Please do not buy one of these for use at BMC! Your Local IT must be involved and usually do not allow these on the network. For large parts of BMC this is BMC-IT, Rudbeck-IT, IT-division/UADM/EP or Uppsala University Library and as far as I know none of us allow or recommend these. (2018-09-21)
Apple Airport Time Capsule is a great tool for a home or small office, providing simple backup, Wi-Fi hotspot and NAT-router all in one.
But we really recommend a normal external hard drive for backup. Keep one at home and one at work.
Also be aware that a backup, where the client has full write access to the backup and can erase old versions of the backup, do not protect against ransomware attacks. The attacker may destroy old backups from the compromised client.
Here is a summary what the problems may be with this kind of equipment:
- SUNET and the Security and safety division at Uppsala University require that it is possible to identify which user is doing what on the network. NAT (in this level of home or small office equipment) is hiding this.
- Apple AirPort has built in DHCP-server. When connected the wrong way (NAT-ports) to the department network the device will give IP-addresses to the other computers on the network. This will mess up the network. In the best case (when both WAN- and LAN-ports are connected at the same time to the department network) all that happens is that all traffic will pass through the Apple AirPort which will then act as a bottleneck. In the worst case (only LAN-ports are connected to department network) nothing will work and the whole department network will go down.
- The Uppsala University IT-division is responsible to set up Wi-Fi-hotspots all over the Uppsala University campuses. The frequencies has been planned so that they do not interfere with each other. Even when using using a frequency that is not the same as the closest hotspot the frequency may interfere with other hotspots frequencies further away (but still in range).
- We have been running the backups for many clients for several Mac servers using the same technology. It has shown that, although not very often, the backups using time machine over the network may go corrupt. Then the backup is not worth much. The problems may or may not be related to the use of a flaky network adapter (in particular the USB-Ethernet adapter used by Macbook Air).
- By using the university centrally managed DHCP-server and routers it is possible try to help each other with management. Both the IT-division and the BMC-IT can help with finding problems with the network. When using this kind of small office / home office equipment it is really hard for somebody else to know what is going on. You are on your own.
It may be theoretically possible to turn off all server functions including NAT/Wi-Fi and then secure it with accounts, but it may not be worth the effort. When doing that (turn off NAT and only do Network bridge, turn off Wi-Fi) if the settings are reset by some reason, make sure that the AirPort in a reset state do not mess up the network - only attach the WAN port to the department LAN. The equipment is best used at home or at a small office.
At least these things has to be done:
- Turn off NAT and DHCP-functionality.
- Turn off Wi-Fi.
- Set up with account and password protection.
- Set up internal firewall in the equipment so that no one outside the department network can access it.
- If that do not work:
- Set a fixed IP for the device
- Set up the campus router filter so that no one outside the department network can access it.
- Actually set up both internal firewall and router filter if possible.
- Make sure that the firewalls are working.
- Make sure only the user creating the backups can access them.
This list is not guaranteed to be complete.
Our suggestion is to move the equipment to the home office for a backup when working at home. Then get another hard drive for the office.
If you need better Wi-Fi coverage contact firstname.lastname@example.org and then we can together with IT-division hopefully improve the location and coverage of the Wi-Fi hotspots.
So what to do instead?
- Get a normal hard drive and use Time Machine on that one. Get a hard drive at home and one at work. This will take hopefully a backup of the whole computer on two different places.
- Store important data on a file server. Like the HNAS file server at the university.