Meme Monday

It’s that time again to explore data protection myths and details through the power of the meme! Since it seems fitting at the moment, I’m going to spend a bit of time looking at data protection as it applies to remote work.

OneDrive and Backup

First up we’ll start with an animated gif, which sums up pretty perfectly my reaction when someone says, “we’ll use OneDrive for desktop/laptop backup”:

You don’t really think OneDrive is backup do you?

The premise is simple: users can copy their documents to OneDrive when they want a “backup”. Honestly, when I hear this, I don’t just want to scream, I want to scream in rage. This is the laziest sort of IT thinking you can possibly get and it’s wrong in so many ways. Let’s list the top three:

  • It’s replication, not backup.
  • Any backup built around user initiation is doomed to fail.
  • It’s replication, not backup.

Yes, I repeated a point! That’s how important it is. And you should be prepared to scream it until your lungs hurt at any IT team that tells you that you can “backup to OneDrive.”

Users can’t store important data locally

There’s a delightful innocent naivety in this trope.

Can’t store important data locally

There’s a funny constant about users: they’ll do things you think they can’t. It starts by thinking of the most basic things – data validation. Sometimes it seems that half of UI testing is deliberately putting weird data into input fields to see how a program reacts to it. “Enter a number between 1 and 100” works well until someone puts in “-0.ninety π” and suddenly your nuclear control station catches on fire, right?

So whenever I’m told by someone that they don’t need to backup laptop/desktop computers because users can’t store important data on their local systems, I’m reminded of “oh my sweet summer child.”

Users find a way. Jeff Goldblum in Jurassic Park might have made the line “Life, uh, finds a way”, but any data protection expert will say, “Users, uh, find a way.”

Here’s my rule of thumb: at least 10% and up to 30% of your essential unstructured data reside on user laptops and desktops scattered about your organisation. Note I’m not saying of your data, but your essential data. That data might (eventually) be copied to OneDrive or a central file share, but while it’s being “worked on”, it’s sitting on your end-user systems. And it’s always for the same reason: the network isn’t fast enough to be the computer. It’s all cool that you’ve got 10Gbit, 25Gbit or 100Gbit networking backbones in your datacentres, but your users are connecting over variable WiFi or those cheap-as-chips 100Mbit hubs to the data. The first time a document freezes for 20 seconds during a save operation, your user will copy it across to his/her desktop to work on it.

(Those freezes and glitches are going to happen more regularly during a work-from-home situation, so it’s important to start thinking of solutions.)

Desktop/laptop backup is too hard

Look, it’s easy to think that desktop/laptop backup is too hard, particularly if you come at it thinking you can do it with the same install that’s protecting your core infrastructure.

Despite the mythos, desktop/laptop backup does compute

Note that I’m saying you shouldn’t do desktop/laptop backup with the same install, not the same product. Think of your standard systems infrastructure, regardless of whether it’s traditional, or hybrid/private cloud: you design on the expectation that a very high percentage of clients are powered on and responsive 100% of the time.

On the other hand, your end-user computing environment is a collection of systems that are randomly shut-down and rebooted regularly, that might get kicked off VPNs, and (particularly with laptops) switch between wired and wireless networks a dozen times a day as users move around. Yet, you know that users in control of their own backup will be a protection nightmare – both in terms of providing any measurable guarantee that backups will be done and from a security perspective.

If you start firing off backups of say, blocks of 100 laptops at a time with the expectation they’ll be accessible and able to start backing up immediately, you’re going to end up with an exceptionally high failure rate. Even back in the days when most end-user compute was in the form of desktops, the customers I had that followed this approach usually considered a 60% failure rate to be acceptable. The immediacy of “start = start now” in server-based backup scheduling doesn’t work for laptop/desktop backups.

And then there’s the bandwidth problem: all those mediocre WiFi signals and cheap 100Mbit hubs will stymie a “full once a week” schedule. A “start = start now” process is just the beginning of a high failure rate — wait until you try to send 20GB over the WAN tethered to a $49 WiFi router in the garage when your end-user is working from their balcony at home.

Centralised control, minimised data transfer, work-order based system that allows activities to be started without immediate action. That might just be a job for super backup in a box that’s really quite bodacious:

DD4400
DD4400

If you’ve suddenly got a large part of your team working from home, now might be the perfect time to consider something like an IDPA-based backup solution for laptop/desktop. Being a full appliance, you can spin it up quickly and leave your current infrastructure backup system untouched. 

Operating in laptop/desktop mode, the backup services in an IDPA generate work orders: when it’s time to run a backup, a job-ticket is created for the client, and the client periodically checks in (e.g., when it’s powered on and connected to the VPN). Once the client finds the ticket, it does the backup job. So you don’t have a morass of failures from backup jobs starting when clients aren’t connected. And yes, you can backup over the VPN because there’s so little data transferred. If you thought a 40:1, 50:1 or 60:1 deduplication ratio was impressive, wait until you start doing desktop/laptop backups and hit 80:1, 100:1 or higher, which is entirely possible with pre-imaged end-user compute systems.

Stay Safe

That’s it for Meme Monday. This is an odd year to be sure, and perhaps never more so than now we’re asking are you well? Our interactions have switched from physical to digital, and businesses that have long said there’s no way work-from-home will work are discovering that things have changed.

What hasn’t changed of course is that we still need to protect data. Regardless of where it is.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.