• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

WHS as offsite backup server?

C

coolVariable

Diamond Member
Has anybody tried using WHS as the offsite backup server?
Google only shows things dealing with WHS and how to back it up offsite.

My home has 2 laptops and 1 mediacenter. Backing the laptops up to the mediacenter works great and it fullfills all my local backup needs.
I also have 2 external HDDs which I was planning to use as offsite backup solution but I am not a fan of having to remember to always switch them out.
I recently got an old Dell Desktop for free so I thought I would set it up as my offsite backup server and everybody seems to love WHS.
The only problem seems to be how to connect WHS (which I would simply park at work) and my mediacenter.
Especially, how do I do that while keeping my data as secure as possible.
I also set my media center so go to sleep - I don't mind if the WHS runs 24/7.

Any thoughts?

(Initially I was thinking about using a VPN but that would only make sense if the WHS dials the media center ... but how do I get it to 'reconnect' when the media center goes to sleep?)
 
Folks have used VPN connections with WHS. Personally, I haven't tried it yet. I may be doing this with a retail client of mine. It's not hard or nor expensive to do site-to-site VPNs, using either Windows Server or hardware routers as the two endpoints.

It's always recommended that you do the first VPN backup across a local network, because the first backup will always be the largest. The rest of the backups only copy changed sectors on the client's hard drive.
 
Last edited:
RebateMonger said:
Folks have used VPN connections with WHS. Personally, I haven't tried it yet. I may be doing this with a retail client of mine. It's not hard or nor expensive to do site-to-site VPNs, using either Windows Server or hardware routers as the two endpoints.

It's always recommended that you do the first VPN backup across a local network, because the first backup will always be the largest. The rest of the backups only copy changed sectors on the client's hard drive.
Click to expand...

I was planning on that.
But how do I get the VPN to work?

WHS => Media Center

But the media center will go to sleep intermittenly.
How do I get the WHS to reconnect once the media center wakes up?
 
coolVariable said:
How do I get the WHS to reconnect once the media center wakes up?
Click to expand...
The Media Center will automatically reconnect to WHS when it wakes up, assuming you are using a site-to-site VPN. That network connection will be up 24x7. The VPN should reconnect itself automatically if there's a power or ISP failure.

If you use a client-server VPN, I imagine you could write a script and schedule an event that would reinstate the connection just before backups are scheduled. I haven't played with that. Site-to-site would likely be the most reliable way to go if you are going to sleep your remote clients.
 
RebateMonger said:
The Media Center will automatically reconnect to WHS when it wakes up, assuming you are using a site-to-site VPN. That network connection will be up 24x7. The VPN should reconnect itself automatically if there's a power or ISP failure.

If you use a client-server VPN, I imagine you could write a script and schedule an event that would reinstate the connection just before backups are scheduled. I haven't played with that. Site-to-site would likely be the most reliable way to go if you are going to sleep your remote clients.
Click to expand...

if by site-to-site VPN you mean router to router ... I can't do that.
The VPN needs to be WHS => Media Center.


(While I have a wrt600n at home which supports dd-wrt, I would lose the USB connectivity on that device which I don't want to ... also dd-wrt instructions for that router are all over the map with lots of problems posted on the dd-wrt forums)
 
ViRGE said:
Is Hamachi secure though?
Click to expand...
I think each user has to decide whether the advantages outweigh potential risks:

==============================

http://en.wikipedia.org/wiki/Hamachi

Security

The following considerations apply to Hamachi's use as a VPN application:

- Additional risk of disclosure of sensitive data which is stored or may be logged by the mediation server — minimal where data is not forwarded.

- The security risks due to vulnerable services on remote machines otherwise not accessible behind a NAT, common to all VPNs.

Hamachi is stated to use strong, industry-standard algorithms to secure and authenticate the data and its security architecture is open; the implementation, however, is closed source. An open source mediation server called Mojako has been released in to the public domain, but it is still under heavy development and is not suitable for regular use at this time.

The existing client-server protocol documentation contains a number of errors, some of which have been confirmed by the vendor, pending correction, with others not yet confirmed.

For the product to work, a "mediation server", operated by the vendor, is required. This server stores the nickname, maintenance password, statically-allocated 5.0.0.0/8 IP address and the associated authentication token of the user. As such, it can potentially log actual IP addresses of the VPN users as well as various details of the session.

As all peers sharing a tunnel have full "LAN-like" access to each others computers, security problems may arise if firewalls are not used, as with any insecure situation. The security features of the NAT router/firewall are bypassed; this is an issue with all VPNs.

==============================

Steve Gibson on Hamachi:

http://www.grc.com/sn/SN-018.htm

"Steve: Well, it's able to work through the local NAT router's port. So it works with whatever port the NAT router has assigned to outgoing traffic. Well, so it solves that problem. The security is complete. As I was saying about the asymmetric key pair, your private key never leaves your client. So you don't even have to trust the Hamachi server. The Hamachi server cannot be part of an attack on your system. It wasn't until I really understood this that I was willing to run these clients on my servers in my co-location. I mean, there is no way for the Hamachi system to access my stuff, even if it wanted to."
 
Last edited:
Would it be possible to use the built-in VPN, so that the Media Center connects to the offsite WHS ... but only traffic directed at the WHS is router through the VPN, i.e. when Media Center needs something from the internet it doesn't tunnel it through the VPN.

Media Center => VPN => WHS
- when accessing the WHS, traffic goes through the VPN (and makes the WHS look/act as if it is on the LAN)
- when accessing the internet (or anything else, e.g. my HDHomerun) it simply ignores the VPN
- local clients in the LAN can access the Media Center without ever knowing about the VPN
 
coolVariable said:
Would it be possible to use the built-in VPN, so that the Media Center connects to the offsite WHS ... but only traffic directed at the WHS is router through the VPN, i.e. when Media Center needs something from the internet it doesn't tunnel it through the VPN.
Click to expand...
If you don't make the VPN interface as your Default Gateway, then any traffic not to "local" networks, including the VPN, will go out through whatever your default Gateway is. It's considered a security risk since it can expose both your local and your remote network to atack, but many do it. Look up "split tunneling" for more details.
 
Last edited:
You must log in or register to reply here.

TRENDING THREADS

Back
Top