The last couple of days I’ve read a whole bunch of tweets and blogs on Veeam’s FastSCP. Everyone highly praises FastSCP because it is really really fast compared to WinSCP. I’ve been testing it myself in the past and indeed it is. With the release of 3.0 Beta that probably hasn’t changed a bit.
Keep in mind though that FastSCP is faster than WinSCP because FastSCP doesn’t encrypt the data that is being copied. WinSCP does encrypt the data and I consider WinSCP to be more secure than FastSCP. FastSCP does use an SSH control channel though. An SSH control channel can best be described as a secure channel which is used to pass user/password/port information. In addition to the ports used for SSH other ports need to be opened up for FastSCP to work, which increases the attack surface of the ESX host. Some of you might have security policies in place, this might be the time to start reading it.
Don’t get me wrong, it’s not that I’m telling you not to use FastSCP cause it’s a wonderful tool, but it might not be what you are looking for. If you do require an encrypted file transfer WinSCP would be the way to go. WinSCP even gives you the option to pick between the different encryption types. In other words, think before you use…
Jason Boche says
I find the Virtual Infrastructure Client’s datastore browser to be comparable in speeds to Veeam FastSCP. WinSCP is all but unneeded at this point.
I agree with Jason, however I’ve found the datastore browser doesn’t automatically refresh the views. It can get confusing sometimes if you don’t pay attention.
Personally, I use NetSarang’s secure terminal emulator, Xshell and secure file transfer agent, Xftp. Both are tightly integrated and relatively fast.
You can always tweak the encrypition used in a scp transfer. I find switching to something like blowfish encryption can vastly increase my throughput levels without using new software.
If you run the healthcheck script you have to use a utility like winscp or fastscp as the datastore browser does not give access to the traditional linux partitions. I like fastscp because it will do a “su -” for you at gui login.
vikash kumar roy says
As soon as I popup your website my machine get infected with virus
Well, you cannot really use WinSCP on ESXi without putting ESXi into “unsupported” mode and enabling additional services which increases the attack surface of the ESX host even more… so WinSCP is not really an option for secure transfers as well.
“so WinSCP is not really an option for secure transfers as well”
WinSCP does encrypt the data and I consider WinSCP to be more secure than FastSCP.
Unsupported mode just opens the SSH port. If you follow security practices and and disable root (lock-down mode). The damage with the “BIG if break in” will be minimal.
Actually, you can run WinSCP faster by specifying the approriate encryption and some more options. When I run scp on Ubuntu its tranfer speed is good enough, probably equivalent with FastSCP.
Some options like this:
scp -C -c arcfour256 [email protected]:/var/bigfile.iso .