Technical Support Pages

 

Title
Why does BackupEDGE support FTP/FTPS but not SFTP or SSH for backups?
Keywords
BackupEDGE ftp backups encryption ftps ssh sftp
Product Release(s)
03.02.0x 03.01.0x 03.00.0x 02.03.01
Operating System(s)
All Supported
Problem Description
Why isn't SFTP or SSH supported for url backups?
Cause
BackupEDGE is a very full-featured product. Before adding a new capability to BackupEDGE, it is important that by adding it we do not reduce or eliminate current BackupEDGE capabilities.

All current BackupEDGE storage Resource types currently support: - Backup - Full System Restore - Partial Restore - individual files and directories + Fast File Restore - Tape - Quick File Access + Instant File Restore - CD/DVD/REV - Removable Hard Disk - Network / Internet Backups - RecoverEDGE Disaster Recovery (does not include Solaris / AIX)

When designing our network / internet backups, we looked at all of the protocols available. Most had some limitations... - Samba + Undesirable for disaster recovery. Difficult to manage within the confines of disaster recovery boot media. - NFS + Undesirable for disaster recovery. Difficult to manage within the confines of disaster recovery boot media. - SSH / SCP + Undesirable. Incomplete command set. Hard to configure. Performance slow. - FTP / FTPS + Desireable. Full command set. Choice of performance vs. security.

When doing network backups, SSH and SFTP can only copy complete archive segments, which are typically 1GB or more in length. This means that very large amounts of data would have to be transferred across the network or internet to retrieve single files or directories. Additionally it can be very tricky to configure these protocols across firewalls without opening up standard SSH, which may not be desired.

FTP and FTPS are relatively easy to configure across firewalls. Both support the ability to open an archive segment at exactly the block where the file or directory to restore begins. This provides very high speed, low bandwidth restores, as ONLY the data to be restored hits the network, i.e. Instant File Restore).

Further, the FTP/FTPS client can be set to provide the level of security vs performance desired from within edgemenu (assuming an FTP server that supports both)...

- FTP + Do not encrypt the authentication or the data streams. - FTPS (FTP Ctrl via SSL) + Encrypt the connection authentication session only. Send the data unencrypted. - FTPS (FTP Data+Ctrl via SSL) + Encrypt ALL authentication and data.

This can be very important when using BackupEDGE encryption. Encrypting the data link, while transferring data which has already been compressed and encrypted, simply wastes time. This is a perfect case for using FTPS (FTP Ctrl via SSL) and achieving maximum performance and security.

Solution
If security is a concern it is recommended that an encryption license be installed and activated.
Get a printer-friendly version of this document

 

 

Last Updated - 2018/05/16

 

Top
MENU