[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 313
  • Last Modified:

Inter-Site VPN File Transfer - Good Practices?

I have 3 sites connected with site-to-site VPNs using RV042.
The service is ADSL with 3000kbps down and 500kbps up.  
So, file transfers from site to site are  necessarily limited by the 500kbps upload speed that's available.
(We're considering upgrading the speeds and that's one good reason for this question).

I'm in the middle of running some tests because of the following:
- I know that external ftp transfers do work at the limits of the ADSL
- Windows file transfers through the VPN, like copy and paste, are *very* slow.  They seem to start up quickly enough but the tranfer rate seems very low.  (I'm measuring this now.)
- I want to compare doing Windows transfers (as above) to doing ftp transfers over the VPN.
In the end, we want to do useful/responsive file sharing between sites.

One consideration would be to set up a file server at one site and then use ftp over the VPN between sites but I'm not sure it's worth the trouble or if using ftp is going to be any better than the Windows transfers or if there isn't even a better way to get decent transfer rates.  I'm not even sure I can sell this approach to the users.

What are good practices for site-to-site file sharing like this?
Fred Marshall
Fred Marshall
  • 4
  • 4
3 Solutions
Look at DFS if all sites are AD and members of the same AD domain/forest.
win2k3 R2 or newer.

You would have a DC or a RODC with a local Fileserver that is a target as well as a member of a replication group for a share \\domain\sharename.
The DFS replication can be configured to manage the amount of bandwidth it uses for the replication such that it does not saturate your outbound connection.
MaestroOO7Systems AdministratorCommented:

I have woked for two big IT Companies, the one used FTP and another used DFS.

Something like this:


users log in, upload something,
Send link to someone else,
the other gets the mail and can download with the tem credentials in the e-mail, so it 's also for external use.
Fred MarshallPrincipalAuthor Commented:
This is a Windows XP Pro (mostly) peer to peer network with shared files - no server OS system on it, no DC, no AD.
Inter-site addressing by IP only, no name service inter-site.  So, inter-site computers are not in My Network Places.
One way (the best/only?) to see a remote computer is
Start/Run   \\[IPaddress]
Then, from this display of shared folders:
- Copy paste
- Map a folder as a local drive. Copy/Paste to local.
To me, setting up ftp servers on all the peers seems like way too much work and maintenance and the interface probably isn't familiar enough to the users.
But, at some level, setting up a file server for ftp might make sense.

Another concern is "version control" if files are actively shared amongst users.  There is no discipline that I know of that is currently in place.  
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

You could setup a linux based file server with samba and then have rsync on each configured to synchronize the data.
You could use subversion, but the problem is that it either will be in a single location. or you would have to look at trying to synchronize deal with subversion at each location and then have each synchronize with the other which makes things complicated.
The other option is to have a process that while doing sync preserves/saves a copy to subversion in one location.
Fred MarshallPrincipalAuthor Commented:
We've decided to upgrade the links.  So that will help.

I ran some tests and it appears that ftp isn't all that much better than Windows file transfers in general.  Is there experience with VPN inefficiency and choice of encryption methods?  I know there's some inefficiency there....
The VPN has added encryption overhead.
It all depends on where this transaction takes place.
i.e. on the systems or on an appliance.

computer <=>VPN/Router<=> internet <=> VPN/router  <=> computer
computer <=>Router<=> internet <=> router  <=> computer
The VPN is between the computers such that each computer has to encrypt/decrypt the data as well as process it.
www.speedtest.net has a tool (mini speedtest) that you can install on your web servers then access it from each side and get an estimate for the transfer speed.
You can see whether the speed within the LAN is as good as it can be i.e. ~100MB for 100MB interface or ~1000MB for 1000MB.  You may have a situation that the networking is not maximized for network applications.

Fred MarshallPrincipalAuthor Commented:
This is being done site-to-site with dedicated hardware. RV042s.
The choices for encryption, etc. are many - how much does it matter re: VPN efficiency?
The resource needs for VPN are higher than a data transfer over a non-VPN connection.
The other items that go into it is how loaded the VPN Router is.i.e. if you have high activity on your LAN/WAN besides the VPN, you may want to configure a QoS policy to assign a higher preference to the VPN versus other traffic on your LAN.
Fred MarshallPrincipalAuthor Commented:
No answer dealt with VPN encryption selection vs. performance - maybe that's not too relevant.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now