Enterprise Edition

The Enterprise Edition of Yarkon is in Preview.
It will be generally available in Q4 2017.

Details

Many of our enterprise clients and prospects, especially in Healthcare and Financial Services, cannot share their AWS credentials with a cloud based service, mostly for regulatory reasons. In fact, many cannot even communicate outside of their VPC.

To address this issue, we offer the Enterprise Edition – this is a completely stand alone solution, that you install on an EC2 instance within your VPC, and from thereon operates independently.

The Enterprise Edition of Yarkon is a self-hosted solution, meaning that you (the customer) host all components of the system in your AWS account.

Use Yarkon to upload, download and share documents, manage buckets and create folders – anything that you normally do with S3 – with a fluent, intuitive and feature rich user experience, similar to what you have when using your PC. Drag & drop, context menus, copy-paste, multiple upload/download, it is all there.

Yarkon enables everyone in your organization to use your S3 storage without provisioning access to the AWS console/account and without sharing any sensitive keys with end users; all that while strictly following the permissions granted by the account administrator using the IAM service, and with full support to groups and roles.

Yarkon Enterprise Edition runs on a single instance in your account, without any external dependencies.

The Enterprise Edition does not require access to any AWS access keys. The server gets its permissions through its assigned IAM role. This approach ensures that your security credentials cannot be accessed, even if the Yarkon server is somehow compromised. End-users never have to enter AWS access keys, or even be assigned any.

The system consists of two main modules:

  • Yarkon Web Client application, the front end used by all end-users.
  • Yarkon Admin Console server, responsible for user permission management, and for serving the HTML files to the end clients. This module is hosted in our cloud.

To learn more about the client experience with Yarkon, please use the Demo Application – it is using the infrastructure of the Cloud Edition and is functionally identical to it.

Pricing

The Enterprise Edition is provided as an AMI from the market place. Similar to EC2 instances, you pay as you go on an hourly basis; payments are collected directly by Amazon on your AWS monthly bill.

The current price for the Enterprise Edition of Yarkon is $0.27 per hour, per instance. We offer a 14 day Free Trial to get you started.

In Addition to this hourly fee, you will have to pay AWS for the instance running the service. As always, this amount depends on the type of EC2 instance you provision and your usage profile. The AWS charges are applicable also during the Free Trial period.

Yarkon is using your S3 account. You will incur the standard AWS S3 fees, depending on your specific usage and network/API utilization. AWS publishes its S3 fees here: Amazon S3 Pricing.

Getting Started

To get started with the Enterprise Edition of Yarkon, follow the detailed Getting Started guide available. It will lead you through the process of subscribing to the service using the AWS MarketPlace, securing the server and adding end users to the system.

Security Models

The Security Model controls user access to the S3 buckets. Yarkon supports different Security Models. In case you want to use the Integrated Security Model, you need to have your organization set up in IAM. An example of such an organization is provided here: Setting up the users in AWS and granting them permissions to access buckets using Groups and Policies.

Frequently Asked Questions

  • Do you offer a free trial?
    Yes. We offer a 14 day Free Trial for the Enterprise Edition.
  • How does your service work?
    When users log in to Yarkon, the Yarkon Cloud Server authenticates them using their username and password credentials. Once their identity is verified and confirmed, the server will authorize the users with AWS S3, and if needed, with AWS IAM. See Security Models for more about the authorization process.
  • How are users added to the system?
    Users are managed by the administrator, using the Yarkon Admin Console server application. The administrator can add as many end-user accounts as needed, and remove them when they no longer require access to AWS S3. The end-users themselves do not need access to the Yarkon server, or to the AWS Dashboard.
  • How do end-users access their S3 buckets with Yarkon?
    End-users are using the Yarkon Web Application. This is a client side HTML5 application, running inside a user’s browser. To be able to use the application, a user only needs to provide her username and password. The username is the user’s email, the password can be managed by the user herself. For more about the client application and its feature, see the Cloud Edition Tour.
  • Where are user passwords kept?
    In the Enterprise Edition of Yarkon, the user passwords are kept in a database, set up in one of two main configurations, chosen by you: local or shared. By default, a local database on the same EC2 is used, making it a secure and cost-effective implementation. In case you want to use more than one Yarkon Server (for instance, for high availability and redundancy), a shared database is used. You can bring your own database, or use AWS RDS in the same way we do for the Cloud Edition. The password themselves are hashed using the Bcrypt algorithm using a random salt.
  • How do end-users get access to their S3 buckets?
    The Yarkon Admin Console does not have access to your API credentials. It gains access to S3 resources based on the permissions granted to it through the role used for the EC2 instance. No API credentials are ever shared with any user and are ever sent over the internet to a client machine. Following AWS strictest security recommendations, clients only get short-lived temporary credentials.
  • Do you require an Email server?
    The product enables the end-users to self service their credentials, meaning that an end-user can reset her password in case it is lost. In this case, the email server is used to securely and confidentially communicate the newly auto-generated, temporary password to the user.
    You can set the email integration to None – but if you do so, users will not be able to reset their own password, and when a new user is created, the administrator will have to communicate their new password to them.
  • Can I use my GMail account as an Email server?
    You can, but you should not. Even though Gmail is the fastest way to get started with sending emails, it is by no means a preferable solution. Gmail expects the user to be an actual user and not a robot/application, so it runs heuristics for every login attempt and blocks anything that looks suspicious. Being that this is an enterprise product, having access to an Email server is expected and required. Use the same Email server you use for your other automated emails.
  • Can I use AWS SES as an Email server?
    Absolutely. You can use SES as a service – the machine role created for the Enterprise Edition should have access to the API by default.
    Alternatively, you can also use SES as SMTP – follow this document from Amazon on how to obtain your credentials; use the appropriate endpoint for the Server Name. Use the aforementioned SMTP credentials for the Username and Password. The Send From field must be a verified email address you can send from. Use the Display Name field to add a user friendly name.
  • Where can I see the user manual for the client application?
    We add to our documentation all the time, and enhance it as needed. To get a good understanding of how to use the Yarkon web client application, please check out one of the tours:
  • What are the known limitations of Yarkon?
    See the limitations page for a list of current known limits on using Yarkon.
  • Suppose I encounter an issue, can you help?
    Absolutely. We have a good experience with organizations being able to set up the application without assistance, but your situation might be unique. Please contact us with any question you might have.