• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 372
  • Last Modified:

Secure FTP from outside network to external TB hard drive

I have this grand idea but I'm not sure how exactly how to bring it to fruition.  :-)

I have a windows 2003 server at the office acting only as a file server.

 I've just ordered an External Terabyte drive for data and backups...it hasn't arrived and therefore hasn't been configured.  

I have a Linksys Wireless Router - nothing special, no VPN capabilities.  

Static IP at the office with 6Mbps Down and 3Mbps Upload Speed (supposedly)

Question - Can I configure my network so that I could backup my data from home or my remote offices via FTP to the External Terabyte drive securely?

I don't currently have a separate firewall (although I'm sure I should, I just haven't found the right one since my PIX got flooded in Hurricane Wilma)....should I have one before I implement this solution?

Please help.  

Also, let me know if you need any more information.  
0
MKSKCS
Asked:
MKSKCS
  • 4
  • 3
1 Solution
 
giltjrCommented:
I would strongly suggest NOT using FTP alone.  I would suggest using a real backup program.  A real program will be able to do incremental backups.  That is, do a full backup say Sunday night, and then just backup the files that change Monday-Saturday.  Most real backup programs will also do data compression so it sends less data over the wire for backups that are done over WANs.

As for security, I would suggest working on setting up a site-to-site VPN's for your remote office and computer to site for you home.

You also need to look at the other part of the connections.  You office may have 6Mbps/3Mbps, but if the remote locations is 768Kbps/128Kbps, then you through-put for backing that remote location is 128Kbps.

If you really, really, want to use "ftp", I would suggest using either sftp or scp.  Both are really ssh connections that simulate ftp or rcp, but because they are ssh based they are secure.
0
 
MKSKCSAuthor Commented:
Thanks for the response.  I understand that a site to site VPN would be best but I'm looking at having up to 20-30 different locations backup to this location so Site to Site isn't always going to work.  Also, with a VPN, the job can't be scheduled unless the VPN is always on....right?
0
 
MKSKCSAuthor Commented:
Perhaps I was unclear in my first post....I'm looking to be able to have several locations backup to my office on the TB drive securely. The backups won't be nightly....think more along the lines of monthly if that will help...just as a safeguard in addition to their onsite backups.   How do I do it?
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
giltjrCommented:
--> 20-30 different locations backup to this location so Site to Site isn't always going to work

Why not?  With the proper equipment you have have 30, 100, 200 remote sites all setup with VPN to a single "central" site.

--> with a VPN, the job can't be scheduled unless the VPN is always on....right?

Depending how you do the VPN, you could schedule the VPN connection just like you do the backup.

--> Perhaps I was unclear in my first post....I'm looking to be able to have several locations backup to my office on the TB drive securely.

Yes you were clear.   So was my answers: Using a real backup product over a VPN will allow you to do backups to your office securely, or using sftp (SSH FTP) or scp (SSH RCP).  Does not matter if it is one or 100 sites.


--> The backups won't be nightly....think more along the lines of monthly if that will help...just as a safeguard in addition to their onsite backups.  

I would assume that if you are doing monthly that you would be doing full "backups" and not incremental.  I would also assume that loosing 29 days of data is fine for your business.  

You need to think about the volume of data from each site and the bandwidth from each site.  Say you have a site that need to backup 100GB and its Internet connection is a 1500/384 Kbps link.  It would take about 29 days to back that site up.  Utilizing 100% of the 384Kbps.  

You may want to look if it would be worth the time (wall clock and CPU) to create a zip file with everything you want to backup and ftp is.  If the files you are backing up are mainly text, then you could get as high as 95% compression, which will take that 100GBs down to 5GB, and 29 days down to 1.5.


--> How do I do it?

You have two basic options.  You can either put a ftp server at each location that supports either SSL FTP or SSH FTP, and then get a SSL (or SSH) ftp client at your home and initiate the connection from your home to "get" the files.  Or you can put up a SSL (or SSH) ftp server at your home and then get SSL (or SSH) ftp clients for each location and have each location initate the transfers to your home.

Both SSL and SSH are fairly easy to setup.  SSH may be a bit easier as NAT causes some issues with some SSL FTP servers and clients.

0
 
MKSKCSAuthor Commented:
Well, aren't you friendly? That's ok, I didn't ask for friendly advice, just advice...and I appreciate it.  

--> 20-30 different locations backup to this location so Site to Site isn't always going to work

----->Why not?  With the proper equipment you have have 30, 100, 200 remote sites all setup with VPN to a single "central" site.

I wasn't aware or thinking of the ability of a scheduled VPN connection.  Sorry.  I guess that would work.

--> Perhaps I was unclear in my first post....I'm looking to be able to have several locations backup to my office on the TB drive securely.

----->Yes you were clear.   So was my answers: Using a real backup product over a VPN will allow you to do backups to your office securely, or using sftp (SSH FTP) or scp (SSH RCP).  Does not matter if it is one or 100 sites.

I didn't mean that your answer wasn't clear, I just noticed that I didn't provide as much information as I could've....again, sorry.


--> The backups won't be nightly....think more along the lines of monthly if that will help...just as a safeguard in addition to their onsite backups.  

----->I would assume that if you are doing monthly that you would be doing full "backups" and not incremental.  I would also assume that loosing 29 days of data is fine for your business.  

I was thinking of full backups, but again, this was just a grand plan, nothing I'd sat down and thought through hours and hours on...therefore I hadn't thought of the VPN solution.  Each of the sites do a backup nightly to their server there.  Those are checked and verified.  The monthly would just be an "if the world ended solution"....a backup of a backup....Either way, the VPN option you're suggesting would allow for the incremental as you suggested.

---->You need to think about the volume of data from each site and the bandwidth from each site.  Say you have a site that need to backup 100GB and its Internet connection is a 1500/384 Kbps link.  It would take about 29 days to back that site up.  Utilizing 100% of the 384Kbps.  

Yes, I understand this.  I have several locations connected via a WAN (no VPN) now that all backup to an autoloader at one location so I'm aware of bandwidth usage for this type of backup.


---->You may want to look if it would be worth the time (wall clock and CPU) to create a zip file with everything you want to backup and ftp is.  If the files you are backing up are mainly text, then you could get as high as 95% compression, which will take that 100GBs down to 5GB, and 29 days down to 1.5.

Good idea.  I have a batch file (different project) that pulls info from an ftp site, zips it, then ftps it to another so a modification of that might work.  

--> How do I do it?

---->You have two basic options.  You can either put a ftp server at each location that supports either SSL FTP or SSH FTP, and then get a SSL (or SSH) ftp client at your home and initiate the connection from your home to "get" the files.  Or you can put up a SSL (or SSH) ftp server at your home and then get SSL (or SSH) ftp clients for each location and have each location initate the transfers to your home.

Both SSL and SSH are fairly easy to setup.  SSH may be a bit easier as NAT causes some issues with some SSL FTP servers and clients.

Thanks.
0
 
MKSKCSAuthor Commented:
If I were to do the site to site VPN (would it actually have to be site to site if it was from just the server? couldn't it just be user then?), would I schedule the connection and then schedule the job to backup to disk with the TB drive being mapped to a drive letter upon connection to the VPN?
0
 
giltjrCommented:
It would not need to be site to site.  The advantage of site to site is that generally you have devices that will do the VPN connection, which offloads the encryption/decryption.

A site to computer would work just as fine.  The encryption overhead may not be that big of a deal because bandwidth it what is going to be the limiting factor.  Unless you have old (less that 1Ghz) CPU.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now