Ftp

gunbunnysouljagunbunnysoulja Member Posts: 353
Hey everyone! So I'm looking for options to setup FTP at one of our offices for our workforce to use. Just looking at some suggestions. Thinking about just use an older desktop with a couple 2TB drives in RAID. I saw some NAS devices with built in FTP but I wasn't sure how those would compare to using IIS, etc. Security is important. Drag/Drop as well. Client software might be an issue (govt. machines) so I'm not sure of how many options I'll have.

Thanks!
WGU BSITStart Date: July 1, 2013
In Progress: CJV1 (4 CU)
Transfered: WFV1, TJP1, CLC1, INC1, INT1, EUP1, EUC1, BVC1, GAC1, DHV1, DIV1, CWV1, CRV1, DEV1, CTV1, DJV1, IWC1, IWT1, CVV1, RIT1, CIC1, CJC1, TBP1, TCP1, EAV1, EBV1, TJC1, AGC1 (82 CU)
Completed: MGC1, TPV1, CUV1 (14 CU)
Remaining: BOV1, BNC1, TXP1, TXC1, TYP1, TPC1, SBT1, QZT1 (22 CU)


Comments

  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    Internal FTP, or accessible from outside of the company, i.e. The Internet?
  • gunbunnysouljagunbunnysoulja Member Posts: 353
    Sorry for not clarifying. It would be accessible from the internet and not just the LAN.
    WGU BSITStart Date: July 1, 2013
    In Progress: CJV1 (4 CU)
    Transfered: WFV1, TJP1, CLC1, INC1, INT1, EUP1, EUC1, BVC1, GAC1, DHV1, DIV1, CWV1, CRV1, DEV1, CTV1, DJV1, IWC1, IWT1, CVV1, RIT1, CIC1, CJC1, TBP1, TCP1, EAV1, EBV1, TJC1, AGC1 (82 CU)
    Completed: MGC1, TPV1, CUV1 (14 CU)
    Remaining: BOV1, BNC1, TXP1, TXC1, TYP1, TPC1, SBT1, QZT1 (22 CU)


  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    The two options would be using FTPS (SSL) or SFTP (SSH.) I'm not familiar with what options are out there, but I assume you would want it to interact with AD for authentication? I'm just provoking thoughts in order to help others be able to help you :)
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    Since you have a security requirement and its Internet accesible, I would suggest that you avoid FTP and look at SFTP or FTPS instead. You could potentially explore a webbased HTTPS dropbox of some kind as well.

    Personally, if the user-base community are less IT savvy, I would advocate building an SSL VPN solution and use plain old CIFS. That way the endusers can continue to use their apps transparently.

    Unfortunately, I am not familiar with specific tools or software packages.
  • DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
    For a simple and cheap FTPS solution you can use FileZiller, its free and does the job, widely used in the IT world and easy to set up.

    For a few users i would be fine, it does not tie in to AD sadly so if you need that feature you need a enterprise solution. However you may want to down load fileziller to play with for half an hour before you go and spend money on a full blown product.

    here is the feature sets for it

    FileZilla - Client Features
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    If it's going to be only for users that you control, ie internal employees, Windows 2008 R2 and IIS 7.5 could make sense if you're using AD authentication internally (and then optionally, you could use the new IIS managed accounts for any external users). You could then use other Windows features such as File Server Resource Manager to regulate the types of files that are allowed to be saved to the FTP directory (ie, no executable content) and set policies to clean up this area after the content ages out. And since you're presumably controlling the computers of the end user, you can enable FTPS and give them an FTPS client to use.

    If the server were going to be for your customers or other outside consumers, you might have a hard time getting anything other than standard FTP or maybe an HTTP dropbox kind of solution, since you can't control what those individuals are allowed to install on their computers, and Windows doesn't come with FTPS or SFTP clients.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • gunbunnysouljagunbunnysoulja Member Posts: 353
    Thanks for the suggestions everyone! I'm thinking FTPS via IIS will be a good solution but then I would need to figure out what clients are authorized for Army use (FileZilla isn't). I had hoped to use native windows but as stated it doesn't natively support FTPS. No AD authentication because we are hosting at our contractor facility, and users will be accessing from an Army domain that we don't control. So I'm assuming we will just use username/password.

    In this scenario, would there be much difference from using IIS via a Windows 7 vs. Server 2008?
    WGU BSITStart Date: July 1, 2013
    In Progress: CJV1 (4 CU)
    Transfered: WFV1, TJP1, CLC1, INC1, INT1, EUP1, EUC1, BVC1, GAC1, DHV1, DIV1, CWV1, CRV1, DEV1, CTV1, DJV1, IWC1, IWT1, CVV1, RIT1, CIC1, CJC1, TBP1, TCP1, EAV1, EBV1, TJC1, AGC1 (82 CU)
    Completed: MGC1, TPV1, CUV1 (14 CU)
    Remaining: BOV1, BNC1, TXP1, TXC1, TYP1, TPC1, SBT1, QZT1 (22 CU)


  • networkjutsunetworkjutsu Member Posts: 275 ■■■□□□□□□□
    I use FileZilla FTP Server for personal use.
    For work, we use Ipswitch. I wanted the GlobalScape but the price was really high.
    For IOS upgrades, I just spin up a Ubuntu Server edition with vsftpd.
  • gunbunnysouljagunbunnysoulja Member Posts: 353
    How do you like IPSwitch? That's 1 of 3 that I found to be Army approved.

    JScape and RhinoSoft Serv-U are the other 2. I was working off an old approved list however so I gotta see what's approved now.
    WGU BSITStart Date: July 1, 2013
    In Progress: CJV1 (4 CU)
    Transfered: WFV1, TJP1, CLC1, INC1, INT1, EUP1, EUC1, BVC1, GAC1, DHV1, DIV1, CWV1, CRV1, DEV1, CTV1, DJV1, IWC1, IWT1, CVV1, RIT1, CIC1, CJC1, TBP1, TCP1, EAV1, EBV1, TJC1, AGC1 (82 CU)
    Completed: MGC1, TPV1, CUV1 (14 CU)
    Remaining: BOV1, BNC1, TXP1, TXC1, TYP1, TPC1, SBT1, QZT1 (22 CU)


  • networkjutsunetworkjutsu Member Posts: 275 ■■■□□□□□□□
    I tested three server FTP products from GlobalScape, Ipswitch, and JScape. Out of the three, I like the GlobalScape. Ipswitch is fine. It gets the job done. However, it didn't have the bells and whistles that are for security stuff - like for auditing, DLP, and etc. All three has the web interface so no FTP clients needed - just a web browser and you're good to go.
  • ptilsenptilsen Member Posts: 2,835 ■■■■■■■■■■
    A big consideration is whether you are behind NAT. FTPS is a nightmare behind NAT, depending on your firewall.

    IIS is a great way to do it if you already have a web server provisioned that has no real reason it requires separation from FTPS. I would not turn up a server just to run IIS FTPS, though. Go with third-party if the server will be dedicated. FileZilla is good, but it dislikes some of the cheaper commercial certificates you might buy. It also doesn't work behind certain NAT firewalls.

    If there's some money to be spent, I really enjoyed implementing CerberusFTP. The enterprise version includes some awesome features. I've always been able to get it working behind NAT, when other products failed. One especially awesome feature is a web portal that provides access to the same directories as the FTPS share. You can have different folders in different locations with different permissions with different authentication (LDAP, Windows, local) with different protocols (FTP, FTPS, SFTP, SCP, HTTP, HTTPS) enabled for sharing, web management, web user requests, etc. It's a really polished product, but it could be overkill for your needs.

    If you're not behind NAT or you know your firewall can be made to work, I would say just use FileZilla or IIS 7.5.
    Working B.S., Computer Science
    Complete: 55/120 credits SPAN 201, LIT 100, ETHS 200, AP Lang, MATH 120, WRIT 231, ICS 140, MATH 215, ECON 202, ECON 201, ICS 141, MATH 210, LING 111, ICS 240
    In progress: CLEP US GOV,
    Next up: MATH 211, ECON 352, ICS 340
  • gunbunnysouljagunbunnysoulja Member Posts: 353
    So apparently this is a low budget task so FTPS is out due to the necessity of software purchase (army approved software). So I'm planning on just using a Windows 7 computer running IIS. I noticed when using FTP IPv4 Address and Domain Restrictions, IP's not explicitly specific can still get to the credentials prompt. Login does fail as it should, however I'd like to make it so these users don't even get to the prompt. Any thoughts or is this a non-issue?
    WGU BSITStart Date: July 1, 2013
    In Progress: CJV1 (4 CU)
    Transfered: WFV1, TJP1, CLC1, INC1, INT1, EUP1, EUC1, BVC1, GAC1, DHV1, DIV1, CWV1, CRV1, DEV1, CTV1, DJV1, IWC1, IWT1, CVV1, RIT1, CIC1, CJC1, TBP1, TCP1, EAV1, EBV1, TJC1, AGC1 (82 CU)
    Completed: MGC1, TPV1, CUV1 (14 CU)
    Remaining: BOV1, BNC1, TXP1, TXC1, TYP1, TPC1, SBT1, QZT1 (22 CU)


  • it_consultantit_consultant Member Posts: 1,903
    We use the IPSWITCH software here as well. It beats the pants off of IIS or filezilla. It is also much more expensive.
Sign In or Register to comment.