure Blob connector, all the users are gonna go into the Web Client where they see all of these folders and file locations from a single place. So they don't have to install any third party software and you don't have to manage any third party software, and they don't have to, they won't ever see the credentials.

To access these directly, they're gonna use their own LDAP or Active Directory credentials to login to the system. So how we set this up is the settings to a secure folder location are created as resource in GoAnywhere and once that resource is created it can be set in a Web User profile to be accessed by the user. And we also have templates and group management, so all users who access the systems can be pre-configured to use the appropriate Secure Folders. So, for example if you have a marketing team that needs to move all of their images up to an Amazon S3 bucket to make available to the web server, you can create one resource in GoAnywhere and apply that resource to a group and then any member of that group will have access to that Amazon S3 buckets from the Web Client. And then of course all the actions taken in Secure Folders are gonna be written to a central log so that you can see all the activity that happens inside of a Secure Folder. And I have quick diagrams, a step through of what happens if you have a Web User profile tied to LDAP or Active Directory and how it works. So the first thing is an administrator, you're gonna get the credentials to these Network Shares and these SMB shares or Amazon S3 and the different file locations that you want the user to access from the Web Client. You'll create these as resources and then in the Web User profile, you'll assign this Web User virtual holder locations to these shares. You can also control the granular permissions that a Web User will have on each of these. So, if you need a Web User who only has say a read and download permission from Amazon S3, you can set that up in their profile, whereas on the Azure Cloud they might need to have all the permits so that they can upload files, delete files and make file changes on Azure Cloud. So this user is authenticated or synchronized with an LDAP or Active Directory server, so that if the user ever leaves the company or moves on to another part of the company, that synchronization will automatically turn off any Network Shares for the groups that they no longer belong to.

So the user is gonna connect to the Web Client. GoAnywhere MFT is gonna check their Active Directory account and if it's still enabled, it's gonna look at the Web User profile and then it's gonna give them access to one of those shares and of course everything that the user's gonna do is gonna be logged to an event. So let me jump into, back into GoAnywhere and show how this can work. So I mentioned resources.

Secure Folders Live Demonstration

I'm gonna go to the resources and these are all of these resource types that GoAnywhere can connect to for my cloud transfer and data automation on the enterprise. So, the Network Share, what we've done is we've provided all the configuration features you need to do to make connections to these different sources. So, we looked at the different types of Network Shares and we've set up everything that you need just to set up a Network Share with the native path to that Network Share or any SMB version one or all SMB versions up to 3.11. Now in order to get the all versions of SMB you need to be on GoAnywhere MFT 5.6.2. So if you're on an older version and you want to use this now's the time to upgrade 'cause that's available only in 5.6.2 and later. So if I look at a Network Share, if I look at a Network Share that's already configured, we also have a test button. So, I can test this resource and it's actually, GoAnywhere's gonna go out to that resource. It's gonna make the connection and it's gonna give a list of a few contents to show me that the resource test was successful and this is great for network administrators.

So when they're trying to, when they're getting those FTP or I don't know, setting up those Amazon S3 buckets, setting up the configurations for them they can test them right here and ensure that they work before they ever roll them out to the users. So let's look at another one, an FTP server. So these are all the FTP servers that I have access to. I have one called Our Trading Partner FTP. All of the settings have already been defined and saved one time and I can test this one and I can see there's a lot of content held on this FTP server. I can look at Azure Blob storage. And so for Azure Blob storage you need your account name, you need your account key, a container. You just plug those settings in and test and make sure that the connection works. That one looks good and then an Amazon S3 bucket, I'm gonna Amazon demo here. I've got an access key ID and my secret key ID which I've already plugged in and it's secret so you can't see it in my Amazon S3 bucket and I can test this. And I can verify that this is correct. So with these resources put, stored in GoAnywhere at one time I can use them over and over and over again for different users. So we look at user management now and see all the Web Users that can connect to my server, I can look for my K. Harris account. I can do type ahead so I can scan through all the users I have so select the account. And on their account this is where you configure all of the features and groups information's that a Web User needs to access the Web Client. So this user only has the HTTPS server, Secure Folders and Send Secure Mail. So that's the only features they can see on the Web Client but this is where I can also give them access to other features on the GoAnywhere server and most importantly is the Folders feature. And this is where you can set up those virtual folder locations. So, every new Web User that GoAnywhere creates is gonna have a default home directory for that user. This is just a file that's going, or a folder location that's gonna be on the GoAnywhere server that GoAnywhere can manage. Or the user can upload files directly to the GoAnywhere server. You can add locations. And you specify an alias. So this is just what is the name of this location that the Web User is going to see when they login to the Web Client. And then the path, you can use locations that's on the GoAnywhere server or you can use those resource links that we just set up over here in the resources menu. So, I can look at this Amazon S3, and I can go into the Amazon server. I can select inside and I can maybe say this user only has access to this folder inside of the Amazon connection. And then also on the screen is where I can specify what permissions this user has to go and look at files. So do I want them to only have lists and download? I don't want them to be able to upload or make any other changes to files. Or I can give them full permissions to this folder as well. I have all the connections set up already for Amazon S3, Azure Blob, the FTP and then two other folder locations that are on the network.

So the other thing I wanna mention again is that, for Web User management, if you have groups or teams of users who need to have access to the same file share on the network or through the Cloud, you can set up templates so that when these users are automatically created, they'll have access to do the folders locations based on the template or you can set up groups that allow users where you can specify those folder locations and then any member of that group will automatically have access to the folder location that you set up. So let's go into the Web Client, and look at our dashboard and it logged me out. Timed me out. I should've just assumed that was gonna happen. And I'll look at Secure Folders and heres, this is gonna be that single pane of glass that I talked about. It goes out and looks at all of the connection settings and authenticated me as a user and it gave me all the folder locations on the network. So if I need to grab files from Amazon S3 I can go into that location. And then here's all of my Amazon S3 files that I can download directly from the portal. So I don't need any kind of Cloud connector on my desktop. I don't need like a Cloud theory or an Amazon S3 software. I can log right into the Web Client and get my files and I can upload files.

So I want to grab a file and upload some file, it'll go directly to that Amazon S3 folder. Now as a user, I only needed to know my network credentials. I didn't need to know the secret key, I didn't need to know the bucket name, I really didn't need to know anything about how to administrate this. I've left it all for the administrators to handle for me. I can just go into the Web Client and access all the locations at once. So I can look at it and see what's in the Azure Blob storage. There's a lot of files in there I can download. FTP connections. I don't need to have FileZilla running so that I can make an FTP connection. I can do this all from one place and then the inbound and outbound folders, and these are just the locations on that GoAnywhere server. So,again everything that happens through the Web Client and the HTTPS connections is going to be recorded to the logs so that you can see all of the files that are going in and out, and all the uploads and downloads that are happening with your users on your network and you can drill that into those events and see, I just uploaded this static putty key to my Amazon account. So as an administrator you can see all the activity that's happening. And if Kathy or this K. Harris user wants to move on to another company, I can just come to her account and I can disable it. Whoops. It's K. Harris. I can just disable this account right from the administrator and it's no longer in use.

Now, the last thing I wanna explain on Secure Folders, is encrypted folders on the network. So, with Secure Folders if Amazon or Azure has like server side encryption, we of course can work with all of that but if you've got networks, or locations on the network that you don't want anybody to access except single Web client, if say you've got a file share on a network and you've got some sensitive data and you only, and you can try to lock that folder down but if you have maybe somebody with elevated privileges or somebody breaks into the system and gets access to that folder, any of those, that content is not encrypted. And so you can like work with your users and try to set up like encryption methods or manual ways to encrypt those files, but GoAnywhere uses a function called Encrypted Folders that will automatically encrypt content that gets uploaded to the folders on the GoAnywhere system. And so that is through the Encryption menu and we have Encrypted Folders. And we have a really easy to use wizard that'll step in the process to identify a folder and it'll automatically add ADS 256 bit encryption to any files that are added to that folder through GoAnywhere. So once you would finish through this wizard and create your encrypted folder location, then you can set that up on a Web User profile. You can set up that folder location in a web user profile and then any file that they, the user uploads to that location, it's automatically going to be encrypted end to end. And a last thing about Secure Folders, another really neat functionality is that Secure Folders can use Secure Mail to send files directly from Secure Folders. So, if I have this file here on Amazon S3 and I want to share this over, this GoAnywhere text file to a user, I can actually Send To, and it's gonna invoke a Secure Mail message so that the user's gonna get a download link and it's gonna be on, the recipient will be able to download a file that's now stored on GoAnywhere that originated in one of those Secure Folders.

So, if you've got a situation where kind of a use case scenario, where you've got files stored on Amazon S3, that a support team needs to get to a customer, instead of having the support team have to go to three and download to their local desktop and then try to move that on to the customer if the file's too big, they can do that directly through the Web Client using Secure Folders and Secure Mail. Okay. So that is it on the demonstration on Secure Folders.

GoAnywhere Gateway (Reverse Proxy)

So I'm gonna jump back into the presentation. And I want to talk about Gateway at kind of a high level. It's one more file sharing security measure that I want to mention. In the environment that I've been using for this webinar, the connection to the Web Client on the GoAnywhere MFT has been connected by a reverse proxy called GoAnywhere Gateway. So GoAnywhere Gateway is both an enhanced reverse proxy and forward proxy that provides an additional layer of security when exchanging data with your trading partners.

So with GoAnywhere Gateway, you can keep your file sharing services like Secure Mail and Secure Folders and HTTPS Web Client and any documents in your network can be safely stored in the private internal network. So no sensitive data needs to be stored inside of your DMZ. And this reverse proxy feature allows GoAnywhere Gateway to keep inbound ports closed from your private network. So it's going to hide the locations and identity of your internal systems, it's going to support the FTP, FTPS, SFTP, STP, HTTP, HTTPS and it's two file transfer protocols and it has a built in load balancer between to distribute workloads across multiple systems. So GoAnywhere can actually work in clustered environments, so if one GoAnywhere system happens to go down the other system will continue running. Two last things to mention about the GoAnywhere Gateway is there's no special hardware components required. It's a software only solution and it installs on Windows, Linux, AIX, Unix and the Solaris operating systems.

Okay. That is the end of my presentation. So, I'm going open it up for Q and A. I'm looking at my Q and A window and I don't see too many questions in here. So, Brooke if you want to go ahead and talk about what's gonna be happening for GoAnywhere and webinars and I will keep an eye on my Q and A window.

Brooke: Sure thing and I think a lot of good questions have come in and already been answered.

Chris: Okay.

Brooke: If you do still have a question for Chris feel free to stick that in the Q and A window at the bottom of your screen. So, we do have a couple minutes and Chris can definitely get to that. But yes. So in terms of other webinars that we've hosted and talked about additional add on functionalities for GoAnywhere, we've talked about advance workflows, GoAnywhere agents, our PCI DSS Security Setting Audit Report. Our secure forms module as well as Azure and Amazon Web Services. All of these webinars are available on demand on our website and you can actually go to that URL right in the top left of your screen and just type that in. It'll take you to our website and you can watch the recordings and also download the slides. And after this webinar is complete we'll add this one as well. So that's a great place to go to re-watch it if you want or download the slides and we'll also send out a link to the recording afterwards as well. So I encourage you to check that out.