This guide highlights important best practices to guide you as you create and manage organizations and support end users. 

Best Practice 1: Limit access to the master organization

When you first log in to the administrative web portal, you will only see one organization in the left-hand Organization navigation bar. This is the master organization.

This master organization should remain empty; except for a few trusted administrators, users should not be given access to the master organization, and it should never be configured for internal or customer use. 

Why is this important?

Organization administrators have the ability to view content and user account information within the organization to which they have been assigned. Additionally, unless Privacy Mode has been enabled, they also have the ability to view this information in lower-level organizations. To mitigate the chance of exposing sensitive customer data to unauthorized individuals, you should only create organization administrator users within the organization to which they need access. 

Additionally, the master organization’s Dashboard provides a totaled overview of all organization data usage, activity, and so forth.  If the master organization is actively used as an organization, there is no way to view the actual usage for this organization apart from suborganizations’ usage. 

To learn more, please review Create and configure organizations

Best Practice 2: Take advantage of the relationship between organizations and suborganizations

When you create a suborganization, it inherits certain policies from its parent; you can also configure separate policies while still allowing the two entities to maintain a relationship and share resources.

For example:

• In general, it is recommended that you keep the Allow users to erase deleted files policy turned off; however, if one or two users need to retain this privilege, create a suborganization, turn on this policy in the new suborganization, and add these users to the suborganization.
• If you want to turn on Privacy Mode for one or two users (for example, a CEO), create a suborganization, add this user, and then turn on Privacy Mode (see below for best practices related to Privacy Mode).
• If you want to restrict storage quota for a Team Share, create a suborganization for this Team Share, and configure storage quota policies accordingly.

Why is this important?

You can take advantage of the system’s flexible, multi-tenant structure to make the best use of policies and settings.

Please note, however, that if you reorganize organizations and suborganizations after File Server Enablement is mapped to a Team Share, these mappings might break when moving the Team Share. Please contact  Axcient  Support for help.

 To learn more, please review Manage Inherited Policies in Suborganizations.

Best Practice 3: Configure branding,  outbound emails, and email templates before deploying desktop clients

If you decide to utilize custom branding settings, or if you would like to set up your own email settings for outbound emails (for sending alerts, welcome messages, and so forth), this should be done prior to inviting users and deploying desktop clients.

Why is this important?

If an end user installs a desktop client before branding is configured, the desktop client will not reflect these new branding settings. Desktop clients need to be reinstalled to reflect new branding settings.

Additionally, properly setting up an email settings for an organization will ensure that end users receive email notifications.

To learn more, please review:

• Set Custom Branding
• Update Desktop Clients with New Branding Settings
• Integrate Microsoft Exchange with x360Sync
• Customize Email Templates

Best Practice 4: Take advantage of integration options

You can integrate x360Sync with various technologies. For example: 

• To improve bounce rates for outbound emails, integrate with your preferred email system (including Microsoft Exchange, Office 365, Gmail, and more).
• To import user accounts, integrate with any LDAP authentication source (for example, Active Directory).
• To easily manage customer alerts, integrate with a PSA system (including ConnectWise and Autotask); these should be set up in conjunction with alerts.
• To track collisions, integrate with a RMM platform (for example, ConnectWise Manage® (Labtech)); you can then configure rules through your RMM platform. 

Why is this important?

These integration options will help you support and manage your customers. You can also utilize our API for customized integration options.

To learn more, please review:

• Integrate Active Directory with x360Sync
• Integrate x360Sync with ConnectWise
• Integrate x360Syncwith Autotask
• Tracking Desktop Client Events inx360Sync
• Working with the x360Sync API

Best Practice 5: Allocate sufficient storage quota

It is important to allocate sufficient storage in a way that accounts for growth and data retention. You should consider that Team Shares, personal files and folders, deleted files and folders, revisions, and backups all consume data. Note that Team Share deletions and revisions will count towards storage quota of the Team Share.

User accounts can be configured to consume this data in one of two ways:

• Shared quota—this option allows the user as much storage as necessary, up to the organization limit.  In most cases, you will probably utilize this option.
• Individual space quota—this option allows the user a fixed storage limit. This is useful in specific instances, like when one user consumes a lot of data, and needs to be restricted.

Why is this important?

When the data quota has been reached for a user account or for the organization, the sync process might be affected.

To help track storage quota, it is recommended that you create an alert in the Activity tab to be notified when an organization—or a user account—has reached a certain percentage of its storage quota.

You might also consider integrating with a PSA system, or creating an email rule, to track and manage these alerts.  Finally, use the Reports tab to create reports that will help you track storage usage within the system.

To learn more, please review:

• Determining Space Quota Limits for Organizations
• Managing the x360Sync Activity Log and Creating Alerts

Best Practice 6: Pay attention to bandwidth throttling

x360Sync's bandwidth throttling feature allows you to conserve resources used by one machine, or one organization, to allow other machines to transfer data more efficiently when the server or desktop client location has limited bandwidth.

Why is this important?

As an administrator, you can configure bandwidth throttling settings at the organization level, or for individual machines.

Additionally, end users can each configure individual bandwidth settings through the desktop client’s Properties dialog box.

The desktop client utilizes all available bandwidth, unless otherwise restricted at the organization level or the individual machine level.  Bandwidth throttling settings allow administrators to specify a maximum amount of data (in Kilobytes) to transfer per second; these settings are not configured based on a percentage of available bandwidth. If the server sends a block of data, the network will send it as quickly as possible. When download or upload speeds hit the maximum bandwidth setting, the speed is throttled back before the next block of data is sent

Bandwidth throttling settings should be considered based on specific environment and network variables, so it is important to understand how bandwidth throttling works before making changes to an organization or a machine policy.  When configuring server-side bandwidth throttling settings, for example, you should monitor the server to ensure that bandwidth is not restricted to a point that might cause collisions.

To learn more, please review:

• Configure Bandwidth Throttling

Best Practice 7: Create service accounts when configuring File Server Enablement and Active Directory

When you need to install and register a desktop client on a server—for example, for File Server Enablement or Active Directory integration—register the desktop client to a service account, rather than a real account used by a real user.

A service account should not be subscribed to Team Shares or contain personal files and folders, should be set to use a fixed space quota of .01GB, and should be configured using a predetermined naming system (such as First Name: File Server; Last Name: LDAP).

Why is this important?

Using a service account will prevent unnecessary storage usage. 

You have two options to help you manage service accounts:

• Create one service account in the master organization and register all File Server Enablement and server desktop clients to this one service account.  
• Create one service account for each organization.

To learn more, please review:

• Manually Create User Accounts
• Set up File Server Enablement

Best Practice 8: Plan Team Shares to take advantage of subscription rules

You can use subscription rules to control whether or not Team Share content is synchronized to certain devices. You can select from the following subscription rules:

• Web and mobile access
• WebDAV access
• Machine (desktop client) access

To best utilize these subscription rules, create separate Team Shares for content that should only exist on certain device types.

Additionally, in the Shares tab of the end user web portal, end users can also turn off the syncing of Team Share content to their machine (desktop clients).

Why is this important?

Team Share subscription rules are useful when you want to prevent certain Team Share content—for example, a Team Share with large video files—from utilizing local storage on users’ machines.

For example, you can use subscription rules that ensure Team Shares with large file types don’t sync down to machines, and instead only display in the web portal or through WebDAV.

To learn more, please review: 

• Create and Manage Team Shares
• Create Share Links as an End User

Best Practice 9: Configure Auto Locking and hard locks for Team Shares

In most instances, it is recommended that administrators turn on the Auto Lock Word/Excel feature for Team Shares, and also enable hard locks.

• The Auto Lock Word/Excel feature automatically prompts users to lock Microsoft Word and Excel files each time they are opened.
• The Use Filesystem Permissions policy determines whether locks are hard or soft.

Why is this important?

Hard locks change the NTFS permissions on Windows, or HFS Plus permissions on Mac, in order to prevent users from editing a locked file.

By turning on the Auto Lock Word/Excel feature for Team Shares, and by enabling hard locks, you ensure the best possible user experience and help prevent file sync conflicts.

To learn more, please review:

• Create and Manage Team Shares
• Configure the File and Folder Locking Feature
• Locking Files and Folders

Best Practice 10: When transferring large amounts of data to the x360Sync server, take advantage of File Server Enablement

When you turn on File Server Enablement for a machine, you can easily sync that data to a Team Share that already exists on the x360Sync server.

To facilitate the transfer of a large data set to the x360Sync server, you can turn on File Server Enablement for multiple VMs, rather than rely on one server to transfer this data.

Why is this important?

When you make use of multiple VMs—rather than just one single server—you can reduce the amount of time it takes to transfer data.

For example, if transferring 1TB of data from one machine takes one month, transferring this data from two machines will take two weeks.

To learn more, please review: 

• Set up File Server Enablement

Best Practice 11: When troubleshooting syncing issues, refer to machine logs as a first step

If you suspect that the system is not properly syncing data, you can monitor the syncing process in a number of different ways:

• View logs in the Machines tab.
• Compare the number of files in Team Shares with the number of files in any mapped file server.

Why is this important?

You can often troubleshoot and diagnose syncing problems by reviewing these logs and database files.

If you do find sync issues, ensure that the version of any affected desktop client is current. You might also try stopping and restarting the service on an affected machine.

It is recommended that you never uninstall and reinstall the x360Sync desktop client.

If you uncover major issues, please contact  Axcient  Support.

To learn more, please review:

• Monitor Machines and Access Logs Using the Machines Tab
• Retrieve Logs from the Mac Desktop Client

Best Practice 12: If applicable, turn on Privacy Mode as a last step

If you decide to turn on Privacy Mode for an organization, ensure that this feature is turned on as a last step. Specifically, before you turn on Privacy Mode, make sure that:

• Team Shares are created
• User accounts have been created and added to Team Shares
• File Server Enablement is configured
• An alert has been created in the Activity tab to notify when an account has been added to the organization, or when a user has been subscribed to a Team Share

Why is this important?

When Privacy Mode is enabled for a lower-level organization, you will not be able to:

• Browse or manage the content of personal folders, team shares, or backups
• Create backups
• Subscribe to team shares
• Move items—such as user accounts or team shares— to outside organizations
• Configure File Server Enablement

You should create alerts to ensure that only authorized users have access to the organization.

To learn more, please review:

• Turn On Privacy Mode