Activity Alerts are system-generated notifications that can be configured to inform anyone of important events. These alerts are configured by administrators in the Activity tab of the administrative web portal, and are delivered through email, text message, or an integrated PSA system.
The Activity Log records important events that take place within the Anchor solution. By click- ing the Activity tab of the administrative web portal, administrators can track account cre- ation and deletion, data usage, machines, roots, organizations, and guests. Administrators can also filter activity based on a set of criteria, or create alerts so that they are notified when these events occur.
The Anchor server runs the proprietary Anchor backend server software, which brokers sync events among desktop clients including file servers. It is dependent on the PostgreSQL data- base, SQLite databases, and the raw binary data stores. The Anchor server can be hosted within a company’s internal infrastructure (Private Cloud) or it can be provided by Anchor’s hosted cloud infrastructure (SaaS).
The Apache server is an open-sourced web server software that is used to power the web portal. The Apache server depends upon the Anchor server, PostgreSQL, and SQLite data- bases.
An Application Program Interface (API) refers to a set of tools that help developers build interfaces to applications. The Anchor API (including API v1 and API v2) gives any developer the ability to bypass the existing Anchor interface and create a customized method of read- ing and writing files, creating, editing, deleting accounts and organizations, updating and viewing activity, and so forth.
API tokens are unique identifiers that grant access to an API for a customized period of time. When an API token expires, a new token must be obtained through a new API request. In Anchor, API tokens are used for authenticating with the Anchor API. For increased security, administrators can set a time limit for API tokens using policy settings.
Auto Locking for Word and Excel
The Auto Lock for Word and Excel feature automatically prompts users to lock Word and Excel files when they are opened from a Team Share. This feature is only available when work- ing from the desktop client on a computer or laptop. Administrators can turn this feature on or off in the Shares tab of the administrative web portal.
A Backup is a continuous, one-way synchronization process that backs up files and folders on registered Windows and Mac machines. These backups are stored in the cloud, and can be restored to any registered Windows or Mac machine as necessary. Depending on policy set- tings, end users and administrators can create and restore backups. Note: Anchor backups are designed to back up and restore important personal files, including Microsoft Office con- tent, pictures, PDFs, and so forth. The Backups feature is not designed to back up or restore entire operating systems or applications.
Anchor's bandwidth throttling feature allows administrators to configure the maximum num- ber of Kilobytes (KB) that can be transferred (uploaded or downloaded) per second. This fea- ture lets administrators conserve resources used by one machine, or one organization, in order to allow other machines to transfer data more efficiently when the server or desktop cli- ent location has limited bandwidth. Additionally, end users can configure their own band- width settings through their desktop client preferences on their local machines.
Branding allows administrators to set an organization’s look and feel. For example, admin- istrators can configure an organization to take on a custom: logo, icon, mobile splash screen, company name, company URL, program name, folder name, and terms of service. These branding settings will affect the look of the web portal, mobile apps, and the desktop client (on both Windows and Mac machines). In addition to these branding options, private cloud administrators can apply a custom Cascading Style Sheet (CSS file) to override the
default Anchor CSS file. This option allows administrators to control branding at a granular level, and fully customize the user experience for end users. Finally, a partner can submit a request to fully brand a mobile application. This branding service is provided at an addi- tional cost.
Collaborative Web Editor
The Collaborative Web Editor lets users edit documents, spreadsheets, and presentations when working in the web portal, without needing to download a separate application or nav- igate away from the system. Additionally, the Collaborative Web Editor lets users make changes simultaneously with multiple coauthors.
A collision is a file sync conflict that occurs when one file is modified in two different places at the same time. When this happens, only one of the versions will successfully sync to the server, and the other version will be marked as a collision. The Manual Collision Resolution feature can be turned on through a policy setting, and allows end users to resolve their own collisions by either changing the name of the out-of-sync file, deleting the out-of-sync file, or overwriting the existing cloud version of the file with their own out-of-sync version.
The CSV Import feature allows administrators to bulk-import users listed in a CSV file. A CSV is a comma separated values file, which allows data to be saved in a table structured format, similar to a spreadsheet. When a CSV file is used to import users, each user account rep- resents one line of the file, and each line contains metadata for one specific user account.
The format of each line must be: First Name, Last Name, Email, Quota in gigabytes (0 rep- resents unlimited).
Daily Email Digest
A Daily Digest email outlines detailed information about events that occurred within a spe- cific Team Share, including a list of files that were added or modified, when the event occurred, and the user who performed the action. These emails are delivered daily, around midnight (Pacific time). In the Shares tab of the end user web portal, users can turn on a Daily Email Digest for each Team Share to which they are subscribed.
The desktop client (also called Synced Tool) is an application installed and registered on a user's Windows or Mac machine. The desktop client grants the user access to his or her files, folders, and Team Shares. A desktop client can also be installed and registered on a file server or an LDAP server to allow Anchor to control remote folder structures and other set- tings.
Within an Anchor private cloud environment, dual hostnames refers to the process of con- figuring two separate hostnames for the Anchor service and Apache service, providing a unique Internet address for each separate service. Under this configuration, both the Anchor service and the Apache service can allow external connections through port 443, which improves security for web browser communication.
Email templates are used to define the content and format of emails sent to new user accounts, new guest accounts, share recipients, and more. When creating an email template, administrators include shortcode fields that populate based on the specific user’s account information. For example, when customizing a welcome email for a new user account, admin- istrators might include shortcode fields that populate with a user’s first name, last name, user- name, password, a link to the web portal, links to download clients, and so forth.
Encryption is the process of encoding information so that only authorized parties can read it. Anchor data is protected using 256-bit AES (Advanced Encryption Standard) encryption, both in transit and at rest.
Excluded extensions are restricted files that cannot be synchronized to the server. The Excluded Extensions policy allows administrators to restrict specific file types in order to accommodate the needs of an organization. For example, to restrict a music file, an admin- istrator might add .mp3 to the Excluded Extensions policy, preventing all .mp3 files from syncing to the cloud. Note: Temporary and system files and folders are permanently blocked from the system (hard-coded).
Favorite files are files that have been fully downloaded to an Anchor iOS app. The app will be aware of files that are not favorites, but only favorite files will be fully downloaded and available to be edited offline. Users can mark files as favorites, or they can unfavorite files, based on space limitations and access needs.
File and Folder Locking
A file or folder lock is a read-only permission that is set to temporarily—or permanently— protect a file or folder from being edited by others. By design, only Team Share files and folders can be locked to improve group collaboration. For example, when a user locks a Team Share file or folder, other subscribers will be unable to edit—and therefore overwrite— content while changes are being made. When an item is locked, a lock icon is placed over the file or folder, alerting other Team Share subscribers that it is in read-only mode. Locks are enforced across desktop clients, the web interface, and mobile devices.
A File Report is a listing of all files and folders to which an end user is subscribed. Users can access this listing from the File Report tab of the end user web portal.
File Server Enablement
A file server is a server that stores—and provides access to—a set of files and folders. File Server Enablement (FSE) allows administrators to map a folder structure on a file server to a Team Share or a user account in the cloud. With File Server Enablement, administrators can keep the existing file structure on a server while allowing remote access to its contents. File Server Enablement can also be used to completely replace the file server, if desired. Option- ally, administrators can specify a UNC path as a source for File Server Enablement.
In Anchor, file stores hold the actual encrypted data for each file revision. Metadata, such as filename, modified date, and other information, is stored separately in root stores, to improve accessibility and scalability.
File Sync Conflict
A file sync conflict occurs when a modified Team Share file is not syncing as expected to the server. Under normal circumstances, when an end user modifies a Team Share file on a local machine, the updated version will synchronize to the server, and propagate across each sub- scribed device. When a file sync conflict occurs, the affected end user will see a Resolve Sync Conflicts icon, indicating that a file sync conflict has occurred: a collision or a locked file revi- sion. The Resolve Sync Conflict dialog box helps the end user resolve these conflicts.
Filesystem permissions assign access rights to specific users, and control users’ ability to edit content. In Anchor, filesystem permissions are used in conjunction with file and folder lock- ing. Administrators can configure the Use Filesystem Permissions policy to enable filesystem permissions on certain file types. When these filesystem permissions are enabled, the desktop client changes the NTFS permissions on Windows—or HFS Plus permissions on Mac—in order to prevent changes by other users. These permissions allow for a much stronger lock, and are especially important for File Server Enablement environments where mapped drive users must be notified by the filesystem when a file is in use.
A Group is a collection of user accounts that act as a single entity within Anchor. Admin- istrators can organize user accounts into Groups to improve user management. For example, when creating Team Shares, administrators can add one single Group to the Team Share, rather than selecting and managing separate accounts.
Guests are temporary user accounts that can receive share links and upload content into shared folders. These guest users have limited access to the system, allowing for the transfer of files or folders, or for group collaboration on specific content. Guest accounts can be cre- ated manually from the web portal, or automatically when an end user sends a secure share to a person outside of their organization.
High availability (HA) is a characteristic of a system that aims to ensure continual service for a long period of time. By default, private cloud partners install the Anchor server, Apache web server, and the PostgreSQL database server on a single machine. For advanced private cloud environments—intended to support a high number of users—a high availability envir- onment can be configured, where the Apache server and PostgreSQL database server are installed on separate machines, and the Anchor server is replicated on multiple machines. Ultimately, this eliminates a single-point of failure at the Anchor level, and allows for improved service for large-scale environments.
A hostname is a unique name assigned to any machine connected to a network. In the Set- tings tab of the administrative web portal, administrators can specify an organization’s host- name. This hostname is used by the Anchor Server to generate links for login emails, forgotten passwords, and so forth.
Individual Space Quota
An Individual Space Quota is a policy that can be defined for individual user accounts; this policy sets a cap on the amount of data the specific user can consume. If an Individual Space Quota policy is not set for a user account, the user will consume data reserved for the entire organization, as defined by the Organization Space Quota policy.
Inherited policies are policies that are automatically assumed by an suborganization based on its parent’s settings. For security and management purposes, a suborganization’s admin- istrator will not see—or have the ability to change—these inherited policies, regardless of whether this policy is turned on or off.
LAN Sync refers to a file synchronization approach that accelerates the sync process when a shared file or folder already exists on a Local Area Network (LAN). End users can turn on the LAN Sync option from the desktop client’s Properties dialog box. When the LAN sync feature is turned on, a desktop client can often sync shared files from other desktop clients within the Local Area Network, rather than syncing exclusively with the Anchor cloud.
The Lightweight Directory Access Protocol (LDAP) is a service that provides a way to con- nect, search, and modify account directories. In Anchor, any LDAP authentication source, including Active Directory, can act as a source for user accounts within the system. When an authentication source is configured, an imported user can log in to the web portal using the credentials attached to his or her authentication source account.
Localization policies support users that speak non-English languages and who operate within different timezones. Default localization settings can be set at both the organization level and the user level. With this feature, administrators can improve their support of users all over the world, and also provide users with granular controls of their account settings and preferences.
Locked File Revision
A locked file revision is a file sync conflict that occurs when a user attempts to modify a file that has been previously locked by another user, either at the file level or the folder level. A locked file revision will resolve itself automatically when the file is unlocked by the initial user.
A machine is a computer, laptop, or mobile device that has been registered to a user in an organization. All machines for an organization are listed in the Machines tab in the admin- istrative web portal.
Machine logs are files that record desktop client events, including sync errors. Machine logs are stored on local Windows and Mac machines. Additionally, administrators can utilize the Machines tab in the administrative web portal to access Windows or Mac log files without needing physical or remote access to the affected machine.
Manual Collision Resolution
Manual collision resolution is a policy that allows end users to resolve their own file col- lisions by deleting or renaming the out-of-sync file, or by forcing the desktop client to sync the file as the latest version. Alternatively, administrators can disable the Manual Collision Resolution policy in the administrative web portal. This policy is usually turned off for file servers, or for machines that do not have users constantly monitoring the desktop client. When this option is disabled, collision files will be automatically generated.
A mobile device is a handheld computing device, such as a smartphone or tablet. Users can download an Anchor app on an Android, iOS, or Windows Phone device and register these devices using their assigned credentials. When a mobile device is registered, it will sync down all appropriate files and folders, and will be listed in the Machines tab within the administrative web portal.
Multitenancy refers to a system or software that houses multiple independent entities in one single environment. Anchor's multitenant architecture allows administrators to create sep- arate organizations and suborganizations for customers or groups, and manage all of these organizations in the administrative web portal.
Organizations are containers for a client, a site, or a group. For each organization, admin- istrators create policies and configure settings that define how the organization functions. All organizations are managed in the administrative web portal. Administrators can also create child organizations—called suborganizations—that inherit certain policies from its parent.
An organization administrator is a user account that managers organizations, accounts, shares, reports, and more from the administrative web portal. An organization administrator manages the organization to which he was added, including any of its suborganizations.
An organization URL determines the web address of the organization.
The Anchor Outlook add-in is an application that can be installed and registered on a Win- dows machine that is currently hosting Microsoft Outlook. After it is registered, the Outlook add-in allows users to generate and email share links—rather than standard attachments—to files and folders of any size directly from within a Microsoft Outlook application. With this feature, users can share links to synced items, as well as local content, without leaving their email platform.
The Pause Sync feature allows end users to temporary pause the sync process on their desktop client. This feature is useful when users want to conserve bandwidth, when they are working without an Internet connection, or when they want to work in isolation. Additionally, the desktop client will automatically pause a sync process when disk space is detected to be below 1GB.
When working in an Android app, users can pin files so that they are downloaded to the device. The app will display unpinned files, but only pinned files will be fully downloaded and available to be edited offline. Users can decide to pin and unpin files based on space limitations and access needs.
A policy controls the way in which an organization manages data, users, files and folders, API tokens, bandwidth, and other features. When creating or editing an organization, admin- istrators have the option of defining custom policy settings.
PostgreSQL is a reputable and reliable open source database that is known for its com- mitment to standards compliance. In an Anchor deployment, the PostgreSQL database stores policy and account information, and communicates with the Anchor server. It does not store information about individual files, and therefore remains relatively small, but critical.
Privacy Mode is a feature that prevents organization administrators from viewing data in an organization’s personal folders, team shares, and backups. When Privacy Mode is turned on for an organization, it cannot be turned off. The purpose of this feature is to allow organ- ization administrators to successfully manage Anchor for end users without accessing or view- ing potentially sensitive information.
A private cloud environment is a secluded infrastructure that houses the Anchor server and its components; a private cloud environment is managed by a partner, not by eFolder. As an alternative to a private cloud environment, Anchor can be provided by Anchor’s hosted cloud infrastructure (called the SaaS model).
Professional Services Automation (PSA)
A professional services automation (PSA) platform helps professionals, such as IT service pro- viders, develop, sell, bill, and implement technology solutions. Anchor can integrate with the ConnectWise PSA tool to help administrators track alerts or bill customers. Anchor can also integrate with Autotask to help manage and track alerts.
Users register desktop clients and mobile apps so that their user account is linked to their machines. When desktop clients and apps are installed, they must then be registered to the system before content can be downloaded and synchronized. All registered machines are lis- ted in the Machines tab in the administrative web portal.
A remote wipe is the process of unlinking a machine from a user account, which in turn deletes all Anchor data from the local machine. This security feature is helpful in instances when end users lose a device, and their data is at risk of being stolen or otherwise com- promised. Administrators can remotely wipe machines in the Machines tab of the admin- istrative web portal.
A report is created in the Reports tab of the administrative web portal, and contains one or more gadgets that help administrators track space usage, monitor accounts and machines, view activity, and more. Administrators can export these reports to a PDF, Excel, or CSV file; administrators can also email these reports to a list of recipients. Reports can be run on an ad-hoc basis, or administrators can set up recurring reports.
Restore Deleted Feature
The Restore Deleted feature restores a specified set of previously deleted files and folders. The Restore Deleted button can be found in the Files tab of the end user web portal.
Revisions are versions of a file. Anchor stores a revision for each file stored in the system, allowing users to view or restore older revisions if necessary.
Revision Rollback Feature
The Revision Rollback feature allows users to restore all files within an entire folder to an earlier version before a selected date. This feature is particularly useful in situations where all items in a folder might have been compromised or corrupted on a specific date (for example, through a ransomware infection). All files in that directory and lower will be restored back to a former, healthy state.
A root is a bucket to hold data; every type of data in Anchor lives within a root. Only top level folders are roots. The system includes three types of roots: a personal root, a backup root, and a Team Share root. A personal root is a directory that is created when a user account is generated in the system. This directory contains all personal files and folders. A Team Share root is a directory that is shared with multiple user accounts. A backup root is a directory that stores files and folders that can be restored in the event of data loss. Backup roots are not replicated to other machines.
Within an Anchor server environment, root stores (SQLite databases) hold a file’s metadata, such as filename, modified date, and revision information. File stores, on the other hand, hold the raw binary data apart from its metadata, to improve accessibility and scalability.
rsync is a utility used to keep files in sync between systems. Anchor utilizes an rsync-derived algorithm that only sends and stores a file’s deltas (changes) from revision to revision. This algorithm detects byte-level changes and, unlike block-level algorithms, ensures that entire files are not re-upload during each sync event.
The Software as a Service (SaaS) model is a hosting option that allows the Anchor service to be completely housed and maintained by eFolder. With the SaaS model, partners can man- age Anchor without needing to install and manage the server. As an alternative to a SaaS environment, the Anchor service can be installed in a private cloud environment, which gives partners the ability to manage their own server within their internal infrastructure.
Secure Share Link
End users can send secure share links to users in an organization or outside of an organ- ization. These secure share links require each recipient to log in with unique credentials before accessing the shared content. When users send a secure share to a person outside of an organization, the system automatically creates a guest account, giving that guest access to the file or folder.
A service account is a standard user account configured for a server, rather than a true user. When installing a desktop client on a server (for example, for File Server Enablement), a ser- vice account should be created for use during the registration purposes. The service account should not be subscribed to Team Shares, and should be set to use a fixed user space quota of .01GB.
Service plans allow administrators to create feature and policy bundles that their customers can opt-into through a registration form.
Shares links allow users to share a direct link to a file or folder. These share links can be sent to users in an organization or outside of an organization, and can be public (no login cre- dentials required) or secure (login credentials required).
Show Deleted Feature
The Show Deleted feature allows users to view files and folders that have been marked for deletion. In the end user web portal, users can click the Show Deleted button to view all files and folders that have been previously deleted. Users can then click the Restore Deleted but- ton to return the files and folders to their original location.
The Snapshot feature allows administrators to easily copy a Team Share or a user’s personal data as it existed at a specific point in time, including content that was previously deleted, recreated, or changed. This feature is especially useful in helping users recover from advanced ransomware attacks, where a file’s revision history might have been affected.
An Organization Space Quota policy determines the amount of data that is reserved for the organization. By default, all users pull data equally from this reserve. Optionally, admin- istrators can set an Individual Space Quota policy for a user, which sets an individual cap on the amount of data the user can consume.
Subscribers are users who have been added to a Team Share. These subscribers can then access the Team Share on any of their connected devices, as defined by the Team Share’s subscription rules.
Subscription rules determine where subscribers can access Team Share content. Subscription rule options include: Web and Mobile access, WebDAV access, desktop client access, and future desktop client access. Administrators define subscription rules when they create Team Shares from the administrative web portal.
A sync status is a visual indicator alerting users of the desktop client sync process. When adding, deleting, or changing a file in Synced Folder, the desktop client will update file and folder icons to indicate what is currently up-to-date on the server. Status indicators include: synced (green icon) and currently syncing (blue icon).
Synced Folder is the unbranded name of the folder where users access synced content on their local machines. When the desktop client is installed on a local machine, it auto- matically creates Synced Folder, allowing users to access all of their synced items from this one central location.
Synced Tool (also called the desktop client) is the unbranded name of the application installed and registered on a user's Windows or Mac machine. Synced Tool gives the user access to his or her files, folders, and Team Shares. Synced Tool can also be installed and registered on a file server or an LDAP server to allow Anchor to view remote folder structures and other settings.
A System Administrator is the highest-level administer who has access to all data and organ- izations within the system. Only private cloud partners have access to this user account type.
A Team Share is a shared, collaborative space where groups of subscribers can access the same synced content. Team Shares can only be configured for users in an organization; guest accounts cannot be added to Team Shares. End users can create their own Team Shares, or administrators can create Team Shares for end users.
Two-Step Authentication adds a second verification step when a user logs in to the web portal, or when the user registers a desktop client, the Outlook add-in, or a mobile device. With Two-Step Authentication, end users are sent an authentication code through an Authenticator Mobile App, text message, or email, depending on their own configuration set- tings. They must then enter their authentication code—along with their username and pass- word—before they can access the system or register a device.
Unattended (silent) mode is a method of installing and registering the desktop client on a user’s local machine without requiring the user’s intervention. A desktop client can be installed and registered in unattended mode by running an executable file from the com- mand-line.
Standard user accounts (end users) can be created by system or organization administrators manually, from an LDAP authentication source (such as Active Directory), or through a CSV import. User accounts have access to the web portal, and also have the ability to download apps. Standard user accounts do not have access to the administrative web portal.
The web portal is Anchor’s web interface. The web portal is split into two main sections: the administrative web portal and the end user web portal. The administrative web portal allows administrators to create organizations, user accounts, and manage policies; the end user web portal allows end users to access their personal files and folders and shared content.
Web Preview Tool
Anchor’s fully integrated Web Preview tool allows users to view files and folders in the web portal and access advanced viewing functionality without downloading content or nav- igating away from the system.
The web-access.log file provides private cloud partners with detailed information on cap- tured events. The web-access.log file can be found in the Anchor server log folder, and con- tains information related to user access, file and folder activity, and so forth.
Web Distributed Authoring and Versioning (WebDAV) is an extension of the HTTP protocol, and is supported by Anchor. WebDAV is another way for end users to view and edit doc- uments— both personal and through team shares— located in the cloud.
A welcome email is a system-generated email distributed to end users when they are first added to the system. The welcome email includes login credentials and links to access the web portal and download devices. Administrators can customize this email in the administrative web portal