Best way for secure user file storage?

By JoeyF
in Smart Home, Network & Security

 Share

Recommended Posts

Proficient

JoeyF

Posted
Posted

At work, we currently use folder redirection as a means of allowing users access to their files regardless of which computer they're using. This works fairly well, and is very easy for the users, as all they have to do is save a file to their documents folder and they'll be able to access it from any computer they log into on our network.

However, we're starting a one-to-one computing pilot, meaning that students will have laptops that they'll be taking home with them. Redirection won't work in this case, as our file server is only accessible internally. Additionally, we want to avoid using Windows file synchronization, as this has proven to be highly problematic in the past.

I'm wondering what would be the best way to allow users secure and easy access to their files from both inside and outside the network? I need something as simple as saving a file to a specific directory, but it needs to be secure where one student wouldn't be able to access another student's files, and it needs to be accessible from anywhere there's an internet connection. Does anyone have any suggestions?

Grand Master

Roger H. Veteran

Posted
  • Veteran
Posted

Well yeah, but anything outside the network will be "slow" anyways right? Local 1Gbps network vs 6Mbps DSL or whatever.

If they had desktops at the office then yeah i'd say remote into said desktops and just work that way but I'm guessing the addition of laptops is so they can work offsite and offline as well.

And yeah, they'll still need to use folder sync thing as trying to browse all that or edit a 10MB word file over the network will be madness!

Proficient

JoeyF

Posted
  • Author
Posted

The problem is that this is for two schools that have a combined total of about 3500 students and 450 staff members. Although we do get pretty heavy steep discounts when it comes to product licensing, it's still about $20 per terminal server license, plus Citrix licensing, plus multiple high-end servers needed to handle the load of thousands of concurrent RDP/ICA sessions, plus external connector licenses, plus several other expenses I'm probably forgetting. Add it all up and it's an additional $150,000 - $200,000 to go the terminal server/Citrix route. That doesn't include the bandwidth to handle all the external sessions, that'll be a couple thousand extra a month as well.

I was hoping for a solution similar to a mapped network drive - whether they're in a school building or at home, they simply open up the share/whatever, double click on the file they want, it downloads it over the LAN/WAN, and then when they save it, it re-uploads the file.

We're not expecting every single student to have an Internet connection available at home, and we're also not expecting those who do have Internet connections to have constant access to them. So it'd be nice if there was a way for the students to copy the file off the server and store it locally, and then be able to re-upload it once they have access to the server again.

Edit:

We have two schools that will eventually be doing one-to-one computing. The high school will have about 2200 users, and our middle school will have about 1700. Our district only has one actual connection to the Internet - a 19Mbps optical connection located at our high school. All of the other schools in the district connect directly to the high school via private leased lines (either T1 or optical) to share this Internet connection. The middle school connects to the high school via a 10Mbps fiber line.

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

so then have them copy the files they need. If they don't know what files they need to copy shame on them. This is a project that needs to be planned accordingly, not haphazardly throw something together. Even if you were going to go with a vpn solution, you don't have the bandwidth to support it. Unfortunatly I think a citrix solution would be best for you being that the end user does not require to have a windows professional pc and citrix is multi platform including *nix and apple. Unfortunately it is expensive as you need terminal server and citrix licensing. Citrix also has the best compression between rdp and ica as well as better load balancing between servers in the farm. Better compression=better use of available bandwidth. Simple text is about the same between ica and rdp. Ica shines in graphics rendering (pictures in pdfs or web pages for example).

On the cheap. Have them copy off the files then copy them back. Possibly the next least expensive would be vpn, however expect complaints on slow transfer or opening direct from the server folder.

Best solution for bandwidth and speed is the remote desktop/citrix server farm.

Those are the options I see.

Experienced

RiverCampher

Posted
Posted

I'm not sure why you wouldn't consider folder redirection with Windows Sync. I assume these will be Windows 7 devices which have a number of benefits over a Windows XP (I know because we're currently in the middle of a migration to 7).

I believe our sync method is setup like this:

1) My Documents are sync'd when Laptop is setup for user at central location using folder redirection.

2) When a user is online, a check will be made to ensure the local file is up to date, if so it'll allow them to open the local file, if not, then it'll open remotely and be copied back in the background.

Now 2) is quite different from XP where we had a simple, offline open locally and online open from network setup which was horrid for users on a 2meg link. It works well, trust me :)

A cheap way would be to use synctoy to run a sync when it's connected locally only, thus minimizing the impact going through the internet. This also of course makes the solution far easier to implement and support imo but less flexible ofc.

Grand Master

Alladaskill17

Posted
Posted

Give everybody their own google account; online documents go! ;) very simple for users. SSL socket is plenty of security. If you're asking on here and you're in charge then ( I mean no offense for real ) it cannot be incredibly valuable info or a large company/school. Correct me if I am wrong.

Grand Master

articuno1au

Posted
Posted

The new Windows Sync client isn't bad.

I'm inclined to use SVNs tbh, but I suspect that it might be a little too difficult for some of your users.

I just set up 400 people with SVN access with basic training. So far there have been 2 screw ups, both when users tried to revert and then commit without cleaning properly.

Other then that it's been perfect :)

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

"a 19Mbps optical connection located at our high school. "

What is the upload on this pipe? 19 as well?

Companies use VPN into their networks with a lot less bandwidth than that. T1 is pretty slow, but again many remote locations in a company that this type of access, and vpn is still used to access files/resources on the company network while remote.

You needed to calc how many users would be on the vpn at any given time.. Sure if wanting 2200 users to all be on at once then bandwidth could become an issue. But to be honest you can limit how many users can vpn at one time quite easy, you can even limit the amount of bandwidth the vpn connection can use, etc.

If you wanting ease of use for access to file storage while away from location, then vpn is the correct solution. Their storage location would then just be mapped like it would be while at the location.

Another option would be just just allow FTP access to the file storage area, other than security of the connection I would say this would be the easiest to setup and admin.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.