Using SSH tunneling for ftp

RonV · ‎09-16-2008

Our corporate policy disallows use of UNC, ftp or other unsecure file transfer methods through firewalls in the different networks which we manage. This makes the use of SYMANTEC Backup Exec System recovery impractical as we have our image repositories on one network and some clients on other networks.

As a workaround, I am trying to setup BESR to backup to a local folder on the client and then configure BESR offsite copy using FTP but tunneled the SSH. I would like to setup BITVISE tunnelier client to perform an ftp to sftp bridge. I can then use a stfp connection to the image repository. The ftp to sftp bridge requires the tunnelier to listen on a local (127.0.0.1) port which would also be configured in the BESR client options.

Without configuring the offsite copy, I have been able to setup the ftp to sftp bridge. In the tunnelier I configure the destination directory and the local directory where the local image is located. I have also setup the ftp service on the client and when I go to configure the ftp location it seems to work OK ftp://127.0.0.1/path but the actual file transfer does not work.

I am asking if this a viable workaround and is there some information anyone can provide on what ftp applciation is used in BESR?

Thanks

David_F · ‎09-27-2008

The FTP protocol transmits login credentials in clear text. FTPs or sFTP, are not currently supported.

RonV · ‎10-09-2008

I tried 2 ways to accomplish this. I utilized an SSHD server on my image reposoitories and a sftp client that runs at the end of the backup job. . The first was using the offsite copy option and directing it through an sftp/ftp bridge application on the client server. This kind of works but only if the bridge service is running at the time the backup is setup as well as when you run the backup. As well you need to have the proper user (system account) authentication for SSH when the offsite copy is triggered at the end of the job. This was a lot of hassle and what I ended up doing was simply calling a batch file to sftp the backup files at the end of the job.

Several issues and their solution

1. If you simply call the copy job,the duration of the post backup job varies so setting the timeout is tricky. To little and the job fails, too long and you have the backup staying open until it times out. --- I used a script that starts another script and then exits. That way the post backup job finishes in a second and the local backup is considered complete. The actual file copy occurrs outside the BESR backup.

2. The sv2i file is not created until the entire backup is complete. With the offsite copy, the sv2i is never copied over because thats how its designed. Using the called file method, the sv2i is created almost right away as the job is considered complete. It is then available to be copied over to the network repository. The only time it is not copied is if the backup file is very small and the file copy is completed before the backup closes off. This can be rectified by including a wait cycle in the called file to delay the actual start of the copy.

3. File overwrite and missed files. I set the file copy to not overwrite existing files on iv2i and v2i files and overwrite sv21 files. That way the file copy will catch any missed local images.

4. Pruning files on the repository. This is done manually as part of the management of the image repositories so I don't worry too much about it. It could be automated as part of the batch file but I haven't had a chance to do so.

Symantec should look at making SFTP an option in the offsite copy or as part of the regular network backup.

David_F · ‎10-11-2008

Customers wanting this feature should use the HELP | Send Feedback option within BESR to make such a request. Thanks

VOX

Using SSH tunneling for ftp