Business grade sync?


Wil

Recommended Posts

Hi

I have been tasked with finding a good way of replicating a few folders to many users... I was experimenting with Bittorent sync privately and am impressed.... I love that I can have multiple different "base" folders instead of just sharing a single folder and the subdirectories as is the case with many other solutions.

However, my only concern is the security... I have read many threads saying how it isn't likely to guess anyone's code(s), and whilst I agree it is highly unlikely, I feel it is far from impossible - and if this application becomes popular with hundreds of thousands, if not millions of users, we would be stupid to think that it wouldn't happen at least once.

I feel this application will be a great replacement to pretty much the only alternative (Microsoft DirectAccess + DFS + Offline files), but, I am concerned about the security as there would be very sensitive data being replicated.

Reading up on the protocol, is there a way of making this more "business grade", e.g. I could install a central tracker or get all clients to use known host only? (I realise that this will probably stop the local/lan exchange).

In addition, if someone was to leave the company, I am guessing that there is no way to revoke access for that one person if they still have the key and host list?

... So many solutions out there such as Dropbox have so many limitations when you scale that do not meet the needs of larger companies - and they become so overprices once you start adding a few users... Many companies like mine have a real need for good distributed file management and also own our own hardware infrastructure so it just seems silly to pay a company for hosting it, I would however gladly pay for a "private" version of Sync that ran on my own servers/easier user management e.t.c.

Just wondering if there are any plans for this sort of thing in the future?

Link to comment
Share on other sites

However, my only concern is the security... I have read many threads saying how it isn't likely to guess anyone's code(s), and whilst I agree it is highly unlikely, I feel it is far from impossible - and if this application becomes popular with hundreds of thousands, if not millions of users, we would be stupid to think that it wouldn't happen at least once.

There are numerous threads already discussing security: 1 | 2 | 3 | 4 | 5

Reading up on the protocol, is there a way of making this more "business grade", e.g. I could install a central tracker or get all clients to use known host only? (I realise that this will probably stop the local/lan exchange).

The whole point of BitTorrent Sync is that it doesn't use/require a centralized server!! ...if you wish to run your own "pseudo-tracker", you can use the "predefined hosts" options that already exist in Sync to "get all clients to use known hosts only"

In addition, if someone was to leave the company, I am guessing that there is no way to revoke access for that one person if they still have the key and host list?

Correct! At present, you would have to re-issue a new secret in such instances as there is currently no way to "ban" or "revoke" specific hosts. (Feel free to suggest this in the "Wishlist" thread though, as it would certainly be a useful addition to Sync!)

I would however gladly pay for a "private" version of Sync that ran on my own servers/easier user management e.t.c.

Sync can already be made "private" - just disable the Relay, Tracker, DHT, auto-update options, etc

Finally, do bear in mind the current "alpha" nature of BitTorrent Sync, it would be unwise to consider rolling out any software in "alpha" stage, especially if you intent to be syncing "very sensitive data". It'd be better to wait until Sync migrates out of its alpha/beta phases.

Link to comment
Share on other sites

However, my only concern is the security... I have read many threads saying how it isn't likely to guess anyone's code(s), and whilst I agree it is highly unlikely, I feel it is far from impossible - and if this application becomes popular with hundreds of thousands, if not millions of users, we would be stupid to think that it wouldn't happen at least once.

It's far more likely that you will be the only person to win an accumlator lottery using your mother's birthday from a ticket that you found in a cookie jar on your birthday then going home to find your house has been burnt to the ground after being struck by lightning, blown up in a gas explosion and demolished by two semis driving through it!

Then meet a guy named Phil who used to have only one head.

Link to comment
Share on other sites

Just wondering if there are any plans for this sort of thing in the future?

We do have specific plans for Sync for business. This version of Sync will cover some of your concerns and will have features that is required by enterprises and SMB. At the moment Sync is pure consumer product that might be used in some business cases.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.