1. Remote backup to the HFS over VPN
In August 2010 the HFS started to offer a standalone service to provide members of the University with secure data backup from outside the University Network. As of February 2014 this service has now been integrated completely within the standard 'desktop/laptop' backup service. The practical consequence of this is that users no longer have to choose between a backup service confined only to either the University Network or to remote backup over VPN: they can do both within the standard desktop/laptop backup service.
That said, there remain some important prerequisites, service features and caveats to using the HFS service over VPN; we strongly encourage you to read the sections below, which address these issues.
- To use this service you will need to first install the IT Services VPN client. The VPN client must be running if you wish to download, install or use TSM (for backup or restore) when not connected (either physically or wirelessly) to the University Network.
- You must be registered for the 'desktop/laptop' backup service (not the server backup service). If you have not done so already, you can register via the IT Services HFS TSM client registration page.
3. Service Features
- The service is designed only to support the backup and restore of critical University data for users, whether they are connected to the University Network or over VPN from anywhere else.
The configuration of the client software must be carefully considered and where possible a limited set of data should be backed up. When backing up over VPN, we ask that you only back up your important data, rather than selecting the whole machine for backup. There are two ways in which you can do this, which are not mutually exclusive:
- When you run a manual backup, be selective in what you wish to back up. For how to run a manual backup, please see our instructions for doing so on Windows, Mac, Linux or Solaris. Each of these pages includes information on how you can choose certain files for backup rather than select your whole machine.
- You can set TSM to exclude all files from backup except for one or more key folders, as described in our section on how to exclude everything from backup except a specific directory/folder. This is more efficient than the aforementioned method of repeatedly having to choose which files to back up, though it is less simple to set up. Please note that excluding data from backup means that it cannot be sent to the HFS, and that we do not retain data that has been excluded in this way.
- If you selected the option to have scheduled backups (and if you have not set up exclude rules as specified in the previous point), then you will find that, should a TSM scheduled backup happen to run, TSM will try to back up your whole machine. Such a backup should not be run from outside the University Network as it will be extremely slow. You can prevent scheduled backups from occurring by removing your backup schedule.
- Normal desktop backup limits apply: 200GB upload per day and a maximum backup connection of 10 hours. In practice you are unlikely to hit the former limit when accessing the service over VPN - see the following section for reasons why.
- Normal data retention limits apply: i.e. we require that your backups are kept up to date and are no more that 90 days old. This is in line with our standard deletion policy. If you suspect that the nature of your location will prevent you from backing your data up within a 90-day period, then we strongly advise you to contact us to ask for a temporary suspension of the deletion policy for your account. We will require your name, the HFS account name (nodename) and the period of time requested for.
4. Backup/Restore Speed
The key issue when accessing the HFS from outside the University Network is the speed of the connection. Backups over Fibre-optic broadband will be of comparable speed to a wired connection to the University Network and thus pose no problem. However, the availability of such connections is limited and most of us in the UK still have an ADSL broadband connection. Backups via ADSL Broadband connections are particularly slow as the upload speed of the connection is significantly slower than the download speed. For this reason, where you require a large amount of data to be backed-up (i.e. uploaded), we strongly recommend that the initial backup to the HFS is carried out over a wired connection to the Oxford Network. Thereafter you can use backup -over-VPN for the small incremental backups of files as they change over time.
The download speed (restore) is usually ten times greater than the upload speed (backup) and occasionally the difference can be larger.
Approximate times for backup over VPN compared to over a wired connection to the University Network are given below :
(8Mbps download/1Mbps upload)
Wired University Network
These figures include an approximation, in the case of backup, for starting the session with the HFS and scanning the disk for files to back up; or, in the case of a restore, for waiting for the HFS systems to load the required tape and locate the position of the data upon the tape.
5. Broadband Quotas
As part of the backup process the HFS servers send a list of files which have been previously backed up to the machine performing a backup. This list is then compared with the files found on the disk to determine which files have been changed, created or deleted. For machines with a large number of files this list can be very large. Repeated backups of systems with a large number of files via broadband may, counter-intuitively, cause problems by exceeding broadband download limits. For this reason we strongly recommend that all files except for one or two key directories are excluded from backup (see above), and for machines with lots of small files to back up, to take extra care if using the backup service over VPN.
Connecting to the HFS via external networks (through VPN) can be error-prone for a number of reasons. If you experience problems initiating a VPN connection then:
- Ensure that your VPN connection is functioning correctly. Check for your problem in the VPN FAQ and work with local IT support or Network support to ensure VPN is working, before attempting to use the HFS backup service.
- Verify that you are connected via VPN using the IT Services Networks Who Am I? page and checking your reported IP address starts with "129.67.116.", "129.67.117.", "129.67.118.", or "129.67.119.". Any other address indicates that the VPN connection was not properly established.
- After a VPN connection has been started, if you experience problems connecting to the HFS then please look for the relevant error message in the HFS help and support pages and if necessary contact your local IT support staff.
- Otherwise, please contact IT Services via our help request form.