Disaster Recovery – The Basics

More and more I see companies who are backing up their data in quality ways, using a combination of good equipment, strong processes, and industry recommended best-practices.  Make no mistake – I’m happy about this.  But I’m also seeing many of these same companies who are considering their backup to be their disaster recovery plan.  Unfortunately, no data backup, no matter how good, is a disaster recovery plan.  Now, I’m not trying to preach about disaster recovery…well, okay, that’s a lie.  I’m planning on doing a little preaching.  But truly, there is a difference between a disaster recovery plan and standard data backup plan.  Ultimately, disaster recovery is the means to an end with the “end” being business continuity.  And everyone likes business continuity, right?  So whether you decide to put together a full-blown disaster recovery plan or just stay with your current data backup, knowing the difference can save your business lots of money.  Okay, I’m done preaching.  Here’s some valuable information about what makes up a good disaster recovery plan, and how to put one together…

Note:  A true disaster recovery plan includes phones, facilities, data, and more.  I’m just focusing on the data portion of things in this article.

Generally, “disasters” come in three flavors:

• Hardware failure (bad hard drive, motherboard, network card, etc.)
• Software failure (“bluescreen” is a familiar term for a reason)
• Physical failure (flood, fire, etc.)

So let’s keep things simple.  Good disaster recovery generally includes a mix of the following components:

• Quality data backup (preferably onsite and offsite)
• Imaging
• Redundancy

Let’s explore each of these in a bit more detail.

Data backup:

• Onsite – use a hard drive backup system (preferably a quality internal/external chassis that has removable drives).  In terms of reliability, ability to restore quickly, and length of service, hard drives are simply better than comparable tape systems.
• Offsite – Offsite backup solves a number of security & operational concerns, and is very cost effective these days (about $1 per GB per month is pretty common).  Because it’s automated, you don’t need to worry about people remembering to take data offsite and you can control the amount of data that is backed up offsite.

Imaging:  Imaging is the process of taking a “snapshot” of an operating system.  When applied to server systems, the use of imaging can literally save tens of thousands of dollars in recovery costs.  Imaging fails when it comes to restoring data granularly (a single e-mail, a single document, etc.), but for true disaster recovery, imaging can’t be beat.

Redundancy:  Creating a network devoid of “single points of failure” is almost always too expensive to employ, but the concept can be used effectively to significantly reduce the chance and effect “failure” can have on your business.  Some good uses of redundancy would be:

• Quality server design (multiple hard drives, fans, power supplies, etc.)
• Use of a quality SAN (Storage Area Network) in a virtualized server environment (VMware software is great in these environments)
• Server redundancy (two servers deployed in a fully redundant architecture).  Stratus Avance is amazing software that accomplishes this at a price small and medium sized businesses can absorb easily.
• Network switches deployed in a balanced architecture with enough capacity to assume full connectivity should one fail.

The last piece of a good disaster recovery plan is the plan itself.  Now that you have all these quality pieces in place, you still need to have a plan in place should a disaster strike.  Here are a few good ways to start putting your plan together:

1. Know your operational costs (by the day, by the hour, etc.).  Granted, this is only half the equation (operational costs don’t include the impact downtime will have on your clients, nor does it include other opportunity costs you may have), but it is an absolutely necessary ingredient for creating your plan.
2. Define your tolerance for downtime.  Some businesses can handle a day or two of downtime.  Others can’t afford an hour of downtime.  Determining how your tolerance for downtime will go a long way in putting your disaster recovery plan together
3. Define a budget.  If you know your operational costs are $25,000 per day (for instance), you then have good information from which you can create an appropriate budget for avoiding downtime.
4. Design your network appropriately (data backup, imaging, redundancy, etc.).
5. Put it on paper.  Just like everything else in business, putting it on paper helps make it happen.

How Much Power Should the Internet Police Have – And Who Are the Internet Police?

Time to look at a sensitive, exponentially issue-inducing question: who should police the internet and how much policing should they, or anyone, be allowed to do? In this blog, we will be looking at the topic of domain name policing in particular.

We are constantly reminded of the anonymity and opportunity the internet affords its users. These freedoms are one of the founding principles of the internet: that it be an open canvas on which anything can be painted and anyone we want can view it. The internet was supposed to be a virtual land where the most typical, average person could stake a claim and make a small piece of it their own.

Like all newly-settled worlds, however, it cannot remain so forever. Various organizations have come about to monitor the internet and keep its users and their information safe. The Internet Corporation for the Assigned Names and Numbers (ICANN), a non-profit in contract with the U.S. government, exists to manage internet addresses and oversee the addition of new domain suffixes. The most popular suffixes currently in use are .com, .net, and .org.

 A recent article on CNET.com once again brings to light the issue of domain name – and ultimately internet – governance. The United States government, among other governments both national and local, is looking to gain more power to allow or deny domain names. This has been a battle that has been raging in the internet background for as long as it has existed, and is a topic filled with shades of gray. For the past seven years, the domain suffix .xxx has been contested over by three camps: those who wish to use it, those who wish that it not be used at all, and those who wish not to be forced to use it.

Many adult content webmasters want to have the suffix .xxx be as useable as .com or .org, to give them their own space on the internet and make them easier to find. Currently .xxx is not a functioning domain. The United States government and many conservative organizations do not want the .xxx domain to exist, seeing it as comparable to allowing an adult video store on the same block as the white house.  On another end of the argument are those who see this new domain as a way to keep all of these adult content websites in one centralized location, so no one can accidentally stumble upon them or so they can be blocked more easily. Some adult content webmasters, and some webmasters who have sex education information on their websites, or others whose main purpose is not adult content but some exists on their site, do not want to be forced to join this new domain.

 Over 115 new domain name proposals are expected this year, and some raise controversies, such as the .gay domain. Whose responsibility – or right – is it to say whether or not the .gay or .freetibet domains can be used? If the former were used, it may upset millions of conservatives. If the latter were used, it may upset a government with rule over billions of people. Yet what about the people who want to use those names? What about their rights? They aren’t breaking any laws.

The debate over domain name allowance is explosive because it induces issues about freedom of speech and how much of a role governments should be able to play in the direction and access of the internet. Another example of governmental power over the internet is seen recently in Egypt, where the government shut down the internet in the entire country in an attempt to control its people. Is it right for a government to control something that belongs to no one, and yet belongs to everyone?

Product Spotlight – McAfee SaaS Web Protection

More and more businesses are looking for a good way to protect themselves against the litany of harmful viruses, spyware, and other malware that comes from the web.  In my article Web & Spyware Defense I cover some of the technologies that are effective at defending your business from web-based threats.  Here, I’d like to focus on the one of the products we believe balances effectiveness with cost, the best.

McAfee SaaS Web Protection  is a service provided by McAfee (formerly MX Logic) that effectively “scrubs” incoming and outgoing web traffic to ensure web threats don’t get in or out of your network.  It also provides options for limiting access to certain sites and can generate some valuable reports on web activity (by user, device, site, etc.).  Additionally, it includes a simple, straight forward user interface and has a price point under $3 per device per month.

How it works

The architecture of the solution is very simple: your company’s Internet/web traffic is routed through McAfee SaaS’ servers and scrubbed for harmful software.  Basically, it is a standard, cloud-based solution.

Effectiveness

We have deployed this solution for a number of our clients and it simply works.  There is no substitution for seeing how a product or service works in an actual production environment and this is one that lives up to the hype.

Note: Cloud solutions are often incredibly valuable solutions, but like any technology, they aren’t for every business.  At ITP we always recommend reviewing technology solutions within the context of your specific business goals, culture, processes and people.  Of course, if you need some help with that we’ve got some great people here at ITP that can help.

Who Owns the Cloud?

When computers were first invented, history dictates that there were some, perhaps many, who scoffed and refused to accept that they would change our lives in the incalculable ways that they have.

When the internet came out, many could not understand why they would want to connect other computers to their own or the purpose of such a tool.

The reasons for such rejection and speculation of technological advancements are many, including but-not-limited-to: lack of detail, misinformation, contentment in already-working systems, and fear of the unknown. While I do not believe fear to be as culpable a reason when it comes to computer technology as compared to, say, nuclear technology or what your five-year-old cooked you for breakfast, I do believe the three former reasons to be legitimate.

The first two reasons, lack of detail and misinformation, are directly related. Although the name “the cloud” is fitting, it can also downplay the fact that the cloud is a real and working system, albeit a very large and multi-faceted one. Microsoft’s commercials that present a problem, then a savvy cloud user announcing “To the cloud,” then their problem solved by the cloud, show glimpses of what the cloud is capable of that could make it appealing to an everyday user, like remote desktop access and video conferencing.

These commercials show the most basic examples of cloud computing, but do not really explain what the cloud is or how to jump onboard. In addition, Microsoft must be careful not to make it appear that the cloud is a Microsoft invention but, rather, that they are one of many companies that is making use of the cloud. It may encourage utilization of the cloud by making known to more people that the cloud is not one company’s brainchild, but rather a fruit of the digital and internet age that all of us, users and developers, have helped bring about.

Regarding the contentment in already-working systems, the cloud is merely a way of connecting all of those systems and streamlining availability, scalability and synergy, which are useful both at home and in the workplace. The cloud possesses currently incomprehensible potential to shape how we handle information and, thus, our businesses and our lives. 

Like so many leaps forward, it will take some time for people to understand what the cloud is and how useful it can be, and how much smaller it is making the world, by putting in reach what we need, thanks to digitalization and the vast interconnectedness and availability of the internet. The important hope we have as the cloud moves forward is that it remains as open as it is today and that no company attempts to build legal or digital fences around what they believe to be their property within the cloud.

Automated Offsite Backup

There is no question that the secure, reliable retention of data is absolutely critical to good business operations – and, of course, that includes the ability to recover your data in the event of a disaster.  Consequently, more businesses are prioritizing their data backup procedures including regular verification of data integrity and disciplined off-site storage of backup media.  Yet, businesses are finding that even with rock solid procedures, there are still many areas of concern.  Here are a few  of the most prominent concerns:

Traditional Onsite Backup Issues

• Media (tapes or drives) must be tested regularly to ensure data integrity
• Reliability – most onsite backup systems (software & hardware) fail to backup all of your data.  Often a few corrupt files, or an open database connection can derail the backup process
• Lifespan – a quality backup system will last between 2 and 4 years depending on the quality
• Maintenance – In order to have confidence in the backup system it needs to be maintained regularly.
• Security – For any given onsite backup solution, there needs to be an off-site option.  Often, this amounts to an employee taking the backup media home with them.  Obviously, this presents significant data security concerns – especially if the employee needs to be terminated at some point.

Make no mistake, onsite backup is a good thing – it’s just that there are some undeniable drawbacks.  Consequently, more businesses are turning to automated offsite backup as a solution (i.e. backing up to the cloud).   The one notable drawback is that you have an ongoing monthly cost, yet the advantages often outweigh the concerns about ongoing cost – especially considering the fact that costs have fallen significantly over the past 12 to 18 months.  And the operational benefits are undeniable:

Benefits of Offsite Backup

• Security – Encrypted data transfer means that automated offsite backup is often far more secure the traditional onsite backup
• Automation – No switching tapes, drives, or transporting backup media to other locations
• Reliability – Today’s online backup systems are highly reliable.
• Retention – retaining data for more than two weeks is easy to accomplish, and for even longer retention periods, offsite backup is significantly less expensive than onsite data storage

Like all technologies, backing data up to the cloud isn’t for everyone.  And even if you do decide to invest in cloud-based backup, it doesn’t mean you need to abandon your onsite backup.  In fact, having some onsite backup never hurts because when it comes to your data, you have to be 100% certain that you can recover what you need when you need to recover it.

Web & Spyware Defense

There are few IT issues that are more pervasive or costly for businesses these days than spyware.  Spyware not only affects the system it infects, but also tries to distribute itself to other systems.  Additionally, it can be incredibly difficult to “clean” the infected system, often requiring the system to be rebuilt. Worse yet, standard methods of protection often fall short because users can easily circumvent them and click on a link or advertisement that invites spyware into their system by accident.  Much like spam defense solutions, deployment of onsite devices have become more popular, and to some extent those devices are effective.  But the significant upfront costs and the maintenance required to support the devices have both become detractors from these solutions.  Consequently, cloud-based solutions have been growing in popularity. 

In essence cloud-based web defense solutions provide:

• Protection against harmful links, sites, and spyware
• Granular control of the websites staff members can access
• Integrated reporting showing web activity for staff members
• Low-cost, zero maintenance solution

As always, this solution should be reviewed in context of your specific business needs and goals, but cloud-based protection against spyware have proven to be quite effective.  And with the additional control you get for managing your outgoing web traffic, cloud-based spyware protection is quite a powerful solution.

iPad vs. Netbook

If you have watched TV or talked to a human in 2010 you know the general buzz and “coolness” factor of the iPad.  The question I have been getting more lately is to compare the iPad with a Netbook.  Some might say its not a fair comparison but from a business standpoint both have around a $500 price point at their lowest and both aim to provide fast access to your data with long battery life.

So lets compare:

As you can see there is no clear “Winner” the answer to which device is best for your business depends on the specific needs of your users and applications.  If the instant On and battery life of the iPad is a requirement for walking around and meeting patients than the iPad is your winner.  If you need Windows to run that mobile application or Internet Explorer for that one key web application than you need a Windows Netbook.

Don’t forget about the Linux netbook as an option.  Linux offers better battery life and performance for basic web usage. You can still Remote Desktop to your windows machines or use Logmein if you need Windows without the worry of Windows Update or Antivirus holding your ATOM processor down.  My favorite is by a long time Linux company System 76 (http://bit.ly/hZHXi1).  If you haven’t tried Linux in a while take a look again at how far Ubuntu has come in the consumer market.

Windows, Linux or Apple give us a call to find out which is right for your business and your application challenges.

Virtualization. Simplified.

There’s no doubt that virtualization is becoming more and more prevalent for small businesses of all sizes.  There are lots of reasons for this including:

• Reduced downtime
• Increased performance
• Strong disaster recovery
• Scalability
• Excellent business flexibility

But I find it curious that many companies I meet with are initially confused by the concept.  So…here’s my attempt to simplify virtualization.

At its most basic level, virtualization for small businesses generally involves running multiple server operating systems on one physical server.  That’s it.  Oh sure, more than one physical server can be deployed to create better redundancy, less downtime, etc.  But just knowing that simple concept – multiple server systems running on a single piece of hardware (server) – puts you way ahead of many small businesses.

Remote Web Workplace Active X control problems in IE7 or IE8

Just a friendly reminder to all our clients and loyal viewers that if Internet Explorer updates from 6 to 7 or 7 to 8 because of Windows Updates on your home computer that the activex control used to connect to your machines may get reset.  If this happens when you click the connect button a drop down should come down from just below the URL bar to install the activex control.  You can also click on the gears in the lower right on IE 8.  You may have to five it a second then close your browser and redo the login process completely.   Also make sure you have added your RWW address to your trusted sites list in Tools->Internet Options->Security Tab.

RWW is a great economical remote access tool for small to midsize companies.  As always feel free to contact us to discuss RWW vs. Logmein vs. Terminal Services or other remote access products.

ITP Engineers

Want to Lower Your IT costs? Simply be Consistent.

Every firm wants to lower their IT costs. In fact, given the current climate of our economy, firms of all types and sizes are taking a good hard look at where they can save money – it only makes sense. The good news is that it’s not that hard to save money on your technology costs this year. Oh sure, projects and new initiatives will have their place, but what I’m referring to is your support costs. Most of the firms I work with really don’t look critically at how their technology decisions affect support costs – at least not until I point it out to them. So what do I tell my clients about saving on their IT support? Keep things as simple and consistent as possible.

Ironically, it’s not the technology that often gets in the way of keeping things simple and consistent on your network – it’s your staff. I don’t know how many times I’ve sat down with law firms that have over 20 applications installed on their network. Over 20 applications!? Egads, that’s expensive! That means that all 20 applications have to be patched, upgraded, maintained, and possibly the most difficult part – they all need to “play nice” together on the same network. When I explain this to the firm and show them how much it’s costing them, they’re always receptive to removing some of the applications – until, of course, the attorneys are told their pet application is going to be removed.

But the problem is usually solvable if it can be quantified into dollars and cents which, in most cases, is just a matter of a little quick math. Does the application provide value to the firm greater than it costs the firm or not? You’ll find some applications really do make a difference to a firm’s bottom line, but many don’t. Get rid of the ones that don’t and you’ll save on the cost of keeping the program updated along with the support costs. Once you’ve been able to weed out many of the applications that are bogging down your network, you should find not only that your support costs have gone down, but your technology will likely run better, too (check out this article from law.com on some of the benefits). Now, if the firm can also standardize on hardware… Well, maybe I’ll save that for another post.

Anyhow, I strongly suggest you take a few minutes to look at your firm’s technology. There is no doubt that if you keep your technology as simple and consistent as possible, you will save real, bottom-line dollars and you’ll probably reap a few performance benefits along the way, as well.