0

My business has a rather unique problem. We work in China and we want to implement a file server paradigm which does not store any files locally, but rather in a server overseas. Applications would be saved onto our local machines, but data would be loaded directly into memory from the cloud, e.g. I load a docx into word at the beginning of the day, saving periodically to the cloud as I work on it, and turn off my computer at night, with nothing saved locally. Considering recent events, we worry about being raided by the Chinese authorities, and although all our data is encrypted, it would not be hard for the authorities to force us to give up the keys. So the goal is not to have anything compromising physically in China.

We have about 20 computers, and we need an authenticated, encrypted connection with this overseas file server. A system with Active-Directory-like permissions would be best, so that only management can read or write to certain files, or workers can only access files that relate to their projects, and to which all access can be cut off should the need arise. The file server itself would also need to be encrypted. And for convenience, it would be nice if this system was integrated with each computer's file explorer (like skydrive or dropbox does, but, again, without saving a copy locally), rather than through a browser.

I can't find any solution online. Does anyone know of a service that does this? Otherwise I'll have to do it myself (which kinda sounds fun, but I don't really have the time), and I'm not sure where to start. Amazon maybe. But the protocols that offices would use on their intranet typically aren't encrypted; we need all traffic securely tunneled out of the country. Each computer already has a VPN to a server in California, but I'm unsure whether it would be efficient to pipe file transfers through it. Let me know if anyone has any ideas.

And this is my first post; feel free say whether this question is inappropriate/needs to be posted elsewhere.

2 Answers2

1

Really, you have a solution with your VPN connection to California. You just need a server closer to China with lower latency and high bandwidth like in Japan or Taiwan?

You also want to take it up a few notches and spend the time with a good windows administrator to run pre-connection and post-connection scripts on each client to make sure caches are cleaned out and sensitive data is removed when not connected to the VPN.

0

You could, and pretty quickly, setup a file server in Amazon's Asia Pacific region, use disk level encryption - either built into Windows or something like TrueCrypt (http://www.truecrypt.org/). For VPN connectivity you could use a VPN without, again the built-in Windows VPN (should) work, although I have not set it up. Or something like LogMeIn Hamachi which I have/do use very often. Both of which will let you save remotely, over a secure VPN to the encrypted FS. And really, you could have another tool replicate data back to your home base is Cali.

af-at-work
  • 670
  • 1
  • 6
  • 12