Here is a simple explanation for overall business and operation circle to get sandbox office environment with Teleon service support.
First, please review Teleon service and SyncOffice and SyncOS product information on Teleon document site.
You can find brief service plan on Teleon web portal.
To order a type of Teleon service, you need to sign up and order in Teleon client site.
You can download SyncOffice-VA image and Windows SyncOffice suite free of charge. Downloading corporate class products needs a small amount of fee. You can download them after place an order (free or paid) from Teleon client site. The Teleon service ordering only impact SyncOffice Manager application's login, it has no impact to installation and running of Teleon software once you get it.
All SyncOffice and its related utility software are portable applications. There is no need to setup. Unzip the software into a folder and click to run.
SyncOS and SyncOffice-VA are provided as an iso image file. You can use SyncOffice Manager to create a bootable live USB drive from the iso image file. After live USB drive created, insert it into PC's USB port to boot the PC into a working SyncOS.
For SyncOS working in a sandbox environment, cloud access should be its daily work place. To isolate the end-user from touching corporate cloud login credentials, SyncOS retrieves the cloud settings from within the USB drive and automatically login to the corporate cloud. The retrieved cloud setting file is an encrypted file rclone.conf.tes.
Customer administrator need to run an Rclone application instance on any PC to login and connect to his corporate cloud, to get a cloud setting file. Then import this rclone.conf file into SyncOffice Manager as the source to create the encrypted cloud setting file rclone.conf.tes and copy into USB drive.
As first step to create a certificate for an end-user, a certificate signing request (CSR) file need to be created on his PC. Each CSR is associated with one specific PC with the PC's footprint data. A CSR created on one PC typically cannot work on another PC, unless these two PC have the same footprint.
One end-user can have multiple CSR, each for his one specific device/PC. Multiple CSR can be also created on one device/PC, but each CSR should have a different username and password pair.
Use CSRGen Java application or SyncOffice's Login Extension to generate a CSR for the device. After a CSR file is created, the end-user submits the CSR file to his administrator via any means.
Once received a CSR file from an end-user, the administrator copies the CSR file into SyncOffice Manager's /repository_certrequest subfolder.
Now customer administrator can create a certificate for the received CSR. A certificate is an plaintext INI file with .crt file extension. All its item data values are encrypted. If the end-user uses SyncOS, the certificate file is embedded into the USB drive and it is as a whole encrypted again into a .crt.tes file, add second layer of protection.
If the end-user uses standalone SyncOffice suite under Windows, the certificate file need to be handed over to the end-user to let him copy it into SyncOffice application folder (where soffice.exe resides). Using standalone SyncOffice suite is less secure than using SyncOS or SyncOffice-VA, though it's more convenient and efficient.
Launch of SyncOffice is similar to launching LibreOffice. SyncOffice adds a new main top bar "Login" menu, which is realized by Java Login Extension. If you use SyncOffice without touch login menu, it should be the same as running an ordinary LibreOffice, you can read and author ordinary LibreOffice compatible document.
If you want to read or edit SyncOffice protected document, you need login to do authorization against your certificate and RAS/RSS server. Once authorization is passed, you goes into SyncOffice sandboxed environment. In this sandbox, you still can open and edit document previously created by LibreOffice, plaintext or password protected. Besides, it also can open and edit document created under SyncOffice sandbox, it saved document is sandboxed and will not be able to be opened by LibreOffice or SyncOffice in logoff state.
There is also a personal freeware option mode for SyncOffice. It is activated by enabling runtime-setting in Login sub-menu, and won't need login, won't need to pay for a license. For details, please refer to the following related chapters.
The most secured work environment is SyncOS. Using SyncOffice Manager, customer administrator can create a bootable live USB and embeds an end-user's certificate into this SyncOS Live USB drive. Within SyncOS, there is a dedicated LXC container running SyncOffice suite application.
The end-user's SyncOS Linux user is always "teleon". Its default set password is "as200712".
In case of use with local certificate, the password can be set by the administrator, and written into the certificate. This administrator defined password should be informed to the end user before use. When live USB boot up, it will automatically do certificate audit first and then when passed, set the password and allow user login as Linux user "teleon".
Use of SyncOffice under SyncOS is the same as under Windows. The end-user need to do login procedure for authorization and the security concept is the same as under Windows.
When use SyncOffice-VA with certificate, customer administrator need to insert certificate and Rclone cloud setting file into the SyncOffice-VA image file. This can be done by using WinISO or other 3rd party iso image utility tools.
SyncOffice-VA image file can be used in VirtualBox or other virtual host. In such case, it's used as virtual guest's boot media file.
SyncOffice-VA image file can also be burned to a CD/DVD boot disc or bootable USB drive.