Data Transfer over the VPN Tunnel

Hello all. I have a interesting situation. I have a client who wants buy a server and take it to his home and start backing up data from his office. I am talking about up 10 gigs a day. He wants to backup data from office once and then take the server to his house and setup a system that will backup incremental data from his office every night. i called symantec and confirmed that by using backup exec 2010 a live data backup can be done.  My question to you is how can we achieve it. He has a watchguard x20 in the office and he can get a static ip address for his house. I am assuming that he will need a fire wall of some sort in his house as well to create a vpn tunnel from the office to his house and create a mapped network drive and run incremental back up over the internet? Also how safe it is to transfer data over the internet. Your input in this matter is greatly appreciated. Thank you.
mattkiranAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Michael_DuebnerCommented:
Wow, my first comment is that this introduces a host of failure points all along the way, so how good is your backup schema if you can't guarantee its reliability.  Be that as it may...

Let's boil this down into the final goal:  Provide a disaster recovery (DR) site on the cheap. The assumption is that backups are still going to happen on a nightly basis at the office (main) site.

BackupExec 2010 is a fine product to use, but it requires the use of at least a network connection to your backup media.  So, static IP at the DR site along with a site-to-site vpn connection will work fine for you. You can create the initial image backup locally, then move the server to the DR site and then run differential backups.  Since you are also running local backups, both image & differential, it won't be long before your DR backups and the local backups are completely out of sync.  Unless you want to drag the server back into the office on a regular basis to redo the image backup, I don't see where this is a good solution.

As an alternative, I would use two NAS devices (QNAP for instance).  One at the office, another at the DR site.  Use Backup Exec to create B2D backups on the local NAS.  Then create and rsync procedure between the two NAS devices that keeps the DR site NAS in sync with the local NAS.  Since RSync can run over SSH, you don't need a VPN tunnel either.  

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
I don't think there has been mentioned anything about doing local backups in addition. It's only full backup once, and incremental backups every night.

An appropriate backup strategy for minimizing DR time and risk of loss of data (if one incremental backup is damaged, the whole backup chain is endangered) is to do differential backups. Differential backups are backing up all data changed since the last full backup, so that amount will increase steadily. But you only need the full and last differential backup.

Transfer via Internet is not secure per se. Anybody can read it, and it is not reliable. To create a VPN tunnel for using a network connection is essential, however consuming more bandwidth. That VPN can be based on IPSec (which will not be possible with Windows alone), or PPTP (which is quite unsecure, regarding encryption, and a PITA if you are behind NAT devices on the server side).
I would recommend to use a VPN Client like the free ShrewSoft VPN (www.shrew.net) to establish a connection to the x20 (configuration tutorials are available on that site in the Wiki section), and then perform the backup via that line.
0
mattkiranAuthor Commented:
I must say that this Knowledge base is worth every penny.  Thank you so much for a quick response and great ideas. I was thinking about in the office I would run a backup Once a week as a separate job and run incremental jobs every night remotely. But now it is clear that I should run differential backup jobs instead.y client has watchguard firewall in his office and I was thinking about getting another similar watchguard for his home and also getting a static ip address for his home.The sole purpose of his home internet service will be to run backups at night from his office. I will check  shrewsoft VPN . He has Windows 2008 storage server in his office and windows 2008 std. in his house. You think I should run software based VPN like shrewsoft which I have no problems doing. I just want to make sure that I am offering some kind of encryption to the VPN tunnel. Thank you so much.
0
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
With W2008 server on both sides you could use a PPTP connection with a very strong password (since noone has to enter it, it can be chosen complex). The password used is the key for encrypting, so a good password increases the PPTP security (but not reliability).

Using the same device on each end is always a good idea when it comes to building VPN tunnels. That setup will run smooth and easy. A software VPN client has the con that you need to start and stop it manually to control the VPN (which is no problem doing on command line with Shrew).
0
mattkiranAuthor Commented:
Thank you so much for your help.  I have two watch guard firewall in my office. I am planning to test out this theory i my office. I will setup two firewalls as two remote locations. Connect two different switches and then connect two server to those switches. Create the same environment and connect two firewalls at the internet ports to create a WAN connection.  Am I correct in trying this ? Thank you in advance for all your help.
0
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
Yes. It is important that boxes in a VPN test do not have any direct connection, and different IP networks. That setup should be fine for test.
0
mattkiranAuthor Commented:
Great! Thank you so much. I will report back in couple of days. T
0
mattkiranAuthor Commented:
It was very helpful.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.