Team Edition

ProductYarkon Team Edition
HostingBy you
Pricing optionsHourly, Monthly, Annual
Set up time30-45 minutes
What you haveAdmin permissions
What you knowConfigure AMI, define IAM policies

Overview

The Team Edition of Yarkon is a self-hosted solution, meaning that you (the customer) host all components of the system in your AWS account. It is a completely stand alone solution, that you install on an EC2 instance within your VPC, and from thereon operates independently. Yarkon Team Edition runs on a single instance in your account, without any external dependencies.

Use Yarkon to upload, download and share documents, manage buckets and create folders – anything that you normally do with S3 – with a fluent, intuitive and feature rich user experience, similar to what you have when using your PC. Drag & drop, context menus, copy-paste, multiple upload/download, it is all there.

Yarkon enables everyone in your organization to use your S3 storage without provisioning access to the AWS console/account and without sharing any sensitive keys with end users; all that while strictly following the permissions granted by the account administrator using the IAM service, and with full support to groups and roles.

The Team Edition does not require access to any AWS access keys. The server gets its permissions through its assigned IAM role. This approach ensures that your security credentials cannot be accessed, even if the Yarkon server is somehow compromised. End-users never have to enter AWS access keys, or even be assigned any.

The system consists of two main modules:

  • Yarkon Web Client application, the front end used by all end-users.
  • Yarkon Admin Console server, responsible for user permission management, and for serving the HTML files to the end clients. This module is hosted in our cloud.

To learn more about the client experience with Yarkon, please use the Demo Application – it is using the infrastructure of the Cloud Edition and is functionally identical to it.

Pricing

The Team Edition is provided as an AMI from the AWS MarketPlace. Similar to EC2 instances, you pay as you go on an hourly basis; payments are collected directly by Amazon on your AWS monthly bill.

The current software price for the Team Edition of Yarkon is $0.05 per hour, per instance. We offer a 14 day Free Trial to get you started. A 10% discounted annual option is also available.

As is always the case with AWS, in addition to the cost paid to Yarkon, you will have to pay AWS for the instance and any additional infrastructure you provision for running the service. This amount depends on the type of EC2 instance you provision and your usage profile. This AWS cost is charged by Amazon and is applicable also during the Free Trial period. The recommended setup of Yarkon for the Team Edition would cost about $30 monthly in AWS infrastructure services.

Yarkon is using your S3 account. You will incur the standard AWS S3 fees, depending on your specific usage and network/API utilization. AWS publishes its S3 fees here: Amazon S3 Pricing. Using Yarkon will not make a difference to your current S3 cost.

Getting Started

To get started with the Team Edition of Yarkon, follow the detailed Getting Started guide available. It will lead you through the process of subscribing to the service using the AWS MarketPlace, securing the server and adding end users to the system.

Security Models

The Security Model controls user access to the S3 buckets. Yarkon supports different Security Models.

In case you want to use the Integrated Security Model, you need to have your organization set up in IAM.

An example of such an organization is provided here: Setting up the users in AWS and granting them permissions to access buckets using Groups and Policies.

Upgrading to the Enterprise Edition

Upgrading to the Enterprise Edition is easy:

  1. Using the Admin Console, go to the Administration page, and select the Database tab. Click the Backup button to save the current database.
  2. Sign up to the Enterprise Edition from the AWS MarketPlace, and complete the setup process as usual.
  3. Once the application is up and ready, go to the Administration page, select the Database tab, and click the Restore button. Upload the database backup file you just created.
  4. All user accounts and other settings would be automatically transferred, and any database upgrade required automatically handled by the application.
  5. To complete the upgrade, update your DNS to point to the new stack, and turn off (terminate) the old one.

Frequently Asked Questions

  • How does your service work?
    When users log in to Yarkon, the Yarkon Team Server authenticates them using their username and password credentials. Once their identity is verified and confirmed, the server will authorize the users with AWS S3, and if needed, with AWS IAM. See Security Models for more about the authorization process.
  • How are users added to the system?
    Users are managed by the administrator, using the Yarkon Admin Console server application. The administrator can add as many end-user accounts as allowed, and remove them when they no longer require access to AWS S3. The end-users themselves do not need access to the Yarkon server, or to the AWS Dashboard.
  • As the system administrator, how do I access the Admin Console?
    After the system is set up, the root URL will always open the client application, the Yarkon HTML Browser. To access the Yarkon Admin Console application, simply append a “/console” to the application URL. For instance, if the domain name you set up for the application is “https://yarkon.mycompany.com”, then to access the Yarkon Admin Console application, use “https://yarkon.mycompany.com/console”. It will present the Login screen, which will prompt for your Administrator Credentials. End users will not be able to login with their credentials.
  • How do end-users access their S3 buckets with Yarkon?
    End-users are using the Yarkon Web Application. This is a client side HTML5 application, running inside a user’s browser. To be able to use the application, a user only needs to provide her username and password. The username is the user’s email, the password can be managed by the user herself. For more about the client application and its feature, see the Demo.
  • Where are user passwords kept?
    In the Team Edition of Yarkon, the user passwords are kept in a local database on the same EC2 that is running the service, making it a secure and cost-effective implementation. In case you want to use more than one Yarkon Server (for instance, for high availability and redundancy), you’d have to step up to the Enterprise Edition. The password are hashed using the Bcrypt algorithm using a random salt.
  • How do end-users get access to their S3 buckets?
    The Yarkon Admin Console does not have access to your API credentials. It gains access to S3 resources based on the permissions granted to it through the role used for the EC2 instance. No API credentials are ever shared with any user and are ever sent over the internet to a client machine. Following AWS strictest security recommendations, clients only get short-lived temporary credentials.
  • Do you require an Email server?
    The product enables the end-users to self service their credentials, meaning that an end-user can reset her password in case it is lost. In this case, the email server is used to securely and confidentially communicate the newly auto-generated, temporary password to the user.
    You can set the email integration to None – but if you do so, users will not be able to reset their own password, and when a new user is created, the administrator will have to communicate their new password to them.
  • Can I use my GMail account as an Email server?
    You can, but you should not. Even though Gmail is the fastest way to get started with sending emails, it is by no means a preferable solution. Gmail expects the user to be an actual user and not a robot/application, so it runs heuristics for every login attempt and blocks anything that looks suspicious. Being that this is an team product, having access to an Email server is expected and required. Use the same Email server you use for your other automated emails.
  • Can I use AWS SES as an Email server?
    Absolutely. You can use SES as a service – the machine role created for the Team Edition should have access to the API by default.
    Alternatively, you can also use SES as SMTP – follow this document from Amazon on how to obtain your credentials; use the appropriate endpoint for the Server Name. Use the aforementioned SMTP credentials for the Username and Password. The Send From field must be a verified email address you can send from. Use the Display Name field to add a user friendly name.
  • Do you offer a free trial?
    We offer a FREE tier for Yarkon, but we also offer a 14 day free trial for all editions of Yarkon procured through the AWS MarketPlace. If you only want to see the system in action, use the Demo Application.
  • Where can I see the user manual for the client application?
    We add to our documentation all the time, and enhance it as needed. To get a good understanding of how to use the Yarkon web client application, please check out the tour: Demo.
  • What are the known limitations of Yarkon?
    See the limitations page for a list of current known limits on using Yarkon.
  • Suppose I encounter an issue, can you help?
    Absolutely. We have a good experience with organizations being able to set up the application without assistance, but your situation might be unique. Please contact us with any question you might have.
Pay as you go
$0.05per hour
per instance
Free Trial
Annual – 10% Discount
$400per year
per instance
Get it Now
We can handle any set up
Contact Us