Backup basics

A data protection plan has three (3) vital components:

1. A backup system.  This can be based on disk or tape, or a combination, along with appropriate backup software.

2. A disaster recovery (DR) plan.  Off-site storage is a must, and data can be moved there either physically, by taking tapes or removable disks to another location, or electronically, by

replicating over a network.

3. Long-Term Archive: Data that doesn’t have to be immediately accessible can be stored on inexpensive media such as tape.  The length of storage depends upon business needs and regulatory compliance.

Being able to backup data is not enough.  You need to be able to restore the data.  Restoring needs to be included in the planning process of backup, DR and archiving.  It needs to be tested periodically.

The essential elements of a data protection plan are:

The data.  Where is this located (local, distributed, off-site, cloud)?  How often does it change?  How much is there (quantity and size)?

–         Hardware/Media.  As our appetites for data storage grow, it’s becoming rare to use tape as the primary backup media.  Also, the amount of time available to perform a backup is shrinking; if it hasn’t already been eliminated (24×7 production).  The primary media for backing up is disk.  After the initial backup, companies can still use tape.  This whole sequence is known as D2D2T (disk to disk to tape).  Copying the backup to a remote site, to another set of disks is known as D2D2D.  A process that is coming into mainstream use is to copy the backup to a cloud location (D2D2C).  An example of a cloud service is FileSafe from Hipskind, in the Chicago area.

–         Software.  There are so many options for software.  Take the time to analyze your needs and choose a mainstream solution to match them.  Get a demonstration of the solution for your environment.  Once you’re satisfied, purchase and install the product.  Be sure to sign up for the maintenance option.  This will keep you current with the software.  If you run into any situations which require you to have a newer version, you’ll be able to get it.  The expense is marginal compared to the cost of the time and effort involved to remediate the situation if you don’t have it.

–         Backup process.  This is critical documentation about the entire data protection plan.  Be sure to cover who, what, where, when, how, and why.

–         Off-site location.  This is a big decision for a small/midsize company; especially if you only have one location.  Get input from all affected departments.

 

More about media choices.

To help you decide between disk storage and tape storage, consider the following:

–         Cost per amount of data.  Tape is the most inexpensive media.

–         Speed to backup/restore.  Disk is the fastest.

–         Administrative time.  Tape takes more time from the standpoint of loading, unloading, and sorting of tapes.

–         Portability.  Disk isn’t portable.  Take into consideration that this is the primary backup, and you’re very likely to be copying the primary backup to an offsite location.  How portable does this primary media need to be?

–         Robustness.  A little difficult to make a call; although most people would say that a disk drive is more robust than tape.  Disks are usually configured at a RAID5 minimum.

 

The final consideration, touched upon briefly, is the time to perform a backup.

Is there a time when your systems are not being used?  Usually, full backups are performed once a week.  Daily backups performed are either incremental or differential.  A differential backup saves data that has changed since the last full backup.  An incremental backup saves data that has been changed since the last backup.  For example, we perform a full backup on Sunday and perform differential saves the rest of the days of the week.  Monday’s backup contains data that has changed since Sunday.  Tuesday’s backup contains data that has changed since Sunday, etc.  At any one time, you only need two backup instances to perform a restore – the full backup and the one day’s differential.  In an incremental scenario, you can need more than two (2) backup instances to perform a restore.  You need to consider how much data changes in a given day.  There is software available if you have little or no backup windows to be able to perform backups.

Denial of Service (DoS) attack

Also known through a more advanced form, Distributed Denial of Service (DDoS) attack.

How does this happen?

 

Employees of a company send emails throughout the day.  They surf the internet and enter their company email address on websites.  The email addresses are gathered by “botnets“.  Hackers pay botnet owners for lists of email addresses.  They then send a continuous tsunami of emails to addresses at a specific domain (yourcompany.com) chosen from these lists.  This is a DoS/DDoS attack.

How do you know if your being attacked?

 

Your internet connection comes to a crawl.  Your email server is working so hard dealing with the inbound email traffic, it can’t do anything else.  The volume of email is so high that your internet connection isn’t large enough to handle it.

 

What can you do about it?

 

In the article “Four Steps to Defeat a DDoS attack“, it lists what can be done.  The options for a small/midsize organization are:

 

1. Use an email security program such as Postini or Microsoft Forefront online protection.  Both these options can be fully outsourced; a cloud service.  You’ll pay a monthly fee for email account.  By outsourcing, you move your domain email address (MX record) to the service provider.  All email traffic goes to their servers.  Only good email is sent to your company email server.  You’re email server doesn’t get overrun, nor does your internet connection.

 

2. It’s critical that antivirus/anti-malware is updated on a regular basis on all PC’s.  If not, a PC inside your firewall can be compromised by websurfing, and become an unknowing member of a botnet.  You may unwittingly become part of the source of a DDoS.

 

3. Be sure your firewall is configured properly; that it has no unnecessary open ports.

 

I’ve been in a situation where I didn’t have email security in place and was pounded by a DoS attack.  These were the longest days of my life.  Once we got email outsourced, normalcy was restored on the network.  Take steps to insure this can’t happen to you.

Cloud Computing for small/midsize companies (SMB)

Cloud Computing is a panacea!  Everyone should be doing it!

Let’s examine these statements from the viewpoint of an SMB.  The first requirement is that the servers already be virtualized (this topic was discussed in a previous blog).  If the servers haven’t been virtualized, they can’t be moved to “the cloud”.

What’s the next bottleneck of migrating to the cloud for an SMB?  The connection between the company and the outside world.  Another words, their internet connection.  Speeds of connections have increased over time.  It used to be, a “T1” (1.544Mbps) was the standard speed for all businesses.  A company could choose whatever vendor they wanted, but the “last mile” was always provided by the Local Exchange Carrier (LEC).  If you’re still using a copper tele-communications connection, this is still the case.  And these local loop charges were usually pretty high compared to the rest of the circuit cost.  The costs have come down over the years as competition has developed.

In the western suburbs of Chicago, Comcast has made strides in making fiber optic connections available to businesses.  Fiber speeds are much higher than T1’s.  Speeds begin at 10MB, going up to 100MB.  They haven’t built out the physical network to all areas.  It’ll take time to get a connection to you.

Another option in the greater Chicago area is Business Only Broadband.  This service uses line of sight antennas to provide internet connections.  Speeds begin at T1, going up to 100MB.  Turn around time to get a connection installed is 10 days from date of order vs the standard 30-60 days for a tele-communications connection.  It works in all weather conditions – rain, snow, sleet, winds.  The cost they quote, is the cost you pay.  There aren’t any additional tele-communications taxes, which can add up to 30% to the quoted cost.

What speed do you need?  That’s something you can only determine once you’ve committed to this sort of connection.  You can get a bit of a feel for this if you already have multiple locations.  Take a look at the “size of the pipe” (speed of connection) between two locations and the amount and type of traffic travelling between them.  Try to extrapolate what size pipe you’ll need to your cloud location.

What other items influence the decision to move to the cloud?

You may need to upgrade the outside interfaces to the outside connections.  This can include additional hardware, such as firewalls.

Your capital budget will decrease since now the cloud vendor is responsible for the cloud infrastructure.  And your expense budget will increase to a fixed monthly cost.

If your company is growing, you’ll be able to react quickly to needs for more servers and/or more storage.  Your cloud vendor will be happy to provide this to you.  And you’ll pay more for it.

As your data and/or computing needs grow, you’ll have to upgrade your pipe connection.

Being in the cloud get you down the path of disaster recovery (DR)/business continuity (BC).  The incremental cost of DR/BC is less than what it would have been if you hadn’t moved to the cloud.

A company is still responsible for all their software licensing, even though they’ve moved their servers to the cloud.  No free lunches here.

Companies with single locations may be hard pressed to develop an ROI case for migrating to the cloud, unless they include DR/BC.  Keep in mind that cloud outsourcing doesn’t eliminate all server administration functions, unless this is included in the outsourcing agreement.  And there are still the day to day IT help desk support issues to deal with.

Virtualization for businesses

I can’t remember where I read this statement recently.  The transition to virtual computing will be the most significant IT infrastructure transformation to date, as it aims to bring together storage, computing and data networking. However, the virtual infrastructure has a profound impact on the network. The vision of a virtual infrastructure is to allow data center resources to flow freely across the network to whatever service requires them.

About 50% of businesses have transitioned to virtual computing.  All large enterprises have done it.  Most midsize organizations with many servers have followed.  Small businesses are the last to convert.  Do these businesses need to virtualize?  They may move to cloud computing before they virtualize internally.

Why do businesses virtualize?

– Get more out of existing resources.  Virtualization allows running multiple server instances (virtual guests) on a single hardware server (host).  The single hardware server is more robust than a single server, so the capital cost/virtual server decreases as you increase the number of virtual guests running on a host.

– Higher energy efficiency.  When you run less hardware servers, you consume less energy for cooling and power.

– Increase availability of hardware and applications.  By using more robust hardware, you get an immediate return through redundancy.  Host servers have redundant power supplies, redundant memory, and redundant processors.  Should something happen to any one of these, your applications can continue to run, without an outage.

– Operational flexibility.  Implementing a new server for a new business application, takes a few hours by bringing up a new virtual server on the host.  It used to take weeks, specifying a server, quoting, purchase approval, building and installing it, then loading the new application.

As you can see, the choice is easy for organizations which have many servers.

Now disaster recovery (DR) and business continuity (BC) are working their way down to smaller businesses.  Smaller companies sell to larger companies.  Their customers want to know that the companies they’re dealing with have thought about disaster situations.  Reasons for this abound – Katrina 2005, electrical outages due to excessive heat and storms the summers of 2011 and 2012.  Virtualization is becoming a necessity (price for admission) for them. 

There is more to virtualizing than just the “front end” servers.  You need to think about data storage.  The most common and cost effective for an SMB is an iSCSI Storage Area Network (SAN).  These devices have built in redundancies so that a few disk drives can be lost and your environment can still operate.  The SAN’s communicate with the virtual hosts over network connections.  This requires more network switch ports.

Next is backup.  You still need to have a belt and suspenders.  Backup technology is now commonly Disk to Disk (D2D).  Disk backup is very fast and can now be done on a “hot” system.  Your backup window is essentially 0.  However, this backup is done locally.  No data has moved off-site.  When thinking about DR/BC, you need to get the data off-site.  This is where the cloud comes in.

 That topic is for another day.

Urgent or important

I attended a SpeedSearch webinar yesterday.    The overview stated “Learn secrets for managing time and priorities”.  We all have preconceptions about everything.  I expected to learn about managing my time about my job search.  The presenter very quickly took this topic and pushed it back to managing time and priorities for my life.  For what is a job search but a part of our lives.  Why should we manage our lives differently when we’re searching for a place to contribute next than when we “have a job”?  Because it truth, do our jobs define us, or do we define our jobs?

Here are a few highlights from this webinar:
– “Urgent things are seldom important; important things are seldom urgent.” — Dwight D. Eisenhower
– Say out loud every day “Most of my time is spent on my most important things”.
– Quality time is spent on things that are NOT urgent, yet important.
– To have the most fulfillment in our lives, we need to manage spending our time in the quality quadrant.
– Examples of quality time during a job search are developing new contacts, researching companies to work for, helping others with their visibility
– Write down your goals.  People who write down goals, achieve them.

I highly recommend this webinar, whether you’re in a job search, or not.  You’ll get value from it your whole life.

Catching up today

I had felt the beginnings of a cold coming on the past few days.  It hit me yesterday.  I was out of touch the whole day.  Was tired all day.  Just didn’t feel like doing anything.  I couldn’t even think.

My body wasn’t meant to be sitting or lying around all day.  It needs to move around, my mind needs to work on something with a purpose.  I wonder why our bodies react this way?  Why do we get sick?  Is there a deeper meaning to it?  I had just been thinking recently that I hadn’t been sick in over a year.  And then, BAM, this hits me.  Is our subconscious actually more powerful than our conscious in controlling our lives?  Hmm.  Food for thought.

I was watching the series “When we left earth” on the Science channel yesterday.  The series documents how in the 60’s and 70’s, the US government (John Kennedy) set the goal for a man to land on the moon.  It’s astounding, to this day, that we were able to accomplish that feat with the technology and knowledge of the day.  Truly amazing.

We need the same sort of leadership today.  Set the lofty goal; one which seems impossible (get the economy growing again?!).  Let people figure out how to achieve the results.

So now I’m back to the goal at hand; finding my next job opportunity at a small to midsize distribution or manufacturing company, upwards of $500MM.

I welcome suggestions or advice on how to build my network into these sorts of companies in the greater Chicagoland area.

Balance of mind, body and sprit

I believe in the balance of mind, body and spirit. We must work on all three (3) to become a whole human being. We work (on) our minds every day. What needs to be done. Who do we need to talk things through with. Where do I need to be. When do I need to be there.

I work on my body by exercising most every day. I’m an avid (bi)cyclist. I go for rides about 5 times a week. On the week-ends, I’m able to go for longer rides than what I’m able to during the week. I usually meet a friend and we go for 25-40 mile rides. I can’t do this during the week, due to the tempo of events happening.

Finally, I work on my spirit. The primary way is by attending church. However, this is only once a week. I work on my spirit during the week by thinking of things I’m grateful for in my life: myself, my family and friends, my career, and the like. Recently I read that I should visualize “everything you want in your life as if you had it today”. I’m at the beginning of the visualization process on this last point.

I find that many times, I’m working on my spirituality while I’m exercising. When a person is riding along on a bike, there are times you can unplug some from the world around you. It’s at these times that I find my conscious self connecting with my unconscious self. I’ve found that great things come from this. I’ve received inspiration about tangible work issues I’ve been struggling with while I’m exercising.

This past week-end, while on a ride with a friend, I learned about the law of attraction. Basically, send out positive thoughts and positive thoughts will return to you. I’ve added this concept to my spiritual workouts.

Bring Your Own Device (BYOD)

I attended an IT networking group last night. The presentation was about BYOD. We had a lively discussion. Is BYOD any different than the 1st PC was to an organization in the 80’s, or internet surfing in the 90’s? I think the difference is that 10, 20, 30 years ago, people were getting better technology at work than they could at home. Really, who could afford to spend $3,000 for a PC for home in the 80’s? And then when laptops came around; when they weren’t “luggables” any more, people hopped on the bandwagon to be able to get one of those from work.

However now, the retail consumer environment has change drastically. Millions of iPhones were sold on the first day when it was released. Everyone is surfing the web on their phone. Smartphones are as pervasive as water. Yet, this technology needs to be controlled inside a company, due to security reasons. One of the top concerns for a business is their Intellectual Property (IP). IP can easily walk out the door on a smartphone. Of course, the case can be made that IP could walk out the door on a burned CD, DVD, or jumpdrive.

So how does the IT department control BYOD – smartphones, tablets? The best way is to use Mobile Device Management (MDM) software. The precursor to this was a Blackberry Enterprise Server (BES). There was consensus among our group last night that BES is near dead, if not gone already. However, there are hardly any organizations embracing MDM software. According to Gartner (www.gartner.com), a well known technology research company, only 15% of companies use MDM software inside their organizations. The tidal wave is upon us. Is it too late for IT shops to react?

I’m interested in your comments.

How do I add business value & Cloud Computing

I spent the day yesterday, rewriting my resume in a format which makes more sense for today’s times; listing major strategic accomplishments near the beginning, followed by a chronological list of position/companies.  I’m pleased with the way it turned out.  It shows the value I can bring to an organization.  It also gave me a feeling of accomplishment.  Putting this together forced me to take a step back and think about things at a higher level.  When we’re working in the trenches, we sometimes get tunnel-vision.  Time for reflection is very important.  We are not, after all, defined by our jobs.  Though many times we fall into the trap of thinking that way.

I read an interesting article titled “Cloud Strategy: Choose wisely”.  It came down to why considering new technologies requires foresight.  Civilization is continuously evolving; going through paradigm shifts.  The one currently getting all the press is Cloud Computing.  Some would say, this is the 2^nd coming of computer time sharing back in the 1960’s and 1970’s.  The model is similar, the reason it exists is different.  Computer time sharing allowed many people to take advantage of a scarce resource.  Cloud technology allows companies to reduce total computing costs.

There are a dozen things companies have to do to keep the lights on in the server room.  None of them add direct value to the business.  They’re looked upon as a necessary cost.  Outsourcing to the cloud, bundles the cost of computing technology into a fixed monthly cost.

Please share your comments.

Blog day 3.

Job Search Brainstroming

Met with a good friend yesterday to brainstorm ideas for my job search.  Here’s the list in no particular order:

 

• jigsaw.com.  A well known site among sales professionals.  You can sign up for free.  You can look up information about companies.  The business model is based on a points system.  You earn points by adding or updating contacts in the database.  You spend points to get information about contacts you’re targeting.  You can purchase points, if you don’t have enough in your account.
• Reference USA.  This database can be found in your local library; accessed remotely from home.  It has advanced filtering capabilities, such as
  • Company Name/Brand
  • Executive Name/Title/Gender/Ethnicity
  • Industry group/SIC
  • Geographic location – State, City, Metro area, Zip codes, radius, county
  • Business Size – employees, $ volume
  • Ownership – public/private, headquarter/branch, foreign parent, home based, government office
  • Financial data – stock exchange, ticker symbol, credit rating.

Wow!  Thanks a lot of filtering.  Data is downloadable into an Excel spdsht format 25 records at a time.

 

• find the association that supports my target industries. Search for their website.  Many companies are listed in a directory.
• craigslist.com. Small to midsize companies want to get the biggest bang for their buck.  Mainstream career search sites cost money for employers to post jobs.
• call the HR department at a target company.  Ask whether they might have a need for a person of my talents.  Further, ask whether I can send in my resume so they can review it and set up a future meeting to ask their advice for my “treasure hunt”.  HR folks talk to other HR folks.  They’re real people too!
• rewrite my resume (although Chris Rollyson has written in his blog – “an outdated 20th century artifact“.  I plan on revising it and posting it to my About page.  Re-architect it, listing a qualifications summary (who), strategic accomplishments (what/why), technical expertise (how), professional experience (where/when).  My current resume as accomplishments scattered throughout.  The new format will consolidate these.  Anyone who is really interested when/where it was accomplished will ask.  My belief is people want to know this in the quickest way possible.  Moving technical expertise immediately after accomplishments shows the technology I’ve used in supporting the business.

A little segway.  My friend has sold ERP systems to various manufacturing companies.  I confirmed with him my thoughts about my target companies; more specifically, how my skills fit into these organizations.  I don’t have certificates for various Windows technologies.  However, over the past 15 years I’ve run IT systems that supported businesses up to $250MM.  I’ve worked with Distribution Management Software (DMS), Warehouse Management Software (WMS), Transportation Management Software (TMS), Enterprise Resource Planning (ERP) software, Electronic Data Interchange (EDI), barcode scanning equipment (Honeywell/LXE, Symbol/Motorola).  Businesses care about the latter items.  What is the order to cash process?  How do we get reports showing new orders entered?  Orders shipped to date?  What is our outstanding AR?  How many Days Cash Outstanding?  What is the purchase to pay process?  What is our inventory turn rate?  Where is a particular item in my inventory located?  Do I have enough inventory in stock to run theb?  Did we receive all our electronic orders overnight?  Where EDI Advanced Ship Notices (ASN’s) sent to our customers immediately after the orders were physically shipped?  These are the issues important to a business.

 

On the IT side, we need to pay attention to

• security: email, anti malware, remote access, wireless access, mobile device management, firewalling
• age of the IT resources (3-4 years pushing it)
• capacity, speed and availability of IT resources (do we need more storage?  Is the network infrasturcture sufficient for our current/future needs?)
• backups: are they being done?  Can we restore data?
• redundancy of hardware: are we using VMware (n + 1 servers)?  do we have redundant power supplies in critical equipment?  Do we have redundant communication paths?  Are we using a Storage Area Network (SAN)?
• disaster recovery: what is our Recovery Point Objective (RPO)? i.e. how many ERP transactions can we afford to lose?  What is our Recovery Time Objective (RTO)? i.e. How long will it take to restore our critical systems, for the company to continue operations?  Both these metrics have narrowed significantly over the past 5 years.  And let’s not forget a business’ connection to the outside world – the internet connection.  Do you have an alternate communication channel available?  Do you have an Uninterruptible Power Supply (UPS)?  How long will the battery last?  Do you have a generator backup?  Even if the systems are up and running is the rest of the facility operational?  Can employees access the systems in a disaster?  What employees will be available in a disaster?

My friend confirmed that there is definitely a need for someone with my skills, who can understand the business needs and set the technological foundation to support them.

End of my segway.  Back to the resume.  I need to include my LinkedIn profile, this blog URL and my twitter username.

Day 2 of blogging.  Please comment on my thoughts.