Get best of the week

How not to let the accountant throw himself or We transfer 1C to the cloud. Step-by-step instruction

How are companies currently kept records? Usually this is the 1C package installed on the local computer of the accountant, in which a full-time accountant or an outsourced specialist works. An outsourcer can run several such client companies at the same time, sometimes even competing ones.

With this approach, access to settlement accounts, crypto protection, electronic document management and other important services are configured directly on the accountant's computer.

What does it mean? That everything is in the hands of the accountant and if he decides to substitute the owner of the business, then he will do it once or twice.

x / f “RocknRolla” (2008)

In this article we will tell you how to securely lock all services, including 1C in one cloud, so that you have the opportunity to chop off all services with one button, even if the accountant flew to the fabulous Bali.

What could possibly happen? Two real cases


Sysadmin from Wall Street


The wife of our co-founder is an experienced accountant, and last month a large restaurant chain in Moscow turned to her for help. The restaurant kept all the databases on its server, which were managed by a permanent system administrator from the restaurant team.

Right at the moment of the accountant’s work, the system administrator went to an online casino and picked up a virus that destroyed the entire database. Whom did everyone blame on? That's right, for the accountant who just arrived.

The heroine is very lucky that her husband is the managing partner of the hosting and understands such things. After long bickering over the phone (our colleague was ready to leave and clean the administrator’s face on his own), evidence was found and the culprit punished. But the database was lost, that is, for the sysadmin, the happy end did not happen.

Laptop stuck in someone else's apartment


This is an old story of our other friends.

An experienced woman 64 years old regularly led the bookkeeping of an online store of Chinese gadgets through 1C. The client and the base were stored on the laptop that she was given at work. It was convenient: it is easy to print from office printers, the base is small and fits on a netbook, you can take it with you to the cottage or home.

Then a tragedy happened: on Friday evening she was taken away with a stroke in an ambulance. The netbook stayed at home because the accountant was responsible and took the weekend work.

The laptop, of course, was rescued, the accountant recovered, but if you transfer this situation to these days and replace the stroke with a coronavirus, then the operation of rescuing the computer from a closed apartment takes a completely different scale.

Can two cats and a labrador open the door for you? If even a neighbor is watering flowers and feeding cats, will she give you the computer?

But let's move on to 1C in the cloud - what are the deployment and operation options in the cloud.

What are the options for working with 1C in the cloud?


Option 1. Client + corporate application server + database.

Suitable for large companies where the services of a whole team of accountants are needed. This is a rather expensive option (many additional licenses are required), we will not consider it, because the article is about setting up an accountant for a small company.

Option 2. 1C: Fresh

1C: Fresh is a fairly convenient way to work in 1C through a browser. No settings are required: when renting such a license, the franchisee company will set everything up themselves, you will be given a login and password.

But there are two minuses:

âś— High price: the basic tariff for one application requires payment immediately for 6 months at least two jobs - 6808 r
âś—You cannot configure the VPS server itself, on which many companies work at once. You will only be given the key to your dorm room, based on the principle of shared hosting.

In the fresh, there is also a 1C: BusinessStart configuration, for which a subscription for a share costs 400 r. per month. The configuration options are significantly limited, without a promotion, the subscription will cost 1000 rubles, and you also need to pay for it for at least six months.

Option 3: your own VPS, on which the 1C client and database are installed

This option is suitable for small companies where 1-2 accountants work - they can work quite comfortably even without installing the 1C: Enterprise application server and SQL server.

The main charm of this approach is that a rented VPS can act as a full-fledged working computer for an accountant with a connection to RDP.

When all databases, documents and accesses are stored on a VPS controlled by you, you can not be afraid of either laptops locked in the apartment or a joint escape of an accountant with the system administrator to the islands, taking all the documents and money from the current account. You can disable access with one button by deleting the user.

This method is also good and here is why:

  1. When an accountant works in 1C-products, 1C generates many documents Word, Excel, Acrobat. When the 1C client is running on the accountant’s computer, all documents are saved on his laptop. When working on VPS, everything is saved on the virtual machine.
  2. 1 ( 1: ).
  3. VPS VPN ( 1: ).
  4. 1: : , , .. 1: .

Well, the price, of course. Renting a virtual machine with a 1C license will cost about 1,500 p. per month, if you take the royal tariffs from expensive hosting. This is not much more expensive than the minimum basic package of services 1C: Fresh and significantly cheaper than other subscriptions. You can pay monthly.

The license can be bought from any franchisee, and the price depends on the configuration of the package of products and services, and after the expiration of the term you will have to pay extra for support through the 1C: ITS portal so that there are updates.

If you take VPSwith us, we for this purpose offer a virtual machine with a pre-installed 1C: Enterprise client (just write to us in support with a description of your task). Renting a virtual machine costs approximately 800 rubles. per month, and the cost of renting a 1C license for one workplace will be another 700 p. We provide support at no extra charge, while 1C: Enterprise is updated by our specialists if you write a ticket for technical support.

For an accountant, everything will look absolutely the same - a familiar desktop, icons, you can even hang a familiar wallpaper. And now to the point, how to create and configure such a cloud, access to which can be disabled with one button.

We order VPS with built-in 1C: Enterprise


For an accountant, the ideal OS is Windows. Regarding the power of VPS - in our experience, for the comfortable work of one or two employees with the file server version 1C: Enterprise, there will be enough configuration with two computing cores, at least 4-5 GB of RAM and a fast SSD of 50 GB.

We do not automate the services until we are exactly convinced of what the customers need, therefore, until its connection is automated, we need to order a server with 1C through the ticket system. We will set everything up for you manually.

When you connect to the created virtual machine via RDP, you can see something like this.



We transfer the database 1C


The next step is to unload the database from the version 1C: Enterprise previously installed on the accounting computer.

Then you need to upload it to the virtual server via FTP, through any cloud storage or by connecting the local drive to the VPS using the RDP client.

Next, you need to add the information base in the client program: we show how to do this in the screenshots.





After successfully adding the 1C: Enterprise database, you are ready to work on your own VPS. It remains to configure remote desktops for users and integration with various external systems such as personal accounts of banks or electronic document management services.

Configure Remote Desktops


By default, Windows Server allows no more than two concurrent RDP sessions for system administration. It is technically easy to use them for work (it is enough to add an unprivileged user to the appropriate group), but this is a violation of the terms of the license agreement.

To deploy full-fledged Remote Desktop Services (RDS), you need to add server roles and components, activate the licensing server or use an external one, and install separately purchased client licenses (RDS CAL).

Here we can also help: you can buy RDS CAL from us simply by writing a support request . We will continue to act: install them on our licensing server and configure Remote Desktop Services.

But, of course, if you would like to configure everything yourself, we will not deprive you of pleasure.



After setting up RDS, an accountant can start working with 1C: Enterprise on a virtual server as on a local machine. Do not forget to install standard accounting software on the VPS: office suite, third-party browser, Acrobat Reader.

Now it remains to take care of connecting the 1C client to banking personal accounts.

Set up integration with banks


In 1C: Enterprise there is DirectBank technology for direct data exchange with banks, without installing additional software. It allows you to download statements and send payment documents without uploading them to files if the bank supports this standard of interaction (otherwise you will have to manage text files in 1C format in the old way, but it's okay - now they are saved on the virtual machine).

First, a settlement account is created in the accounting program (if it has not already been created), and then you need to open its form in the organization’s card and select the “Connect 1C: Direct Bank” command. Exchange settings can be loaded into 1C: Enterprise automatically or manually: for detailed instructions, refer to the bank's website. In some cases, integration with 1C products must be included separately in your account.



To set up, you may need a username and password to your personal account in the bank. Most often, two-factor authentication (2FA) via SMS is used.

Another popular option, a protected hardware token, does not suit us due to the use of a virtual server. In addition, the protected medium would have to be removed from the company’s territory and transferred to a working accountant remotely, having lost control over it.

The option with login / password and 2FA via SMS can also be unsafe, although DirectBank technology only allows you to receive statements and send payment documents. To make a payment, they will have to be certified with an electronic digital signature, which is stored on the client’s secure physical medium or on the bank’s side. In the first case, there are no problems: if the external accountant does not have access to the token, he can only generate documents.

In the case of a cloud digital signature, an SMS with a one-time code to confirm the payment is usually sent to the same phone number that is used for authentication in your personal account. Some banks themselves solved this problem by allowing customers to exchange data through DirectBank without 2FA. In this case, the accountant can only download statements and send documents, but he will not get access to money or even to his personal account.

There is another option for separating access levels: many banks allow you to use an account on government services through a single identification and authentication system ( ESIA) It’s enough for the manager to go into the settings of his account, select the “Organizations” tab and invite an employee. When he accepts the invitation, in the "Access to Systems" section, you can find your bank (after setting up integration with it) and give the user access to your personal account. In this case, there is no need to transfer to him the phone or token used for signing payment documents.



Connect to EDO services


Services for the exchange of electronic documents is convenient, and universal udalenka made them simply necessary. 1C: Enterprise client integrates with them, but legally significant EDI requires the use of a qualified electronic signature.

It can be recorded only on a USB flash drive or stored in a cloud service that has the appropriate certificates of domestic regulators.

You cannot upload an electronic signature to any medium or store it on VPS, therefore, usually an accountant works with electronic document management from a local computer by inserting a USB flash drive. A certified means of cryptographic information protection (the so-called cryptographic provider) and a public certificate of electronic signature are installed on it. Its closed part is stored on a USB flash drive, which must be physically connected to the computer for signing documents in programs supporting this function. To work with EDI through the web interface, you will need plug-ins for browsers.



So that a business-critical system does not have to be deployed on a personal computer of a specialist working remotely, VPS is also useful, however, the option with a physical token will not work here.

It is difficult to say how the cryptographic provider behaves in a virtual environment, especially when trying to forward the USB port to the VPS through the RDP client. There remains a cloud EDS without a physical medium, but not all EDI services offer such a service. It costs, by the way, about a thousand rubles a year, not including the monthly fee for the document exchange service itself, which depends on the volumes.

The good news is that almost all popular Russian services have long established mutual roaming of documents, so you can connect to anyone. There is bad news: it’s impossible to completely get away from the paper, because among the counterparties there will certainly be those who do not use EDI.

Configuring access to services using certificates


Many services allow authentication and authorization without a username and password using SSL client certificates, which can also be installed on a VPS, rather than an accountant’s computer.

In the same way, you can configure authentication on corporate web resources. How to do it:

  • Buy a trusted Certificate Authority to use it to sign and verify client SSL certificates;
  • Create client SSL certificates signed with a trusted certificate;
  • Configure web servers to request and verify client SSL certificates
  • Install client certificates for Remote Desktop Users on VPS.

The topic of deploying 1C: Enterprise for small businesses on virtual servers is wide, we described only one way that is suitable for accounting security.

VPS can sometimes do a good job and avoid installing critical IT solutions and transferring private data to a specialist’s computer on a remote site.

We hope you find this article helpful.

More articles:


All Articles