Drooms Client Installation & Configuration Requirements · DROOMS IT REQUIREMENTS More on data...
Transcript of Drooms Client Installation & Configuration Requirements · DROOMS IT REQUIREMENTS More on data...
DROOMS IT REQUIREMENTS More on data management on www.drooms.com
Drooms was developed solely for the secure exchange of sensitive documents within an organisation, as well as with external parties.
Why Use a Virtual Data Room? The ability to exchange documents confidentially and securely is a top priority in many transactions as the consequences of leaked information can be severe, causing share prices and valuations to skyrocket or collapse. Unfortunately, with the proliferation of mobile technology, such events have become increasingly common. The Drooms virtual data room (VDR) can help prevent the loss of sensitive company information by: Holding confidential documents in a secure document repository Providing a sophisticated rights management system to control user access
to data Displaying documents via the secure Drooms client Recording and providing detailed reports on all activities in the VDR for
monitoring, auditing, and compliance purposes
This user guide provides detailed information about the Drooms client to help ensure the smooth and secure operation of your virtual data room.
Drooms Client Installation & Configuration Requirements
2 / 19
Installation and Configuration Requirements WWW.DROOMS.COM
Table of Contents
The Virtual Data Room ............................................................................. 3
Functionality, software delivery, requirements
Drooms Data Centres .............................................................................. 4
Server architecture and location
Software Delivery ...................................................................................... 6
Registration, download, set-up, updates, and uninstalling
Network.................................................................................................... 10
Network requirements, SFTP, proxy, and certificates
Security..................................................................................................... 13
User identification and journaling, content access, encryption, physical security, operation, software quality, location, and compliance
System Requirements ............................................................................ 16
Supported file formats, recommended system requirements
Glossary ................................................................................................... 17
Technical support Due to the large number of available solutions, Drooms cannot offer detailed support in regards to individual network requirements. Upon request, our support team can still answer questions and provide support to our clients’ system administrators. Please contact us with any questions. [email protected]
3 / 19
Installation and Configuration Requirements WWW.DROOMS.COM
Common file types are converted into the Drooms document format
and can be displayed directly in Drooms. All other files also can be uploaded and may be downloaded
by authorised users.
More information about software delivery options can be
found on page 6.
An overview of our network requirements can be found from
page 10 onwards. General system requirements are found on page 16.
The Virtual Data Room Functionality of the Drooms Client Drooms is an online platform on which highly confidential documents are uploaded into a controlled document repository. DOCUMENTS & FILES Files can be added and removed at any time All changes are logged into an electronic protocol Drooms supports a large number of different file types (e.g., scanned
documents, pictures, PDF or MS Office files)1
USERS & ACCESS RIGHTS Only authorised users have access to documents. The access rights are
controlled via user permissions. Printing and downloading documents can be enabled for individual
documents and user groups2 The uncontrolled distribution of documents is prevented Documents are not saved into the local cache, all documents are kept in local
memory No copy & paste of content Watermarks appear on all displayed and printed documents3
1 All supported file types are listed on page 16. 2 By default, printing and downloading documents is disabled. 3 Watermarks can be changed or disabled.
Software Delivery End users have the option of choosing how they would like to receive the Drooms user client. Delivery options vary based on user hardware (PC/Mac) and company software delivery policies. The End User Delivery option allows end users to download and install Drooms directly. The Administrator Delivery option requires a system administrator to deliver the software to multiple users at once (available only for PC). System Requirements To ensure the smooth download and operation of the Drooms client and software, please see pages 10–16 for an overview of our network and system requirements.
4 / 19
Installation and Configuration Requirements WWW.DROOMS.COM
Drooms offers the choice between two server locations:
Frankfurt (GER) and Zurich (CH).
Drooms Data Centres Server Architecture Our system is based on physically secure, mirrored servers with a multi-tiered system architecture. It includes a firewall, multiple activity reporting features, and special applications for accessing data input and output via highly secured internet connections. The multi-tiered architecture consists of the following levels:
Only the front end, “public” level is accessible over the Internet via the Drooms client, and it is protected against unauthorised access by a firewall and an authentication system. The other two levels are not accessible remotely. Data Centres Offered applications, as well as all data entrusted to Drooms, are stored in secure data centres in Germany or Switzerland, along with the hardware and software to support our solutions. Both facilities are managed by Interxion. STORAGE SERVER LOCATION The storage server location plays a vital role in ensuring compliance with data
protection regulations. All data is stored at the server location of your choosing. Automatic processing (such as document conversions) is completed on site.
IP FILTER CONFIGURATION Our data centres can filter out all connections that do not originate from a predefined IP address range, further restricting access to sensitive data.
Front end “Public data” input and output
Back end Data storage within the database
Middle zone Data management and necessary applications
5 / 19
Installation and Configuration Requirements WWW.DROOMS.COM
BSI CERTIFICATE The Drooms data centres are certified by the British Standards Institute (BSI). The certification confirms that Drooms complies with ISO/IEC 27001:2005 (Information Security Management) and ISO 22301:2012 (Business Continuity System).
6 / 19
Installation and Configuration Requirements WWW.DROOMS.COM
Please keep password requirements in mind when
choosing your password.
Software Delivery Overview SOFTWARE DELIVERY STEPS 1. Email invitation to use Drooms sent 2. End user registers on the Drooms server 3. Download Drooms 4. Run set-up wizard 5. The virtual data room is ready to use after completing setup
METHODS OF SOFTWARE DELIVERY End User Delivery. The end users receive the software and run the setup on
their own. The set-up wizards are available for Microsoft Windows and Apple Mac operating systems.
Administrator Delivery. A system administrator receives the software and deploys it on the computers of several end users. To complete the process, the end users need to register with Drooms. This delivery method is available only on computers running Microsoft Windows.
Registration and Download EMAIL INVITATION Drooms sends an email invitation to the end user and/or the customer’s
system administrator The invitation contains some information on Drooms and a link to our
registration site REGISTRATION SITE AND PASSWORD
Before using Drooms, first-time users will need to set a personal password by clicking the link in the email invitation.
The new password must meet the following requirements: 8-20 characters, with at least one uppercase letter, one lowercase letter, one number, and one special character (! # % * + ? @).
Users designated as “Deal Managers” in Drooms also will need to set a telephone password (consisting of at least 8 characters, no special characters)
DOWNLOADING DROOMS End users are redirected to the Drooms download page after registration and
can download and set up Drooms for Windows, Mac, or iOS via a link to the AppStore
System administrators need to install Drooms after the registration and download the “Multiuser” wizard in a special data room created specifically for system administrators.
7 / 19
Installation and Configuration Requirements WWW.DROOMS.COM
Only the “Net Setup” requires an Internet connection during the
installation; however, an Internet connection is always required when
using Drooms.
No wizard supporting administrator delivery on a Mac is available.
However, the Drooms client can still be run from a corporate Intranet
(see network requirements).
Details on the specific paths of application folders and user profiles can be found on the following page.
Set-Up Wizards In addition to the two delivery methods, there are also three different Drooms installation set-up wizards available. The requirements and availability of each wizard are outlined below. SETUP WIZARD OVERVIEW Net Setup: The end user runs the wizard, which downloads the Drooms
application. Full Setup: The end user unzips the downloaded file and runs the wizard,
which contains the entire application and can be run without Internet access. Multi-user Setup: The system administrator unzips the file and runs the
wizard, which contains the entire application and can be run without Internet access. The software can then be deployed via a corporate Intranet (e.g., via a central application server). Multiple users will later work with the same Drooms client.
DIFFERENCES BETWEEN THE SET-UP WIZARDS
Type Method File Size PC Mac
Net End User Delivery Drooms_Setup.exe ca. 500 KB x -
Full End User Delivery Drooms_Setup.zip 12 MB (Win) 15 MB (Mac)
x x
Multi-user Administrator Delivery Drooms_Setup.zip 12 MB x -
Type Download/Setup Admin rights Deployment on
Net End User Not Required Every Workspace (local)
Full End User Not Required Every Workspace (local)
Multi-user System Administrator Required Corporate Intranet
Type Application folder User profile
Net Specific to Each User Application Folder
Full Specific to Each User Application Folder
Multi-user Shared by Many Users Specific to Each User
DOWNLOADING THE MULTI-USER WIZARD The multi-user wizard is only available in the special Drooms data room,
“Drooms for Technical Audience“. To access this data room, system administrators need to register with
Drooms and install the single user version of Drooms. The invitation to the data room is sent out after consultation with the customer.
8 / 19
Installation and Configuration Requirements WWW.DROOMS.COM
There is usually a short grace period in which updates do not
need to be installed immediately.
Setup (Windows) The Drooms setup is only a copying process – no Windows registry entries
are created during the installation. The user profile is created automatically when Drooms is run for the first
time. In order to uninstall Drooms, simply delete the application folder and user
profiles (see instructions on the next page). Wizards are available for end user and administrator delivery methods.
(Administration rights are only needed for the administrator delivery.) STANDARD PATHS1
Application folder: %USERPROFILE%\Drooms User profile (End user delivery): %USERPROFILE%\Drooms\Profile User profile (Administrator delivery): %APPDATA%\Drooms
1 The application folder can be changed during the setup. If the application folder is changed,
please note the location, in order to prevent issues when uninstalling the application at a
later date.
Setup (Mac) The Drooms setup is only a copying process. The set-up wizard needs to be
downloaded and unzipped at the desired location. The user profile is automatically created when Drooms is run for the first time In order to uninstall Drooms, simply delete the application folder and user
profiles (see instructions on the next page) A wizard is available for end user delivery
STANDARD PATHS
Application folder: User-specific User profile: /users/<user name>/library/application support/drooms
Updates (Windows/Mac) END USER DELIVERY
The Drooms client will inform users when a new version is available End users can download the update and choose whether to install it
immediately or before the next time they run the Drooms client. ADMINISTRATOR DELIVERY
Drooms asks the system administrator to download and install a new version of the Drooms client, which is available in the data room for system administrators
After a short grace period, end users will be informed about the new version and directed to contact their system administrator
9 / 19
Installation and Configuration Requirements WWW.DROOMS.COM
If Drooms was installed using the end user delivery option, the user
profile is located in the application folder and does not need to be
deleted separately.
Uninstall (Windows)
DELETE THE APPLICATION FOLDER 1. Open Windows Explorer 2. Enter %USERPROFILE% in the address bar and hit Enter 3. Windows will automatically redirect you to the appropriate folder 4. Locate the folder named “Drooms” and delete it Note: If another application path was chosen during the set-up process, you will need to locate the correct folder to delete the application.
DELETE THE USER PROFILE (ADMINISTRATOR DELIVERY) 1. Open Windows Explorer 2. Enter %APPDATA% in the address bar and hit Enter 3. Windows will automatically redirect you to the respective folder
Windows XP: C:\Documents and Settings\%USERNAME%\Application data
Windows 7: C:\Users\%USERNAME%\AppData\Roaming 4. Locate the folder named “Drooms” and delete it Uninstall (Mac)
DELETE THE APPLICATION FOLDER
Locate the application folder that was chosen during the setup and delete it DELETE THE USER PROFILE
1. Open Finder 2. In the upper menu bar, open the “Go” menu 3. While the menu “Go” is collapsed, hit the “ALT” key to show the hidden menu
item “Library” 4. Click on “Library” to open the folder “Application Support” 5. Locate the folder named “Drooms ” and delete it by dragging it to the trash
10 / 19
Installation and Configuration Requirements WWW.DROOMS.COM
Network requirements are not influenced by the delivery method
(end user/administrator) or user hardware (PC/Mac).
Using SFTP requires a third party software tool that is not provided
directly by Drooms.
Network Corporate Network Requirements If the Drooms client is run within a corporate network, certain network requirements (described in the following pages) need to be observed. Network Requirements NORMAL OPERATIONS Internet access must be available The domains “*.drooms.com” must be accessible The following subnets must be accessible
193.240.144.64/27 193.240.144.48/28 (storage location Switzerland)
The protocols “http” and “https” must be functioning Port numbers 80 (http) and 443 (https) must be open The domain “crl.thawte.com” must be accessible
USER REGISTRATION AND SETUP An Internet browser is required (see System Requirements) The download of the set-up wizard (drooms_Setup.exe or drooms_Setup.zip)
must be allowed Please also note our information on software delivery and installation (see
page 6) Secure File Transfer Protocol (SFTP) Alternatively, the Drooms data centres also can be contacted via Secure File Transfer Protocol (SFTP). Please keep the following requirements in mind if you choose this method: Contact our technical support team, who will contact our data centres to
enable SFTP You will need to install and configure a third-party client that supports SFTP.
Log-in information is required for the client and will be provided by Drooms technical support.
The protocol “SFTP” must be allowed Port 22 (SFTP) needs to be open
11 / 19
Installation and Configuration Requirements WWW.DROOMS.COM
Proxy and Drooms certificate The Drooms client uses an SSL certificate to ensure that information exchanged with the Drooms server is not compromised. For security reasons, Drooms only works with an authentic Drooms certificate and rejects operations based on proxy-generated certificates. We explain below how the proxy needs to be set up in order to ensure the Drooms client operates smoothly. SSL certificate. The certificate is an electronic document that contains a
digital signature. The Drooms client uses the certificate to verify that the cryptographic key is authentic and was issued by the Drooms server.
Proxy. A communications hub within a corporate Intranet that acts as an intermediary for requests on the client side, seeking resources from the server. Depending on its configuration, a corporate proxy may send a separate certificate to the Drooms client. For security reasons, this method is not supported by Drooms.
REGULAR SSL CONNECTION The Drooms client connects directly to the Drooms server. Encrypted data is routed through the Internet via TCP/IP. PROXY CONNECTION The Drooms client connects to the proxy server. The proxy connects to the Drooms server and forwards the data from the Drooms client.
Drooms client Internet Drooms server
Drooms client Drooms server Proxy Internet
12 / 19
Installation and Configuration Requirements WWW.DROOMS.COM
PROXY OPERATION WITH TWO CERTIFICATES HTTPS requests are terminated by the proxy and reverted to the Drooms
server. The certificates are then presented to the Drooms server by the proxy and differ from the original Drooms certificate. In other words, instead of forwarding encrypted data between the Drooms client and the Drooms server, the proxy establishes two different SSL connections between the two: Proxy ↔ Drooms server: Normal SSL connection Proxy ↔ Drooms client: Sets up an SSL connection to the Drooms client
using a different certificate If the Drooms client were to accept the separate certificate, the proxy would
have access to unencrypted data. For this reason, the Drooms client considers this method a man-in-the-middle attack and rejects the connection.
Drooms does not allow the proxy to terminate requests. The HTTPS connection between the Drooms client and the Drooms server needs to remain a direct link at all times. However, a proxy may still be used as a forwarding technique under the express condition that no attempt will be made to alter the encrypted data.
Enterprise networks can work with very specific parameters. Do not hesitate to contact us for any
questions or queries.
13 / 19
Installation and Configuration Requirements WWW.DROOMS.COM
Our customer service representatives can access
portions of the stored documents at any time for the express purpose of
administrating their respective customer’s data rooms.
Security Drooms Is Committed to Security Our software solutions are periodically audited by both outside parties and customers in regards to their needs. These audits ensure that we adopt new safety technologies as they become available and guarantee that we continuously improve our internal processes for handling documents. User Identification and Journaling User authentication is tied to a user’s e-mail address and personal password.
Our customers decide which users are invited to the Drooms system and in which roles. Invitations are personalised, and first-time users of Drooms are required to set a personal password during registration before using Drooms.
The password must contain 8–20 characters, with at least one uppercase letter, one lowercase letter, one number, and one special character (e.g., ! # % * + ? @) each.
Additionally, a two-factor authentication process may be used to strengthen user identification. The end users will need to provide their passwords and a PIN, which is sent to a registered mobile phone number, before logging in.
All user activities are recorded, including log-ins, email addresses, sessions, documents, timestamps, and any changes to documents. All administrative actions are also recorded. More than 60 different reports regarding user activities are available to authorised users.
A session timeout occurs after a period of inactivity. The user’s session is then terminated automatically.
Content Access Any access to documents has to be explicitly granted by either the owner of
the information or by Drooms upon written instructions from the customer All data is only made accessible to users within the limits of their designated
user role and their respective permissions All data transferred to, processed, managed, and stored by Drooms is
handled separately and only allocated to their designated virtual data room All connections to the Drooms client that do not originate from a pre-defined
address range can be filtered out, further restricting access to sensitive documents
14 / 19
Installation and Configuration Requirements WWW.DROOMS.COM
Our service provider, Interxion, considers its infrastructure
“failsafe”.
Encryption All communication from the Drooms client through the Internet is encrypted
via an https connection (using SSL encryption based on an advanced encryption standard [AES] algorithm with a 256-bit key). The connections are Thawte-certified.
All documents and files submitted to Drooms are encrypted while being uploaded to our virtual data rooms. The 256-bit key length is AES compliant.
For technical reasons, the data created for optical character recognition (OCR) cannot be encrypted. Nevertheless, all transfers between the Drooms client and the Drooms data centre remain encrypted.
Physical Security All data, hardware, and software supporting the information management system are physically secured against environmental hazards. The data centre facilities are air conditioned and equipped with a redundant
electric supply system Fire protection includes a three-level fire alarm and an automatic, gaseous
fire suppression system. The mirrored servers are located in separate fire-resistant compartments.
Physical access to the building is actively controlled using permission checks and sally ports. It is limited to qualified personnel and subject to a key card system.
The facilities are monitored 24 hours a day by alarm systems, video control systems, and a security service
The data stored in the German and Swiss facilities are mirrored in two physically separate areas
Operational Security Drooms has an incident response procedure in place. All applications and
servers are simultaneously monitored by Drooms and its service provider. Drooms has established a disaster recovery procedure, which is tested on a
regular basis All Drooms servers are patched and updated regularly
Quality Assurance Drooms has a change management system in place, including separate
development and testing environments
15 / 19
Installation and Configuration Requirements WWW.DROOMS.COM
Compliance and Location Security End users must agree to specific terms and conditions defined for each
virtual data room before access. This feature may be optionally disabled. Compliance to local data protection regulations is ensured by allowing
customers to choose the data storage location (Frankfurt, Germany or Zurich, Switzerland).
Data Centres The Drooms data centres are BSI certified and comply with ISO/IEC 27001 and ISO 22301:2012 (see page 5). Additionally, the Frankfurt data centre is TÜV Süd certified and complies with the PCI Data Security Standard.
16 / 19
Installation and Configuration Requirements WWW.DROOMS.COM
System Requirements Supported File Formats The Drooms file conversion software supports the digital viewing of the following file types: pdf, tif, xls, xlsx, doc, docx, ppt, pptx, rtf, txt, jpg
Other file types (e.g., msg, htm, gif, png, mht, zip, mp3, video, dwg, dxf) can still be uploaded to the virtual data room. While the Drooms client does not display those files, they can be downloaded by users (with the correct permissions). Recommended System Requirements BROWSER REQUIREMENTS All delivery methods require an Internet connection to register with and to download Drooms. While nearly all modern browsers can be used for this purpose, Drooms recommends the following programs and settings: PC: Firefox 3.6 or higher; Internet Explorer 6 or higher Mac: Safari 1.0 or higher Downloads, JavaScript und cookies need to be allowed and enabled
SYSTEM REQUIREMENTS (WINDOWS)
Windows XP SP2, Windows Server 2003, Windows Vista, Windows 7, Windows 8
1.4 GHz processor or faster 512 Megabytes (MB) of RAM or more 200 Megabytes (MB) free hard disk space or more Internet access must be given and standard ports 80 (http) and 443 (https)
must be open SYSTEM REQUIREMENTS (MAC)
Mac OSX 10.6 or higher Apple computer with Intel x86 processor 512 Megabytes (MB) of RAM or more 200 Megabytes (MB) free hard disk space or more Internet access must be given and standard ports 80 (http) and 443 (https)
must be open For installing Drooms Java 6 must be installed
17 / 19
Installation and Configuration Requirements WWW.DROOMS.COM
Glossary A software distribution method where a system administrator provides software to end users. A special computer user right used to perform administrative tasks in a system. Advanced Encryption Standard. A specification for encryption of electronic data, established by the US National Institute of Standards and Technology (NIST). Application software. Computer software that provides users with specific services. Provides users within a corporate Intranet with access to apps with value-added services, such as access security or load balancing. A digital app distribution platform for iOS. The service allows users to browse and download applications. A server at the terminal stage of a process. A computing architecture that divides the tasks between the service provider (servers) and service requesters (clients). A software application that accesses services offered by a server. The physical location holding all the hardware and software needed to operate Drooms. Enables end users to securely access the Drooms virtual data rooms. The virtual data room solution which enables the highly secure access to confidential documents, as well as the ability to safely exchange them with third parties beyond company firewalls. The internal file format that enables the secure display of confidential documents within Drooms. Data Room Services GmbH/DRSdigital AG. Provides software solutions and services to support transactions of complex assets. A Drooms client software distribution method where the end user acts autonomously. An extension of an organisation’s intranet to outside users (e.g., partners, vendors) that is isolated from other internet users. A network barrier that prevents unauthorised or unwanted communications between computer networks. An interface between the end user and the back end. “Front end” and “back end” are general terms that refer to the initial and end stages of a process. A set-up wizard that contains the full Drooms client software.
Administrator delivery
Administrator rights
AES
App
Application server
Apple App Store
Back end
Client/server model
Client
Data centre
Drooms client
Drooms
Drooms Document Format
Drooms (DRS)
End user delivery
Extranet
Firewall
Front end
Full setup
18 / 19
Installation and Configuration Requirements WWW.DROOMS.COM
A collective term for all hardware, networks, and operating systems that constitute the foundation for the operation of a corporate information system. Software that retrieves and presents information over the Internet. A computer network within an organisation. A mobile operating system by Apple for the iPhone, iPod, and iPad. Internet protocol address. A number assigned to each device (e.g., computer, printer) participating in a computer network. An operating system by Apple Inc. that runs exclusively on Macintosh computers. A dedicated set-up wizard for system administrators. A downloader wizard that fetches the Drooms client software. Optical character recognition. Converts embedded text (e.g., images) to single characters. A basic software which manages the computer hardware resources and provides common services for applications (e.g., Windows, Mac OS X or iOS). A server that acts as an intermediary for requests from clients seeking resources from other systems. The database of the configuration settings in the Microsoft Windows operating system. A secure, controlled entryway to the data centre. A computer that offers services to other computers on the network. A company in the IT industry that provides other organisations with communications, storage, processing, or other services. A small software utility that makes the Drooms client ready for execution. SSH file transfer protocol. A network protocol which provides secure file transfer and manipulation over SSH. All of the activities which make a software available for use. Secure sockets layer protocol. Enables encrypted communication between the data centre and its client. Provides a repository for shared data (e.g., images, databases) that is accessible by other computers. A person employed to maintain and operate a corporate infrastructure. Also known as IT, network, or security administrator. A certification authority for X.509 certifcates. Thawte is a former subsidary of VeriSign, now owned by Symantec.
Infrastructure
Internet browser
Intranet
iOS
IP address
Mac OS X
Multi-user setup
Net setup
OCR
Operating System (OS)
Proxy
Registry
Sally port
Server
Service provider
Setup
SFTP
Software delivery
SSL
Storage server
System administrator
Thawte
19 / 19
Installation and Configuration Requirements WWW.DROOMS.COM
Requires the input of at least two authentication factors (e.g., password and a PIN). An online repository used to safely distribute documents. Virtual private network. Enables end users to access resources on remote Intranets (e.g., applications, files, printers). An operating system developed and sold by Microsoft Corporation. A software assistant which guides the user through a series of well-defined software installation steps.
Two-factor authentication
Virtual data room (VDR)
VPN
Windows
Wizard