Setting Up a Secure Offsite Backup

What's the simplest way to set up a secure, automatic, offsite backup process for files on a server?

The simplest way would be to use an Internet-based backup service such as NetMass. Internet-based backup services use a local agent to compress and encrypt your files, then transmit them to a data center. I've used NetMass, and it was a lifesaver. However, such services can be costly for companies with many gigabytes of data, and some companies are unwilling to put their data into someone else's hands.

The next-simplest option would be to implement Microsoft System Center Data Protection Manager (DPM) 2006, which automatically maintains multiple versions of files and lets users restore files themselves without involving the administrator. But DPM can also be costly, and it requires a SQL Server license.

I had a client who wanted secure offsite backups for about 300GB of data but couldn't afford DPM and SQL Server. I fulfilled that client's needs with one additional PC and a Windows Server 2003 Release 2 (R2) license. I set up the new Windows server to serve as the backup server. After connecting the backup server to the company's domain, I set up DFS to replicate data from the company's main servers to the backup server.

After the backup server completed the initial replication, we moved it to an offsite location. Next, I configured the backup server to automatically establish an L2TP VPN connection to a server at the company's main office by using RRAS on both servers. Over the persistent VPN connection, DFS keeps the files on the backup server up-to-date with changes on the main servers, usually within seconds.

To preserve the ability to restore a version of a file from several days earlier, I advised the client to run a full backup of the files on the backup server to an archive disk drive once a week. Each of the other nights of the week, the backup server performs an incremental backup to the backup drive. This arrangement lets users restore any version of a file that's up to seven days old. Periodically, at the client's request, I copy the files from the archive disk drive to a USB drive for long-term archiving.

If you're going to use DFS for remote backups, you'll find the DFS enhancements in Windows 2003 R2 to be worth the investment. DFS on Windows 2003 R2 is more stable and efficient than on Windows 2003 and is easy to manage and troubleshoot.