2

We would like to have put a File Server in DataCentre to allow user to upload/download files when they are home. Since we have hundreds of users and would like to let the user to authenticate with the existing AD in our office.

Basically, I will setup the IIS server to allow users to list various directories in the File Server based on their user group. For example, Group A will have list the D:\Files\A and the Group B will have list the D:\Files\B ...etc.

After some initial study, I found that the PPTP based Site to Site VPN might fit our need to do the authentication part but I still don't have any idea on how to let them upload files to the server.

Is there any suggestions such as any better option to do this (either authentication or upload part) or any area I need to be careful of?

Thank you in advance.

Viper Venom
  • 21
  • 1

2 Answers2

1

If your file server needs to talk to domain controllers in your main office, a VPN is definitely something you will need; as to how to create it, you have lots of options, depending on your existing configuration and your budget.

What is your existing network configuration at the office? How do you connect to the Internet? Do you have a firewall? Do you already have a VPN server in place? The solution you will need to implement depends heavily on this, so you should provide more informations.

About the "file server" part: what you really need is a FTP server; doing this with a web server is just not possible, unless you can afford writing your own file management web application. IIS's built-in FTP service can do exactly what you need.

Massimo
  • 68,714
  • 56
  • 196
  • 319
  • Massimo, thank you for your advice. Actually, we have a sonicwall firewall in our office right now and I will forward the port (1723 and 47) to internal AD in order for the File Server and AD to built a VPN connection. The File Server may act as a VPN calling router and the AD act as answering router. Since we will not have our own firewall in the Data Center, so I cannot make the firewall do the VPN job for me. About the access method, I cannot agree more about using a FTP server instead of web server but since my company's bosses all have almost 0 knowledge, so I am out of luck here. – Viper Venom May 18 '10 at 14:29
  • What about using the Sonicwall as a VPN server (if it can do that, of course) and having the file server connect to *it*? This would be a lot more secure than having a VPN server running on a domain controller. – Massimo May 19 '10 at 08:56
  • Massimo, that is something I never think of. Thank you for your great advise. Let me search and try it out. – Viper Venom Jun 02 '10 at 07:54
0

I would not do VPN+FTP as it's asking the users to do a lot of heavy lifting by asking them to install sonicwall VPN client, or configure then Microsoft VPN, and then install a FTP client and learn how to use that. That's a tall order for most users. You’re also adding a security risk if you let non-company machines VPN into your network and have full access (like 99% of VPN's do by default).

A better way is IIS WebDAV over HTTPS. It will give users a very similar experience to Windows Explorer, requires no additional software on client, doesn't allow them full network access, keeps it's secure over 443, allows AD auth, and does your laundry.

http://www.dotnetscraps.com/dotnetscraps/post/Did-you-know-Configure-WebDAV-in-IIS-7-75.aspx http://learn.iis.net/page.aspx/350/installing-and-configuring-webdav-on-iis-7/

Bret Fisher
  • 3,963
  • 2
  • 20
  • 25
  • Huh? First you say not to use VPN+FTP and then you go on to suggest doing exactly that. – John Gardeniers Feb 26 '11 at 09:55
  • That was not my intention. I rephrased my first paragraph so it's clearer that I'm showing an example of what the user must go through when you ask them to do VPN+FTP. WebDAV is better IMO. – Bret Fisher Feb 26 '11 at 22:48