Sandstorm for Work Beta: LDAP, SAML, organization management
By Kenton Varda – 06 Apr 2016
Sandstorm is a great way to run open source collaborative productivity apps like document editors, task managers, chat rooms, file sharing, and more (54 apps and growing), all in one place. Lots of people – including us – use Sandstorm every day as part of doing their jobs. For example, right now I am composing this blog post inDillinger running onSandstorm Oasis (our hosting service), but many people choose to self-host Sandstorm on their own machines.
Sandstorm for Work makes self-hosted Sandstorm easier to integrate into a corporate environment. That means you can:
- Integrate with LDAP (including Active Directory) or SAML for single-sign-on.
- Manage user groups and domains as whole units rather than inviting each user individually.
- Specify organization-wide access control policies, like “no sharing outside of the organization”.
- And more…
We’re in beta now, so not all features are ready yet, but once you’ve installed Sandstorm you’ll automatically receive updates as they become available.
To get started now, install Sandstorm and choose “Sandstorm for Work” during setup (or if you already have a server, look for the “for Work” tab in the admin settings). Sandstorm for Work is priced at $15/user/month, and currently we’re offering a 90-day free trial. (It’s still open source! More on that in a bit.)
Productivity Apps Large and Small
With Sandstorm for Work, you can run apps similar to popular SaaS products, but keep your data in-house. For example, you can runEtherpad andEtherCalc instead of Google Docs,Wekan instead of Trello,Rocket.Chat instead of Slack, andDavros instead of Dropbox. Once you have Sandstorm running, you can install each new app with a click – no need to create a new account on a new service, and no worry about whether that service is sufficiently private and secure. With Sandstorm, running apps in-house is actually easier than using SaaS.
But even more interestingly, you can run apps on Sandstorm that aren’t available anywhere else, like Simon Vansintjan’sAnnotate. The idea behind Annotate is simple: upload an image, then annotate it with comments. We at Sandstorm use it to discuss UI and illustration mockups. Here’s me using it to comment on a slide deck we’re working on:
What I love about Annotate is its simplicity: Simon wrote the whole thing in a couple weekends. And yet, it’s enough to be useful to design teams anywhere. No matter what Simon decides to do in the future, this app will never disappear, and you don’t have to trust Simon because your data stays on your server.
Annotate is just one of54 apps and growing on our app market. By installing Sandstorm at your workplace, you get access to all of these at once, under a single login, and without giving up control of your data.
Security Behind the Firewall
Of course, if you want to run apps on your own infrastructure, behind your firewall, you need to think about security. A malicious app – or a buggy app that gets hacked – can compromise your whole network.
Fortunately, Sandstorm protects you. Sandstorm is the only container engine that implements fine-grained isolation , locking every document in its own container. By doing so, it prevents any app from compromising the server or network, and indeed it renders 95% of app security vulnerabilities moot before they are even discovered .
Developing for Enterprise
Are you a developer of a web app aimed at enterprise? Do you ever get requests for an on-prem version, but find it hard to fulfill this request given the myriad environments and infrastructure you’d need to support? Perhaps we can help. If you target Sandstorm, then these logistics become our job. If your app works on one Sandstorm server, it will work everywhere. If you are interested in learning more, check out our developer features ande-mail us.
Is it Open Source?
Yes! Sandstorm for Work features are part of the same codebase as the rest of Sandstorm and under the same Apache 2.0 license. However, in order to unlock Sandstorm for Work features, we ask that you buy a “feature key” from us.
So how does that work? Can’t anyone just remove the feature key check? In fact, yes, you can. However, if you did that, you would not be able to take advantage of our automatic updater, which ensures that your server is updated to the latest version within 24 hours of any release with no effort on your part. Automatic updates are important to keep your server secure and to make sure you can always run the latest apps.
Purchasing a feature key also entitles you to priority support. However, we don’t want to be a company who primarily sells support, because we think that creates a perverse incentive for us to make our product hard to use. Indeed, it is our goal that no one should ever need to contact support at all, but under a support model, we’d be putting ourselves out of business! Under the feature key model, we are selling features, and promising support if there are problems. This way, we are incentivized to make sure there are no problems, because then we don’t have to answer support tickets.
We like to release features early and often – we push a new release almost every week. What we are announcing today is only the beginning of what we have in store for Sandstorm for Work. Over the coming months, we’ll be adding features like group management (to make it easier to share documents with your team), audit logging (keep track of who has been accessing what, for security and compliance purposes), customizable access control policies, and much more.
If you install Sandstorm today, you’ll automatically get these features as they become available – your server will automatically update after every weekly release with no action needed on your part. So why not install now and see what you think? Feel free to file a bug to tell us what you want to see next.
转载本站任何文章请注明：转载至神刀安全网，谢谢神刀安全网 » Sandstorm for Work Beta: LDAP, SAML, Organization Management