Secure Backup to RH9 from RH9 or Windows using secured FTP
 

I have several remote servers that I wish to back up to a central, secure storage server.

Goals:

-- To be able to choose specific directories on each of the remote servers, and have those directories "mirrored"/"replicated"/"synchronized" to the secure storage server each evening. (I will use the term "sync" going forward.)

-- After the initial/one-time sync operation, which would copy the entire contents of the selected directories on the remote server to the secure storage server, the subsequent sync jobs would run on a schedule and send only changed/new files from the remote server to the secure storage server.

-- The directory sync would be 100% accurate... deleted files on the remote servers would be removed from the secure storage server directories as well.

-- The files/directories being synchronized should be assumed to contain sensitive data, and therefore all communications between the remote servers and the secure storage server should be encrypted/protected as best as possible.

-- Each remote server has it's own login on the secure storage server, and no server can see any other server's directories

-- Once set up, the system should be fully automated; log files on the remote servers is preferred, and emailed notifications and/or reports would be nice (hence the software choices below).


Operating Systems:

-- The secure storage server is RH9.

-- The remote servers could be Windows 2000 server, Windows 2003 Server, or RH9 Enterprise


Software Proposed:

-- I'm guessing that I should use FTPS with vsftpd version 2.0.1 on the secure storage server. I need help or a step-by-step process for setting this up. Note I did NOT say "SFTP"... the software to be installed on the remote servers does not work with SFTP, nor does SFTP appear to be the best choice, since we're setting up strictly an FTP configuration... we do not want any risk of shell usage from the remote servers affecting the secure storage server. The basic FTP protocol, used securely, would seem to be best. (?)

-- I'm thinking of using an application called SynchronEX (http://www.xellsoft.com/SynchronEX.html) on the remote servers. This application will apparently run on both Windows and Linux platforms (two different installation types), and is capable of FTPS as mentioned above. It can also run sync jobs on a schedule, and is low in cost.


Infrastructure requirements:

-- The remote servers are all on DSL connections, and the number of files that are changed daily could vary from only a few to quite a lot... but mainly "only a few". Either way, by doing directory sync instead of complete copy/replace, the tasks should run quickly, unless I'm sorely misinformed.

-- The secure storage server is on a DSL connection. We wish to open as few ports as possible, redirected to the server, for the remote backup processes that will run every evening.


My questions:

Is the software proposed above really capable of doing what I would like to do? vsftpd appears to be THE choice as far as secure FTP communications... but I'm not sure how to get it to work with the "ftps://" protocol that is required by SynchronEx.

Is the configuration proposed above the "best" way to acccomplish what I would like to do?

Is anyone else here doing this very same thing? If so, do you have advice/stories/caveats to share, or better software/configuration recommendations?

You know, I love the enthusiasm in some of those posts by...

Good lord, what does this have to do with linux other than the fact that one of the servers may be running it?

If you have problems installing something, getting a piece of software to work, can't find a feature you've heard about or get quite the right software package installed on you linbox, ask all you need...
When you have multiple questions on some business or other web related mess that really has nothing at all to do with linux but a box running it, find an appropriate site to post it on where people are expecting to here those kinds of questions...

"one of the servers may be running it"...

DUDE, the *central* server(s), providing the CORE SERVICE THAT I'M SETTING UP, is a LINUX SERVER(S). Hence, it's more than appropriate to ask, here on a LINUX FORUM, for recommendations based on a LINUX SOLUTION.

If you simply wanted to tell me to f**k off, you could have saved yourself some time by typing those two words and clicking "submit reply". Or better yet, skip my post and don't waste your time replying at all.

Your arrogance is unbecoming, and generally unrepresentative, of the otherwise very helpful Linux community. Except for idiot posts like yours, I have received a lot of help from this community, and am always gracious and thankful for that help. I always search the forums for answers first, always try to post to the correct forum, and always try provide all the information I can so that if someone is kind enough to provide REAL advice (unlike your self-serving message), they don't have to dig around for 15 replies trying to understand what my intentions are (only to find out that I might be trying to fit a square peg in a round hole).

Or would you prefer the simple, useless, newbie "can someone help me configure vsftpd please" post? Would that make you happy?

And if you think you know of "an appropriate site" for me to post with my questions, I'm all ears, Einstein.

I stand by my post, and its presence in the appropriate forum, LINUX - GENERAL. Flame away, and happy new year to you... great way to start it out.

I just think you need to tone it down a little, and stick to things a little more linux!
God, go take a chill pill asshole.

That's my point... what could be "more linux" than asking a question about setting up a linux server to perform a very specific function? I simply cannot understand where you are coming from. Is this not a LINUX forum, subcategorized "general", no less? I've just never seen this type of response from a well-worded, properly placed post... and I've posted to a lot of forums in my time (though I'm still very new to the Linux community compared to you).

Look, I'm not some complete newbie idiot here, though you might think so, and though Linux IS my newest area of self-improvement. I've seen a lot worse posts around here, that were never shunned the way you've shunned mine.

If it were a contest between which post is more "useless", yours would win hands-down. Asshole or not, I still don't see any useful advice from YOU (1) with regards to my original, benign, harmless if not a little wordy post, or (2) proposing a more appropriate place to post my questions. If it weren't for your many other helpful posts throughout the site, I'd almost think you were trolling for god knows what reason. What gives?

I do apologize for my inferred language... that was pretty unprofessional of me. I just don't like being attacked for politely asking questions, in a forum that clearly has helped me and many others in the past. Even if there WAS an infraction, was it so major? Was it worth your time to respond as you did? Did YOU help anyone else that might read this thread, other than to perhaps scare other Linux newcomers from asking higher-level, "is this the right direction" questions?

I'm guessing nobody's going to answer my post now, with all this crap in here, so... you win. I guess I'll go ask somewhere else, and some other online community can benefit from the answers that someone may provide.

LAME.

There is nothing wrong with the question at all. It is directly related to Linux.

funaroma,

Hang in there, there is no doubt that the question will receive a response soon.


Caeda,

Please do not post in a thread if you have no useful information to provide. The abusive comments are way out of line.

Your recent posts on the forum have not gone unnoticed. If this type of condescending attitude continues your posting privileges will be revoked.


You have been warned.

I am not familiar with the program your contemplating. I do have several things going on from windows to Linux.

What your wanting to do sounds to me like rsync. I believe it's probably the most popular program for remote syncing. It's used by mirror sites all over the internet.

The secure part can be done a couple of ways. ssh or stunnel.

I use stunnel to secure smtp relay, pop3, printing, file sharing, desktop sharing. It could be used with rsync just as easy.

On Windows I recently started using the MS Loopback interface which can be installed from network properties and given a static ip address. Stunnel can be configured as a service listening on the loopback interface and then an rsync with the loopback will connect to the server where it will be connected to the rsync server on the other end. No passwords are needed if you setup a certificate for the stunnel connection. Each server could have different certificates if you need to by running several stunnel servers. The normal rsync ports need not be open to the network or Internet. Only one tcp port per tunnel needs to be open where stunnel is connecting. Several different stunnels could be run providing seperate connections for each machine to use or they could all use the same one with the same certificate.

If you decide to go with this let us know if you need help.

Hopefully someone has used the other programs with Linux before and may respond to that.




This shows what ssh and rsync is about..

http://optics.ph.unimelb.edu.au/help/rsync/



I am think that the other problem with each server having access to only it's files would be handled by user accounts on the server. If each machine uses a unique user then it's files will be in the home folder for that user.

ssh and rsync did the trick, better than the solution I had planned using secure ftp/vsftpd. rsync is an amazing little utility, and is going to be just perfect. Your post really did point me in a much better direction, and I thank you very much for taking the time to reply as you did!