Cloud hosting services on SBS 2008 or SBS 2011 Windows servers in Raleigh Durham NC

Situation at hand: an organization from Raleigh Durham NC is running or hosting an SBS 2008 or SBS 2011 server (or plain Windows server) as a backbone of its computer network . Employees wish to have quick remote access to their home directories because existing solutions like VPN are too slow and Remote Desktop has its own limitations - working with anything but text is a painstaking process if it's feasible at all in case of sound and video. Many would suggest a cloud storage solution like Dropbox, SkyDrive or Google Drive but free cloud hosting services feel rather tight at 2-5GB range, while its `generous` commercial offerings would at least double or triple the cost of an SBS server over the course of its life. In the mean time a typical modern server has 500GB-2TB space readily available and accessible via Internet. The question becomes this: how can we make a Windows Server provide cloud hosting services and establish a synchronization scheme with remote computers? The truth is that any SBS 2011 server already operates as a cloud email solution because its email clients are syncing Exchange Mailboxes just like Dropbox synchronizes file folders. In fact, SBS 2011 provides Remote Web Workplace with Server Shares readily accessible online and one would think that Microsoft could throw a File synchronization client like the one for SkyDrive and bless Small Businesses with an in-house cloud solution, right? Not quite, there's no profit in it as opposed to selling cloud services hosted on their turf and their terms.
no file syncrhonization on sbs 2008 or sbs 2011 unlike emailLet's define our goals and critical points that a suitable cloud hosting service must maintain:
  1. We need a cloud client on any popular platform (Win, Mac, Droid, iOS) that would connect to an office network and synchronize file share(s) granting employees with seamless access to their Home Directories inside and outside the office at a maximum speed.
  2. Synchronization protocol must take into account conflicts, file deletions, etc.
  3. A solution must be driven by an Active Directory in order to preserve "one username-password" philosophy and avoid any dualism in access rights as well as a clutter of usernames and passwords to track.
  4. Data transmission must be secure.

Surprisingly we have found only two suitable solutions.

  • One is an Open Source system called OwnCloud which does the job but not quite ready for serious production with dozens of thousand of files. Nonetheless its development is very active and we firmly believe that it's just a matter of time before OwnCloud becomes mature enough. At the moment its next Version 5 is scheduled to be released in January, 2013. It would take 2-3 hours for an Allora tech consultation to deploy this solution on an SBS server or Windows server with an SSL certificate already in place.
  • The second solution is a commercial product GoodSync. Each client license costs $30 which does provide a full range of control and capabilities outdoing Dropbox or Googledrive in our tests.

Setting up OwnCloud on Windows Small Business Server

OwnCloud relies on Webdav and is built on PHP5 and Mysql (or Sqlite which is embedded into OwnCloud). Luckily setting up a PHP and Mysql Server on IIS 7 / Windows 2008 is a trivial task these days, simply running Setup executables will make it happen in a matter of 10-20 minutes. We chose to deploy Owncloud as a Virtual Directory alongside with OWA: SBS Web Applications. This way we'd simply tag along with SBS's SSL security certificate linked to a domain name. It's improtant to disable Native WebDAV module for the virtual site because it'd interfere otherwise. Basic configuration of Owncloud is also straight forward. At this point OwnCloud's shares should be accessible via Web Interface protected by SSL. As usual with popular Open Source projects there are many add-ons available for Owncloud that handle Contact, Calendar, Image Gallery functionality among other things. Our focus fell on an LDAP extension in order to engage user login information via Active Directory. The configuration required some reading but it didn't take too much effort after all, after it's done once a replication is only a matter of minutes.

At this point the server side is done as it provides a Secure interface to file directories via native credentials driven by a Active Directory. It turned out that Owncloud client is the weakest link of the package. Owncloud's interface has nothing to boast compared to competitors. We had to address a number of issues via tweaking the server settings like handling UTF names or special characters like "+" sign in file names (http://support.microsoft.com/kb/942076/en-us). Owncloud's performance is slower than competition when it comes to syncing file changes (Dropbox only transfers bit-level changes - not a whole file). To offset the short comings there are plenty of additional functionality available - music streaming, public links (password protected and/or carrying expiration dates), picture libraries, etc.

Setting up CloudSync to synchronize with SBS cloud hositng services

GoodSync comes in quite a few flavors including its own "CloudSync Connect" alternative to DropBox. We would rather focus on its clients capabilities which cover a remarkable range of file transfer protocols: FTP(S), SFTP, WebDAV, Windows File Sharing (VPN assumed) and 3rd party  clouds like Amazon S3, etc. Guided by our requirements we naturally ended up  choosing FTPS. This choice would allow us to catch a train of previously deployed SSL by SBS and employ an old-school FTP protocol geared solely for File Transfers with very little overhead. 

Unless you're working on Windows Server 2008 R2 platform you would need to deploy IIS FTP 7.5. Natively FTP service would rely on Active Directory for logon information and retrieving home directory paths. The biggest nuisance with FTP is firewalls of course. There are typically two to deal with:

1) Firewall at the level of an NAT router
2) Native Windows server firewall

The easiest path is to engage a passive FTP mode and dedicate ~100 ports for this purpose (100 would surely suffice for a small business): 60100-60200 range per se. Microsoft' recipe is not exactly straight forward here (who knew?):

a) IIS FTP needs to be configured with a proper port range at the root Level of IIS (60100-60200 for example)
b) Windows firewall ports need to be opened for Passive mode as well (60100-60200).
c) The following commands need to be run to configure windows firewall:

netsh advfirewall firewall add rule name="FTP (non-SSL)" action=allow protocol=TCP dir=in localport=21

netsh advfirewall firewall add rule name="FTP (SSL)" action=allow protocol=TCP dir=in localport=990
 
netsh advfirewall firewall add rule name="FTP Service" action=allow service=ftpsvc protocol=tcp dir=in
 
netsh advfirewall set global StatefulFtp enable

At this point Implicit and Explicit modes should be operational in Passive mode.

GoodSync's default configuration achieves the basic goal of synchronization. Here's an awesome article with illustrations on GoodSync's features and setup: How to set up a file-syncing dropbox clone you control.  The software provides for more versatile configuration to regulate the process of synchronization: time based selection upon conflicts (newer files win), priority selection (laptop wins over desktop), replicating time modification dates vs copying identical files all over again, etc. These options are nowhere to be found among competition like Google Drive, SkyDrive, etc.
Both OwnCloud and GoodSync provide version control but it's much easier to use Shadow Copies and Previous Versions function built-in

We deliberately avoided the question of syncing up Windows Server Shares that are actively used by groups of people. Although it can be done with Owncloud and GoodSync, such file operations quickly become very expensive bandwidth-wise. To make things worse file-locks and conflicts contribute to nasty problems. Dropbox is no exception here in an SBS scenario, especially in view of an independent user-access control system. Allora recommends providing employees with SBS-based cloud hosting services exclusively for synchronization of their Home Directories.

Conclusion

It's clear that when it comes to cloud-based storage commercial offerings are priced rather expensively. If an organization is running a Small Business Server (or a Windows Server... or even a workstation dedicated for file storage) it'd take a competent IT consultant a couple hours to follow well written guidelenes and set up an alternative system for syncing up Home Directories of domain (network) users. Such solution wouldn't expose sensitive data to a 3-rd party and it wouldn't cost a hefty monthly fee for each user.