Frequently Asked Questions

Web Edition

  • Since this is a free product, would you use my email for any purpose?
    We do not even require you to put in an email for the Web Edition
    But even if we do get your email, we will never share or sell it.
  • Why do I need to provide my Account key?
    Yarkon uses the Amazon Web Services API, and therefore needs the Account Key. This is a good thing – the account key is more secure than a user-name password combination, and it can be set up so that only limited privileges are granted to a specific user.
    For the Web Edition of Yarkon to work, the end-user only has to be granted access to S3, so using these credentials ensures that in an organizational system, users cannot do anything to affect other components of the system. The system administrator can always revoke a user’s credentials, if needed.
    For more about the API credentials, see this document from Amazon.
  • Do you have access to the API credentials I use to login?
    Absolutely not. The product is a client side application, meaning that it runs in your browser on your device. It does not communicate with any of our servers in any way. When it loads, it pulls the HTML assets from our S3 bucket and our CloudFront CDN account, and from thereon, all communication is between your device and your AWS S3 account.
  • You are a small company. How can you offer this product for free?
    That’s a fair question. We are a small company, and our business model is based on revenue generated from consulting services and customization of our products. You can think of the free products we offer as a show case of our work, and a basis for future contracting engagements.
    Recently, we started offering more advanced versions of our Yarkon product, with a server side component. We do charge a small fee for these products, mostly to offset the cost of running the servers, with the stated goal of roughly breaking even. We found that many corporate clients prefer to go with one of the paid solutions – while all of our editions offer exactly the same end-user experience, the products with a server side component do allow for a higher level security and tighter integration with the AWS IAM permission system, a feature that is usually required by enterprise clients.
    You can check out these alternative options here:

Cloud Edition

  • Do you offer a free trial?
    We offer the Web Edition of Yarkon for FREE. The client side application, which is the main component of the Yarkon system and used exclusively by all end users, is identical throughout all editions of Yarkon, so you can try it for as long as you want. The paid editions only differ by their server side component. We also offer a 14 day free trial of the Cloud Edition, with up to 100 user accounts. Lastly, if you only want to see the system in action, use the Demo Application.
  • How does your Cloud service work?
    When users log in to Yarkon, the Yarkon Cloud Server authenticates them using their username and password credentials. Once their identity is verified and confirmed, the server will authorize the users with AWS S3, and if needed, with AWS IAM. See Security Models for more about the authorization process.
  • How are users added to the system?
    While Cloud Edition of Yarkon can be used by individuals, it is an organization service for companies of any size. The first step is to create an account; this will create an administrator account that can then be used to manage end-users. The administrator can then add as many end-user accounts as needed, and remove them when they no longer require access to AWS S3. The end-users themselves do not need access to the Yarkon server, or to the AWS Dashboard.
  • How do end-users access their S3 buckets with Yarkon?
    End-users are using the Yarkon Web Application. This is a client side HTML5 application, running inside a user’s browser. To be able to use the application, a user only needs to provide her username and password. The username is the user’s email, the password can be managed by the user herself. For more about the client application and its feature, see the Cloud Edition Tour.
  • Where are user passwords kept?
    In the Cloud Edition of Yarkon, the user passwords are kept in our database. We use the highly secure AWS RDS service for this purpose and follow all the security best practices and recommendations from Amazon to ensure the security of the end-user data. The password themselves are hashed using the Bcrypt algorithm using a random salt.
  • Why do I have to provide AWS API credentials?
    Any API access to AWS requires AWS API credentials. This is more secure than using a username password pair. We store the credentials in our database in encrypted format. You have full control over the credentials and can change or revoke them at any time. It is important to understand that your credentials are never shared with any user and are never sent over the internet to a client machine. Following AWS strictest security recommendations, clients only get short-lived temporary credentials. The Yarkon Admin Console server never displays the secret key. Your AWS credentials are only used by our server to communicate with the AWS IAM and AWS STS services.

Enterprise Edition

  • Do you offer a free trial?
    Yes. We offer a 14 day Free Trial for the Enterprise Edition.
  • How does your service work?
    When users log in to Yarkon, the Yarkon Cloud Server authenticates them using their username and password credentials. Once their identity is verified and confirmed, the server will authorize the users with AWS S3, and if needed, with AWS IAM. See Security Models for more about the authorization process.
  • How are users added to the system?
    Users are managed by the administrator, using the Yarkon Admin Console server application. The administrator can add as many end-user accounts as needed, and remove them when they no longer require access to AWS S3. The end-users themselves do not need access to the Yarkon server, or to the AWS Dashboard.
  • How do end-users access their S3 buckets with Yarkon?
    End-users are using the Yarkon Web Application. This is a client side HTML5 application, running inside a user’s browser. To be able to use the application, a user only needs to provide her username and password. The username is the user’s email, the password can be managed by the user herself. For more about the client application and its feature, see the Cloud Edition Tour.
  • Where are user passwords kept?
    In the Enterprise Edition of Yarkon, the user passwords are kept in a database, set up in one of two main configurations, chosen by you: local or shared. By default, a local database on the same EC2 is used, making it a secure and cost-effective implementation. In case you want to use more than one Yarkon Server (for instance, for high availability and redundancy), a shared database is used. You can bring your own database, or use AWS RDS in the same way we do for the Cloud Edition. The password themselves are hashed using the Bcrypt algorithm using a random salt.
  • How do end-users get access to their S3 buckets?
    The Yarkon Admin Console does not have access to your API credentials. It gains access to S3 resources based on the permissions granted to it through the role used for the EC2 instance. No API credentials are ever shared with any user and are ever sent over the internet to a client machine. Following AWS strictest security recommendations, clients only get short-lived temporary credentials.
  • Do you require an Email server?
    The product enables the end-users to self service their credentials, meaning that an end-user can reset her password in case it is lost. In this case, the email server is used to securely and confidentially communicate the newly auto-generated, temporary password to the user.
    You can set the email integration to None – but if you do so, users will not be able to reset their own password, and when a new user is created, the administrator will have to communicate their new password to them.
  • Can I use my GMail account as an Email server?
    You can, but you should not. Even though Gmail is the fastest way to get started with sending emails, it is by no means a preferable solution. Gmail expects the user to be an actual user and not a robot/application, so it runs heuristics for every login attempt and blocks anything that looks suspicious. Being that this is an enterprise product, having access to an Email server is expected and required. Use the same Email server you use for your other automated emails.
  • Can I use AWS SES as an Email server?
    Absolutely. You can use SES as a service – the machine role created for the Enterprise Edition should have access to the API by default.
    Alternatively, you can also use SES as SMTP – follow this document from Amazon on how to obtain your credentials; use the appropriate endpoint for the Server Name. Use the aforementioned SMTP credentials for the Username and Password. The Send From field must be a verified email address you can send from. Use the Display Name field to add a user friendly name.

Common

  • Where can I see the user manual for the client application?
    We add to our documentation all the time, and enhance it as needed. To get a good understanding of how to use the Yarkon web client application, please check out one of the tours:
  • What are the known limitations of Yarkon?
    See the limitations page for a list of current known limits on using Yarkon.
  • Suppose I encounter an issue, can you help?
    Absolutely. We have a good experience with organizations being able to set up the application without assistance, but your situation might be unique. Please contact us with any question you might have.