ISPConfig. Nextcloud. Guacamole HIPAA. encrypted backups? lots of fun!

Discussion in 'ISPConfig 3 Priority Support' started by craig baker, Aug 9, 2018.

  1. craig baker

    craig baker Member HowtoForge Supporter

    I'm setting up a server for a customer centos 7, perfect server setup. I've installed nextcloud.
    this is a HIPAA environment. nextcloud is HIPAA compliant (according to their website) as long as end-to-end encryption is invoked. but I also need to have a backup solution to backup the data (from the encrypted folders so hopefully no point in re-encrypting! :) .
    any good reliable backup solutions that I can integrate with ISPConfig? make it as simple to maintain as possible? one backup will be living in a bank vault.

    Also - they have a sonicwall and have dual wan connections. I want to make sure they have a failover situtation, so that static ip 1 from ISP 1 if it fails they can still access system via the static ip from the second provider. how does this work in ISPConfig? how painful is this to implement?

    I will probably want ispprotect running - its been strongly suggested to have 'commercial' anti-virus etc. is ISPPROTECT qualifying you think? or is there anything more effective that might be preferable?

    Also I'm looking at guacamole for rdp/ssh/vnc server. now, rdp is NOT hipaa compliant unless you also run a vpn. customer needs to remote desktop to some of the office computers! guacamole involves installing tomcat, and would want it installed on an alternate ip as of course apache is handling port 80/443.
    any other software superior you think?

    and I will need some ISPConfig time after we are all done to have florian check my work! want his stamp of approval. anyone else inside ISPCONFIG have much HIPAA experience? Want to make sure we are doing this all correctly and am more than willing to pay for help :)

    any thoughts? suggestions? comments? complaints (wow THAT is stupid!!)? welcome :)
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I guess I don't qualify for voting here :), so just a short note from my side: ISPProtect is a commercial antivirus / anti-malware software and besides many hosting companies which use it, we have also universities as clients which use it to scan the web servers in their data centers with our software, so I guess it should qualify for that purpose.

    I'm not familiar with exact requirements for HIPAA, so I fear that I can't help you with that.

Share This Page