Archive for March, 2011
Surviving Disasters Large or Small
Mar 31st
Developing a disaster recovery plan require more than just planning for a worst-case scenario. Disasters come in all sizes, so plans must be flexible. When developing a DR plan, think about the small problems as well as the large ones.
For example, a “disaster” might be the deletion of a critical file or folder. Do you know what to do if such a file is accidentally deleted or corrupted? Sometime just restoring it from the Windows Recycle Bin isn’t enough. If you do not have a backup copy of that file that can be accessed quickly and easily, your disaster recovery plan is incomplete.
Another part of developing a disaster recovery plan is ensuring that everyone, from the janitor to the CEO, knows what to do in case of an emergency. If your office has uninterruptable power supplies (UPS) protecting critical servers, staff needs to know this. It does no good for a company to protect a specific server for say, an extra 30 minutes with a UPS, if no one knows that the server needs special care, such as a controlled shut-down, before power goes off.
Knowing where your data is backed up and how you can access it after a disaster strikes also is critical. Is your data being backed up locally, to the cloud, or both? Do the employees know how to access their data if they need to work remotely? Today’s cloud computing services and managed service providers make it possible for employees to work anywhere, any time. Having continuous backups to these offsite backup facilities makes business continuity a reality for companies of all sizes.
Finally, remember to test your plan on a regular basis. Perhaps you will run a full-scale test by turning off all network access in a department or office to see how your employees react. Perhaps it will be pulling the plug on a single network device to see how employees cope. Ensuring that a company’s staff knows how to survive a disaster in advance will make surviving a real disaster that much easier.
- Not all disasters include the total annihilation of your primary data center. When preparing a disaster recovery plan, consider situations of partial data loss. For example, if your Internet connection is down for a short term but all other services are functional, what is your plan?
- Discover and map current network devices. What is the criticality of these devices? How will downtime on those devices impact the business?
- Do you have adequate network documentation for the DR network? When a disaster occurs, everyone will be in a panic. Having proper documentation can be the difference between the success and failure of a disaster recovery.
- How often is your DR plan tested? It’s almost certainly not frequent enough.
- Has proper network resiliency been taken into account for the production network? Think about dual power supplies, redundant network paths and redundant circuits. These network resiliencies may prevent you from having to declare a disaster in the first place.
- Implement policies whereby the DR plan is updated when any new network equipment is installed or network software changes are made. This will keep your DR plan up to date. Change management has a DR impact.
- Make sure you patch and upgrade DR equipment, just as you do any other network system or subsystem.
Don’t forget about network security issues when you have a disaster. No end user will put down “anti-virus software” as a critical need. You don’t want to get your DR network up after 24 hours of work only to have it brought down by a virus. You must think about security because users won’t.
Cloud Computing: Definition, Advantages and Why You Should Switch
Mar 29th
Cloud Computing is the supply of computational equipment and resources on demand in a simple and easy to understand way. The user does not need to know anything about how the technology physically works.
Many of the Leading IT companies such as Microsoft, Google, Apple, Amazon, Dell, Hewlett-Packard and IBM are turning to Cloud computing since it is a convenient service to provide to businesses and users that do not have the time or technical knowledge to do so, cloud computing also saves you the cost of hiring experts to setup your IT infrastructure as well as maintain it.
Businesses of all sizes should use cloud computing, though for different reasons. A small business using cloud computing would be competitive with a bigger company which has greater security and reliability needs. They now have access to the same computing resources in “the cloud”, without having the same upkeep and maintenance costs the bigger company has.
For instance, retail businesses that have multiple store locations nationwide, could save up on time and money by backing up their entire inventory data and systems to the cloud, ensuring the businesses continuity in case of system failure, natural disasters, theft and so on. Cloud also frees businesses from being hardware dependent. Replacing your hardware can be very expensive and with cloud computing it becomes unnecessary.
Companies that create and maintain large amounts of data usually deal with multiple copies of this data on storage mediums such as Hard Drives or DVD’s, cloud eliminates the need for keeping track of all these disks and storing them, especially when using deduplication technology which removes extra copies of the same file from the cloud storage.
One of the big advantages also would be that you will have access to the data from anywhere, lots of cloud backup technologies allow you to access data and download it from anywhere that has internet access, as well as view it and download it on your Smartphone. Given the enormous benefits cloud business computing technology has to offer companies, computer entrepreneurs will surely be thinking of ways to develop it even further.
Another advantage of cloud would be cloud backup. Due to the system’s scalability it expands to fit your needs as you go. Your data can be backed up and stored on the cloud which provides data protection and easy restoration as well as a way to remotely access your data at anytime, from anywhere, which will help guarantee your businesses’ continuity.
For more information about Cloud backup and Disaster Recovery please visit: http://www.genie9.com/cloud/coming_soon.aspx
When Compliance is not Secure
Mar 22nd
There is a difference between compliance with a standard and true data security. Compliance is simply meeting a standard at a particular point in time. For some standards, an IT manager need only to go through a checklist, ticking off various tasks. Just because a task is “completed,” however, it doesn’t mean that it was completed correctly or, for that matter, completed at all.
For example, several security standards today require that companies install and maintain a firewall. Some standards are more prescriptive than others to define what needs to be set and how, while other standards simply state that Web applications filters, for example, need to be installed.
Ideally, security decisions will be part of a company’s overall senior management business strategy rather than an IT line item that carries the same weight as whether or not to buy new printers this year. And simply complying with a security standard does not, in and of itself, make a company secure.
Companies should build their security infrastructure to meet the demands of the company’s needs, not just to pass a security or standards audit. For more information on disaster recovery and backup, visit http://www.genie9.com
Data Security Backup Rules
Mar 17th
If you back up your data to a managed service provider’s server or to the cloud, does your provider need to meet all of the data security standards you do? This vexing question becomes more complex as the number and scope of standards expands.
The Payment Card Industry Data Security Standard (PCI DSS) is a contractual obligation between credit card providers VISA, Master Card, and American Express with companies that that process credit card data and maintain personally identifiable information (PII). The standard is very prescriptive as to how data is protected and transmitted, but it does not require that a third party storing such data be required to meet the same data security requirements as the company that owns the data. That means it is perfectly acceptable for a company that processes credit card data and that has PII, such as credit card numbers or Social Security Numbers, to encrypt the data and then store it offsite. — just so long as your storage provider does not have the encryption keys and has no way of decrypting the data.
The key to protecting data that is backed up or archived is encryption. According to the PCI DSS standard, “Implement and use strong cryptography (such as SSH, VPN, or SSL/TLS) for encryption of any non-console administrative access to payment application or servers in cardholder data environment.” If data is encrypted, the standard allows for that data to be transmitted to a third party without additional security measures at the receiving site. That said, it behooves you to use secure data backup partners, regardless of what the standard say.
That is not the case for all standards. If, for example, your company is governed by The Health Insurance Portability and Accountability Act (HIPAA) of 1996, then your provider will indeed need to be HIPAA compliant as well. Federal regulations are very strict when it comes to medical records, although there is plenty of flexibility in the standard that defines who can have access. Essentially, authorized individuals include everyone from medical practitioners and hospital or clinic personnel to insurance adjusters and clerks.
Some non-medical or medical-related groups, such as law enforcement and federal intelligence agencies, also can obtain access to HIPAA-protected medical records, with or without a warrant. This becomes an issue when the records are held by a third party, such as an MSP. If a warrant is required to access confidential corporate data, only the company that physically holds the data – the MSP or cloud storage provider, for example – would get the warrant; the owner of the data might not know the data is being released.
If your company is bound by any data security standards, it is incumbent on the IT manager to know if that data can be encrypted and stored off-site. Failure to follow the rules set forth in the standards could end up costing the data’s owner with significant fines, loss of your corporate reputation, and in some cases, potential criminal litigation.
For more information on backup and disaster recovery, visit http://www.genie9.com
Risk Analysis = Constant Vigilance
Mar 14th
How much risk are you willing to take with your data? Could your company survive if your systems crashed and your data wasn’t available for a day, a week or a month? Chances are you’d be in the same boat as so many other companies that go out of business when their data is lost.
So what do you do to protect yourself? The answer might seem a bit obvious, but it isn’t. Sure, you need to back up your data. That’s pretty obvious. What isn’t obvious is where and how you do it.
If your business does a lot of transactions or makes modifications to files frequently, then you need a backup product that works as hard as you do. You need to keep constant vigilance over your data. In this case, you should consider a software program that will make constant backups of your data when it changes.
If your company makes relatively few changes on an hourly basis — changes that can be easily recreated if they are lost temporarily — then you might consider a product that backs up your system on a daily basis. If you are in business, then it is probably too risky to just do weekly backups; too much data could be lost.
Now consider where you want to put your backups. Backing up locally means you can access your backups very quickly. This is a great way to do full system restores or to grab a file or folder that was accidently deleted without delay.
However, local backups have their issues as well. If your company is hit by a natural disaster, such as a flood, earthquake, fire or storm and the local office is without power or destroyed, then you will want to have an offsite backup as well. Backing up to a cloud-based service, in conjunction with local backup, gives you the best of both worlds. Cloud backup gives you the ability to restore your system anywhere, anytime. It will be a slower process than a network-attached backup server, but if that backup server is also destroyed or unable to power up, it’s your best alternative.
Experts recommend that you opt for a backup solution that provides you with the greatest flexibility — local and remote, file-based for quick backups with the ability to do a bare-metal restore, and a simple interface that will make the entire process easy when you in the midst of a stressful event.
For more information on cloud- and local-based backups with continuous data protection, visit Genie9 at http://www.genie9.com
Backup Your System Before Downloading Windows 7 SP1
Mar 9th
With the release of Microsoft Windows 7 Service Pack 1, it’s easy to feel the need to download the latest code to make your PC faster, more secure and more reliable. But before you fulfill that need there are steps to take before installing the service pack.
Microsoft’s first major upgrade and bug fix to Windows 7 is massive; using Windows Update, it requires 750MB for x86-based systems and a little more than 1 GB for 64-bit x64-based systems. If you plan to download SP1 from Microsoft’s web site, you need 4.1 GB of free space for 32-bit x86-based systems and a whopping 7.4 GB for 64-bit x64-based systems.
Before downloading and installing this update, it is advisable to make sure you have a current, full backup of your system. Bad things happen to good computers, even when you’re doing the right thing and updating the operating system. A brief power surge, a corrupt download, or simply an incomplete update can lead to the destruction of your operating system, making the system unbootable. However, the proverbial ounce of prevention can save the day.
Before installing the update, run your disk backup software and create a bootable backup of your system. If your backup software has a bootable CD or DVD, then simply back up all of the contents on your hard disk. This includes hidden and system files, so make sure your software can back up those files as well.
Simply backing up your Documents folder will keep your data files safe, but it won’t help you restore your system to full operation.
If you do not have any backup software, download a trial version from a name-brand vendor such as Genie9. You can download a free copy of Genie Timeline 2.1 or a trial version of Genie9’s other backup and restore applications at http://www.genie9.com/download/download.aspx. Once you have your system backed up, then, and only then, install Windows 7 Service Pack 1.
It’s fast and easy to protect your computer from potentially damaging software. Contrast that to the pain and hardship of trying to recover from a failed system upgrade and you will agree that a few minutes of preparation is an inexpensive price to pay for peace of mind.
Should You Back Up a Virtual Machine?
Mar 6th
Virtualization has been touted as the future of data center computing — fewer pieces of hardware are consolidated to address the same or more computing requirements than in the past. However, as IT managers consolidate their resources, the question arises: Do I back up my virtual machine or simply make another copy of it?
One of the misconceptions about virtualization is that as you reduce the amount of computing resources, you also reduce storage resources. In fact, the opposite is true; storage becomes more important and a larger percentage overall of the IT budget.
Generally speaking, backup software will treat the virtual machines differently than a physical server. Running multiple virtual servers on a single physical server results in better resource use during normal operations but can, in some cases, overwhelm those resources during backup. When you have multiple virtual servers running on one host, performance could be reduced during a backup as applications battle for bandwidth. You can, however, run the backup in the background, reducing this fight for resources.
Backing up a in a virtual environment generally requires that VMs be shut down or put into a saved state. This is because part of the virtual machine state information is stored in memory. The state information in memory, plus the state of the virtual hard disk files, along with the state of the configuration file, makes up the current state of the virtual machine. If you choose to back up the files for a running virtual machine, they are most likely in an inconsistent state. Backing the virtual volumes in this state can result in corrupted data in the backup copy.
For additional information on backup products and technology, visit www.genie9.com
Transition to IPv6
Mar 1st
In 1977, father of Internet, Vint Cerf was the program manager for the ARPA Internet research project; he created IPv4 and chose a 32-bit address format for an experiment in packet network interconnection.
And that was the beginning; for more than 30 years IPv4 was used to connect billions of people all around the world until the Internet Corporation for Assigned Names and Numbers (ICANN) announced that it has distributed the last batch of its remaining IPv4 addresses to the world’s five Regional Internet Registries (RIR), the organizations that manage IP addresses in different regions. These Registries will begin assigning the final IPv4 addresses within their regions until they run out completely, which could come as soon as early 2012.
So now what?
IPv6 (with 128 bits address size, that is 2128 IP addresses) must be adopted for continued Internet growth.
However, Internet users won’t notice the effect of IPv4 depletion in the foreseeable future, but in the future there may be parts of the Internet that you cannot reach if the website or service is an IPv6 only network, and your Internet Service Provider (ISP) does not provide its customers with IPv6 addresses.
As a response, the Internet Society (IS) and large site operators, like Google, Facebook, and Yahoo, have agreed to test their readiness for IPv6 and announced for “World IPv6 Day”. A 24 hours test period for the Internet’s savior in which the participants will offer their content over IPv6. The goal of the Test Flight Day is to motivate organizations across the industry – Internet service providers, hardware manufacturers, operating system vendors and web companies – to prepare their services for IPv6 to ensure a successful transition.
So are you ready?