replicating to DMZ

[ilpadrino]

Does anyone have suggestions for replicating/synchronizing data between a domain server's file share and a non-domain server in a DMZ? We want to put a webserver in the dmz and off the domain, but we need to copy files there every hour.

Thanks.

 

[Roadki11]

i would just schedule a .bat on the source server to copy the files to the dmz server. or i also used the following sync program, works good, its free if you only need moderate use, its cheap to license if its used to move large amounts of data. very configurable.

http://allwaysync.com/license.html

RoadKi11

 

[blakey2]

Hi,

Would this not compromise the functionality of the DMZ?

You would have to have some number of ports to allow network shares etc..?

The following ports are associated with file sharing and server message block (SMB) communications:
• Microsoft file sharing SMB: User Datagram Protocol (UDP) ports from 135 through 139 and Transmission Control Protocol (TCP) ports from 135 through 139.
• Direct-hosted SMB traffic without a network basic input/output system (NetBIOS): port 445 (TCP and UPD).

Just a thought..

 

[technome]

Would this not compromise the functionality of the DMZ?"
Well in this instance, with a decent firewall, the ports could be opened only from the LAN to DMZ, the reverse could be blocked.

........................................
Chernobyl disaster..a must see pictorial

http://www.kiddofspeed.com/default.htm

 

[58sniper]

robocopy from the resource kit tossed into a batch file, called with a scheduled task.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -

http://www.ietf.org/rfc/rfc2821.txt

 

[ilpadrino]

i believe robocopy is obsolete, i am using xcopy currently for domain member servers, and xcopy i think took the place of robocopy. for my implementation of xcopy, i needed a mapped drive, which requires adequate permissions. this wasn't an issue for domain members.

the other option i've played with is taking hourly snapshots and scripting volume attachments to those snapshots on our san from the web/dmz server. the san is OS/domain independent. but i can only view the files if i follow that function with resetting ownership and permissions.

for the DMZ comments, if not setting up this type of replication, how would you recommend getting the files onto that DMZ server - ftp?

 

[58sniper]

robocopy is part of the Windows Server 2003 Resource Kit. It runs fine. Even on 64bit machines.

It's far from obsolete.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -

http://www.ietf.org/rfc/rfc2821.txt

 

[WhoKilledKenny]

The following ports are associated with file sharing and server message block (SMB) communications:
• Microsoft file sharing SMB: User Datagram Protocol (UDP) ports from 135 through 139 and Transmission Control Protocol (TCP) ports from 135 through 139.
• Direct-hosted SMB traffic without a network basic input/output system (NetBIOS): port 445 (TCP and UPD).

Suggestion, I don't agree with opening netbios ports or running netbios on a web server in the DMZ. What I would do is set up and ACL that allows FTP communiction only between the web server and the internal subnet or ip of a server that will be running the .bat job. Set up FTP on the webserver and run an ftp batch job from the internal server.
To secure the username and password there are third party utilites that can be used to setup secure FTP.
I'm not 100% sure, but you might be able to set up IPSec between the web server and internal network and ecrypt FTP traffic. This is just a guess, I have not researched it... maybe someone out there has implemented this and will chim in...