Frequently Asked Questions

Cloud Edition

  • How does your Cloud service work?
    When users log in to Yarkon, the Yarkon Cloud Server authenticates them using their username and password credentials. Once their identity is verified and confirmed, the server will authorize the users with AWS S3, and if needed, with AWS IAM. See Security Models for more about the authorization process.
  • How are users added to the system?
    While Cloud Edition of Yarkon can be used by individuals, it is an organization service for companies of any size. The first step is to create an account; this will create an administrator account that can then be used to manage end-users. The administrator can then add as many end-user accounts as needed, and remove them when they no longer require access to AWS S3. The end-users themselves do not need access to the Yarkon server, or to the AWS Dashboard.
  • How do end-users access their S3 buckets with Yarkon?
    End-users are using the Yarkon Web Application. This is a client side HTML5 application, running inside a user’s browser. To be able to use the application, a user only needs to provide her username and password. The username is the user’s email, the password can be managed by the user herself. For more about the client application and its feature, see the Demo.
  • Where are user passwords kept?
    In the Cloud Edition of Yarkon, the user passwords are kept in our database. We use the highly secure AWS RDS service for this purpose and follow all the security best practices and recommendations from Amazon to ensure the security of the end-user data. The password themselves are hashed using the Bcrypt algorithm using a random salt.
  • Why do I have to provide AWS API credentials?
    Any API access to AWS requires AWS API credentials. This is more secure than using a username password pair. We store the credentials in our database in encrypted format. You have full control over the credentials and can change or revoke them at any time. It is important to understand that your credentials are never shared with any user and are never sent over the internet to a client machine. Following AWS strictest security recommendations, clients only get short-lived temporary credentials. The Yarkon Admin Console server never displays the secret key. Your AWS credentials are only used by our server to communicate with the AWS IAM and AWS STS services.

Enterprise Edition

  • How does your service work?
    When users log in to Yarkon, the Yarkon Enterprise Server authenticates them using their username and password credentials. Once their identity is verified and confirmed, the server will authorize the users with AWS S3, and if needed, with AWS IAM. See Security Models for more about the authorization process.
  • How are users added to the system?
    Users are managed by the administrator, using the Yarkon Admin Console server application. The administrator can add as many end-user accounts as needed, and remove them when they no longer require access to AWS S3. The end-users themselves do not need access to the Yarkon server, or to the AWS Dashboard.
  • As the system administrator, how do I access the Admin Console?
    After the system is set up, the root URL will always open the client application, the Yarkon HTML Browser. To access the Yarkon Admin Console application, simply append a “/console” to the application URL. For instance, if the domain name you set up for the application is “https://yarkon.mycompany.com”, then to access the Yarkon Admin Console application, use “https://yarkon.mycompany.com/console”. It will present the Login screen, which will prompt for your Administrator Credentials. End users will not be able to login with their credentials.
  • How do end-users access their S3 buckets with Yarkon?
    End-users are using the Yarkon Web Application. This is a client side HTML5 application, running inside a user’s browser. To be able to use the application, a user only needs to provide her username and password. The username is the user’s email, the password can be managed by the user herself. For more about the client application and its feature, see the Demo.
  • Where are user passwords kept?
    In the Enterprise Edition of Yarkon, the user passwords are kept in a database, set up in one of two main configurations, chosen by you: local or shared. By default, a local database on the same EC2 is used, making it a secure and cost-effective implementation. In case you want to use more than one Yarkon Server (for instance, for high availability and redundancy), a shared database is used. You can bring your own database, or use AWS RDS in the same way we do for the Cloud Edition. The password are hashed using the Bcrypt algorithm using a random salt.
  • How do end-users get access to their S3 buckets?
    The Yarkon Admin Console does not have access to your API credentials. It gains access to S3 resources based on the permissions granted to it through the role used for the EC2 instance. No API credentials are ever shared with any user and are ever sent over the internet to a client machine. Following AWS strictest security recommendations, clients only get short-lived temporary credentials.
  • Do you require an Email server?
    The product enables the end-users to self service their credentials, meaning that an end-user can reset her password in case it is lost. In this case, the email server is used to securely and confidentially communicate the newly auto-generated, temporary password to the user.
    You can set the email integration to None – but if you do so, users will not be able to reset their own password, and when a new user is created, the administrator will have to communicate their new password to them.
  • Can I use my GMail account as an Email server?
    You can, but you should not. Even though Gmail is the fastest way to get started with sending emails, it is by no means a preferable solution. Gmail expects the user to be an actual user and not a robot/application, so it runs heuristics for every login attempt and blocks anything that looks suspicious. Being that this is an enterprise product, having access to an Email server is expected and required. Use the same Email server you use for your other automated emails.
  • Can I use AWS SES as an Email server?
    Absolutely. You can use SES as a service – the machine role created for the Enterprise Edition should have access to the API by default.
    Alternatively, you can also use SES as SMTP – follow this document from Amazon on how to obtain your credentials; use the appropriate endpoint for the Server Name. Use the aforementioned SMTP credentials for the Username and Password. The Send From field must be a verified email address you can send from. Use the Display Name field to add a user friendly name.

Team Edition

  • How does your service work?
    When users log in to Yarkon, the Yarkon Team Server authenticates them using their username and password credentials. Once their identity is verified and confirmed, the server will authorize the users with AWS S3, and if needed, with AWS IAM. See Security Models for more about the authorization process.
  • How are users added to the system?
    Users are managed by the administrator, using the Yarkon Admin Console server application. The administrator can add as many end-user accounts as allowed, and remove them when they no longer require access to AWS S3. The end-users themselves do not need access to the Yarkon server, or to the AWS Dashboard.
  • As the system administrator, how do I access the Admin Console?
    After the system is set up, the root URL will always open the client application, the Yarkon HTML Browser. To access the Yarkon Admin Console application, simply append a “/console” to the application URL. For instance, if the domain name you set up for the application is “https://yarkon.mycompany.com”, then to access the Yarkon Admin Console application, use “https://yarkon.mycompany.com/console”. It will present the Login screen, which will prompt for your Administrator Credentials. End users will not be able to login with their credentials.
  • How do end-users access their S3 buckets with Yarkon?
    End-users are using the Yarkon Web Application. This is a client side HTML5 application, running inside a user’s browser. To be able to use the application, a user only needs to provide her username and password. The username is the user’s email, the password can be managed by the user herself. For more about the client application and its feature, see the Demo.
  • Where are user passwords kept?
    In the Team Edition of Yarkon, the user passwords are kept in a local database on the same EC2 that is running the service, making it a secure and cost-effective implementation. In case you want to use more than one Yarkon Server (for instance, for high availability and redundancy), you’d have to step up to the Enterprise Edition. The password are hashed using the Bcrypt algorithm using a random salt.
  • How do end-users get access to their S3 buckets?
    The Yarkon Admin Console does not have access to your API credentials. It gains access to S3 resources based on the permissions granted to it through the role used for the EC2 instance. No API credentials are ever shared with any user and are ever sent over the internet to a client machine. Following AWS strictest security recommendations, clients only get short-lived temporary credentials.
  • Do you require an Email server?
    The product enables the end-users to self service their credentials, meaning that an end-user can reset her password in case it is lost. In this case, the email server is used to securely and confidentially communicate the newly auto-generated, temporary password to the user.
    You can set the email integration to None – but if you do so, users will not be able to reset their own password, and when a new user is created, the administrator will have to communicate their new password to them.
  • Can I use my GMail account as an Email server?
    You can, but you should not. Even though Gmail is the fastest way to get started with sending emails, it is by no means a preferable solution. Gmail expects the user to be an actual user and not a robot/application, so it runs heuristics for every login attempt and blocks anything that looks suspicious. Being that this is an team product, having access to an Email server is expected and required. Use the same Email server you use for your other automated emails.
  • Can I use AWS SES as an Email server?
    Absolutely. You can use SES as a service – the machine role created for the Team Edition should have access to the API by default.
    Alternatively, you can also use SES as SMTP – follow this document from Amazon on how to obtain your credentials; use the appropriate endpoint for the Server Name. Use the aforementioned SMTP credentials for the Username and Password. The Send From field must be a verified email address you can send from. Use the Display Name field to add a user friendly name.

Common

  • Do you offer a free trial?
    We offer a FREE tier for Yarkon, but we also offer a 14 day free trial for all editions of Yarkon procured through the AWS MarketPlace. If you only want to see the system in action, use the Demo Application.
  • Where can I see the user manual for the client application?
    We add to our documentation all the time, and enhance it as needed. To get a good understanding of how to use the Yarkon web client application, please check out the tour: Demo.
  • What are the known limitations of Yarkon?
    See the limitations page for a list of current known limits on using Yarkon.
  • Suppose I encounter an issue, can you help?
    Absolutely. We have a good experience with organizations being able to set up the application without assistance, but your situation might be unique. Please contact us with any question you might have.