ClearScale Creates Custom AWS App to Enable Secure, Remote File Access

Challenge

ADCO needed a way to provide on-site employees with secure access to files stored in remote locations.

Solution

ClearScale used AWS Storage Gateway to enable access to unlimited, cost-efficient cloud storage.

Benefits

Today, authorized ADCO employees can quickly access the resources they need without additional user authentication steps.

AWS Services

Amazon Storage Gateway, Amazon S3, AWS Lambda

Executive Summary

Headquartered in Staten Island, New York, ADCO Electrical Corporation specializes in electrical, structured cabling, and telecommunications solutions. The company maintains a large distributed workforce. Many of these employees require access to the company’s business analytics service but are not connected to the company’s secure, on-premise network. With the help of ClearScale, ADCO was able to implement a solution that keeps its network secure while enabling its remote employees to access the information they need.

The Challenge

ADCO Electrical Corporation employs a large staff of employees on-site and at project locations that often need to access PDF documents from the company’s Microsoft Power BI online business analytics service. At a remote location, employees are not on the company’s network. That makes accessing those documents a potential security risk for ADCO and a tedious, time-consuming process for the employees.

The company asked ClearScale to help develop an easy-to-implement solution that could make resource access easier for staff at project locations, while ensuring a high level of security.

"ClearScale provided a highly capable team to take us through the requirements-gathering most effectively. As a result, the process was cost and schedule certain. The access to documents has provided enhanced productivity and a fair quotient of WOW from our employees and clients."
Susan Hayes
Board Member, ADCO Electrical Corporation

The Solution

ClearScale’s solution includes a process for syncing the files needed by the remote employees with the firm’s on-premise network using AWS Storage Gateway. The hybrid cloud storage service enables on-premises access to virtually unlimited cloud storage, simplifies storage management, and reduces costs for storage. The solution also incorporates a user authentication application that integrates with the customer’s Office 365 Azure Active Directory (Azure AD), a cloud-based user identity and an authentication service.

Storage Gateway Diagram

ADCO Electrical Cloud Storage Diagram

All files that the remote staff may need are stored in cloud storage. As files are written to a Server Message Block (SMB) file share on the customer’s on-premise network, the AWS Storage Gateway syncs them with Amazon S3 file storage in the cloud. This triggers an event to add the new file’s metadata to a Microsoft SQL database.

When a user requests access to a PDF file, the request is received by a custom app written for AWS Lambda, an event-driven, serverless computing platform that allows for running code without provisioning or managing servers. The request is routed to Azure Active Directory to determine if the user is currently logged in and has access privileges.

If the user is logged in, the file opens in the appropriate viewer. Users that aren’t logged in are redirected to an Office 365 login page. This helps ensure that only remote employees who are logged into the company’s Office 365 account can access files.

The files are accessed from Amazon S3 using signed URLs for added security with access available via any internet connection. To prevent reusing the same URL, a signature is made valid only for a subscribed user and for a short period of time. The signed URL itself doesn’t provide access to the object in the S3 bucket, but it sends the request as the signed user.

Architecture Diagram

ADCO Electrical Cloud Architecture Diagram

The Benefits

By integrating AWS services with Office 365 and Azure Active Directory (Azure AD), the ClearScale solution ensures access to documents in Power BI is restricted to only those employees with authorization. Those employees can access the needed resources quickly without additional user authentication steps, and ADCO’s on-premise system remains secure.