As telecommuting becomes more commonplace, technical staff are increasingly asked to provide tools to support remote access to the organization's computing resources; access to files and file sharing being one of the most common. While email is frequently used for this purpose due to its ubiquity, it is less than ideal for secure and effective file sharing.
Although network file sharing is often as prevalent as email within the campus network, extending file sharing to remote users presents several challenges compared to email. Common network file sharing protocols such as CIFS and NFS were designed for use in "local" area networks. Making such services available remotely across the Internet raises additional and significant performance and security issues that must be addressed.
Many technical solutions exist to these problems, ranging in complexity, cost, and ease of use. Any solution will be a trade-off between these factors. For our relatively small department, a solution was needed that was primarily cheap, flexible, and easy to use; and hopefully limited in complexity. The target user would have a Windows PC or Mac with broadband Internet connectivity. The solution also needed to integrate well with a FreeBSD server environment and Kerberos authentication infrastructure. After investigating a variety of possibilities, we implemented a system consisting entirely of free software: Samba, OpenVPN, smbwebclient, and Apache+SSL. Windows networking (Samba) as the base protocol provides the most flexibility and ease of use for the target user, allowing network shares to be accessed directly by the OS. Additionally, users may access files through a basic web interface. Authentication and encrypted encapsulation of data are provided by OpenVPN.
This talk will discuss challenges involved, alternative solutions that were explored, and an overview of our solution from technical and end-user perspectives.