How to backup the computers in my office and store the backup data off-site
This webpage helps you setup Backup for Workgroups to
backup the computers in your office and use the Internet to send the backup data
to a Backup Server that is off-site. When you want to use the Internet to
transmit your backup data to an off-site location, you need to realize that you
actually have 3 networks that you need to get to play together nicely: (1) - The
office network; (2) – the Internet; and (3) – the off-site network. These are
separate networks and you need to do some preparation to make them all work
together. (Step-by-step instructions are below the
diagram.)
The key element in this configuration is that the Backup Clients are on one
network, which we refer to as your office network and the Backup Server, which holds your backup data, is located at your off-site
location, which we are presuming is separated by the Internet.
This backup strategy is viable when you have one or a
relatively small number of computers that you are backing up. As the number of
computers that you are backing up grows – the more you can make a case for
“bringing the Backup Server closer to the Backup Clients” – so that you can perform a
backup/restore at internal network speeds (which are usually fast) and not at
Internet speeds (which are usually slower than internal network speeds).
Another feature to point out is that when a backup is initiated, the Backup Client computer connects to
the Backup Server to store the backup
data. The network has to be configured to allow the Backup Client to have
outbound access to the Internet and inbound access to the Backup Server. This
document contains the steps you need to perform to set this up. Note, you
do not need to setup a VPN to implement this backup strategy.
The Backup Client encrypts data prior to transmitting it
to the Backup Server, so as a result your backup data is encrypted as it
travels over the Internet. Please note that if you are using the Backup
for Workgroups 30-day trial download, only the scrambling encryption method is
available during the evaluation period. Once you purchase and register the
product the 256-bit and 56-bit encryption methods become available. To
provide extra security, we recommend using the 256-bit encryption method.
Once you have entered a license key into your installation, you can choose the
encryption method you would like to use from that point forward.
The Backup Client also compresses data prior to
transmitting it to the Backup Server, which will reduce the bandwidth required
to send the data to the Backup Server.
It is important to realize that when you want to setup a
backup solution that uses the Internet to store the backup data to an off-site
location – this is a scenario where the your office computers communicate with
the Internet and then the Internet communicates with the off-site network.
This is a 2-step process. Note that the office network does not directly
communicate with the off-site network.
The bridge between the 2-step process is the cable modem
or DSL router at the off-site network. The reason why this is important is
that the Backup Client software communicates with the device provided by your
off-site ISP. This bridge between the Internet and the off-site network commonly
contains a firewall which you will need to configure to allow the backup data to
flow through by opening a port in the firewall.
When you configure the Backup Client on the office network
you need to specify the Internet connection to the off-site network. In this
scenario, the Backup Client communicates with the firewall device that provides
the Internet connection to the off-site network. The firewall device at the
off-site network forwards the backup data to the computer that is running the
Backup Server on the
off-site network.
Follow along with these steps to set this up:
- Go to the computer running the Backup Server.
- Write down the IP Address of the computer running the Backup Server: ________________________.
To get the IP Address, you can:
- Press the Start button.
- Select Run. On Vista, you can use the Search bar instead of Run.
- A DOS Command shell runs. At the DOS prompt, type IPCONFIG and press Enter.
- Windows will show you your IP Address.
- Write this down in the space above.
- Open a port on all Firewalls between the Internet and the Backup Server computer. - You need to
open a port to allow the Backup Client to connect to the Backup Server computer. The
Backup Client connects to the Backup Server using port 2125 and the protocol TCP.
There are 2 places where firewalls typically exist = 1 – a software based
firewall running on the Backup Server computer and 2 – a hardware based firewall that
is built into the DSL router, cable modem, or Internet access appliance that
you use to connect your off-site Network to the Internet.
- How to open a port on the software-based firewall running on the Backup
Server computer.
- If the computer is running the Windows built in firewall then you will need
to go to control panels and choose the Security Center. At the
Security Center click on the Firewall Settings and modify the settings to
allow Port 2125 TCP inbound.
- If the computer is running a Firewall from a security suite, such as Norton, McAfee, Trend Micro, etc., you need to consult the documentation that
came with that firewall. When you configure the software firewall to
open port 2125, you must provide that software firewall with
instructions that allow port 2125 TCP for inbound traffic.
- How to open a port on the Firewall / Internet access appliance (Cable Modem, DSL Router, etc)
- Most appliances that provide access to the Internet contain a built-in
firewall. They also typically contain a web-based management utility
that allows you to configure their settings. Bring up an Internet
browser and login to the management utility. Use the features of this
utility to open port 2125 for TCP, inbound traffic. Most hardware based
firewalls include an option that allows you to specify an IP address of
a computer that that firewall will forward all the port 2125 traffic
to. You will need to enter the IP address of the computer running the
Backup Server as the IP address that the firewall should forward all the port 2125
traffic to. Note that this is the IP address that you wrote down in
Step #2 above.
- How to verify that you have properly opened Port 2125 from the Internet to the computer running the
Backup Server.
- You can use a free, port-probing service that is available on the Internet. We recommend that
you use the Shields Up utility from Gibson Research Corporation.
- Go to
http://www.grc.com.
- Click on Shields UP!!
- Scroll to the middle of the page. Look under the section called “Hot Spots”
and click on the word Shields UP!! again.
- Press the Proceed button. This button is under the informational banners.
- Between the two (2) grey bars, type the port number 2125 and click on the button
labeled User Specified Custom Port Probe.
- Review the analysis. If GRC reports Stealth or Passed, then your firewall is
still active and Port 2125 is NOT open. Repeat Steps 4 & 5 above until
GRC reports that Port 2125 is OPEN and FAILS the test. In this case –
FAIL is what we are looking for, it means the Port is not firewall
protected. We want the port open to allow the Backup Client to send
backup data thru this port.
- While reviewing the analysis of Shields UP! – write down the IP Address that
Shields UP! shows for this test. Write this down here:
______________________________. This IP Address is the Internet address
that your ISP has provided for your off-site Network to connect to the
Internet. In other words, this is the IP address of the Internet side
of the firewall or Internet access gateway. In our diagram, this is the
Internet side of the off-site Network - it is the B part of the A to B
side.
- Go to the
computer that you want to backup. Install the Backup for Workgroups Backup
Client software on this computer. After the software has been installed, a
setup wizard runs. The setup wizard needs 3 pieces of information: 1-The IP
Address of the Backup Server computer, 2-The name of the account that you have setup
for this computer that resides on the Backup Server computer, and 3-The account’s
associated password.
- At the Setup - Welcome screen, select the option to "Backup this computer
and other computer on my network and press Next.
- At the Create Client or Server screen choose the option "Backup Client
Only" and press Next.
- When you are on the “Backup Server Name” dialog,
you need to enter the public IP Address of the firewall or Internet
access appliance at your off-site Network into the first type in field that
is labeled “Enter the computer name of IP address of the Backup Server.” Since you want to
backup this computer and use the Internet to send the backup data to an
off-site computer (your off-site Network computer), you need to tell the
Backup Client to connect to the Backup Server using the firewall as the
IP Address. Enter the IP Address that was written down in Step 6h
above. Verify access to the Backup Server then press Next.
- You can now select the name of your account at the Backup Server from the
account name list. Enter the Password for your account. The
Client Name and Password correspond to the account information that you
created when you installed the Backup Server. If you do not know the account
details, go to the Backup Server computer, run the Backup Server, and go to the Clients
panel. Review the list of Client names. This is the list of accounts
that you have defined – one account for each computer that you want to
backup.
- Before leaving this dialog, we recommend that you press the Verify… button
to verify that the Backup Client can connect to the Backup Server and that the
account name and password that you have entered correspond to the
account that you have created for this computer at the Backup Server. A failure to login reported as
“incorrect user name or password” indicates that the Backup Client
successfully connected to the Backup Server, but the account name or it’s password
is incorrect. Retype the account name and password and try again. You
may need to go to the Backup Server and verify the account name on the Clients
panel. You can modify the account passwords by editing the account name
at the Backup Server.
- After verifying successful access to the Backup Server, press Next and proceed through
the rest of the Backup Client Setup Wizard.
- Run your first backup. At this point, you have installed and configured your
Backup Server,
you have installed and configured your Backup Client(s), and you have opened
up the associated firewalls to allow for the Backup Client to communicate
via TCP over Port 2125 as inbound traffic. Keep in mind that opening the
port is only necessary at the Backup Server and you only need to perform
this process once. Remember that the first or initial backup of any
computer takes the most time because every file needs to be backed up.
Subsequent backups will be faster because only the files that are new or
those that have changed get backed up. Also note that “backing up over the
Internet” is slow because the speed is dependent on both the uplink speed at
the Office Network and on the downlink speed at the off-site Network.
Typically, the uplink speed is significantly slower than the downlink speed.
- If you want to add additional Backup Clients to your Backup for Workgroups
configuration, all you need to do is install the Backup Client software on
that new computer and setup their associated accounts. Remember that when
you add a computer to the backup process, you need to first have a license
for that computer at the Backup Server and you setup an account for that computer at
the Backup Server. Then, you need to use this information when you install and
configure the Backup Client on the computer that you want to backup. You do
not need to open additional firewall ports because all the traffic flows out
from the Backup Client computer to the off-site Network that has already been
configured to accept Backup Clients.
|