{"id":9441,"date":"2020-04-13T10:22:10","date_gmt":"2020-04-13T00:22:10","guid":{"rendered":"https:\/\/nsrd.info\/blog\/?p=9441"},"modified":"2020-04-13T10:22:13","modified_gmt":"2020-04-13T00:22:13","slug":"meme-monday-4","status":"publish","type":"post","link":"https:\/\/nsrd.info\/blog\/2020\/04\/13\/meme-monday-4\/","title":{"rendered":"Meme Monday"},"content":{"rendered":"\n<p>It&#8217;s that time again to explore data protection myths and details through the power of the meme! Since it seems fitting at the moment, I&#8217;m going to spend a bit of time looking at data protection as it applies to remote work.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">OneDrive and Backup<\/h2>\n\n\n\n<p>First up we&#8217;ll start with an animated gif, which sums up pretty perfectly my reaction when someone says, &#8220;we&#8217;ll use OneDrive for desktop\/laptop backup&#8221;:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/04\/homer-onedrive.gif\" alt=\"\" class=\"wp-image-9442\" width=\"480\" height=\"365\"\/><figcaption>You don&#8217;t <em>really<\/em> think OneDrive is backup do you?<\/figcaption><\/figure>\n\n\n\n<p>The premise is simple: users can copy their documents to OneDrive when they want a &#8220;backup&#8221;. Honestly, when I hear this, I don&#8217;t just want to scream, I want to scream in <em>rage<\/em>. This is the laziest sort of IT thinking you can possibly get and it&#8217;s wrong in so many ways. Let&#8217;s list the top three:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>It&#8217;s <em>replication<\/em>, not <em>backup<\/em>.<\/li><li>Any backup built around user initiation is <em>doomed to fail<\/em>.<\/li><li>It&#8217;s <em>replication<\/em>, not <em>backup<\/em>.<\/li><\/ul>\n\n\n\n<p>Yes, I repeated a point! That&#8217;s how important it is. And you should be prepared to scream it until your lungs hurt at any IT team that tells you that you can &#8220;backup to OneDrive.&#8221;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Users can&#8217;t store important data locally<\/h2>\n\n\n\n<p>There&#8217;s a delightful innocent naivety in this trope.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"528\" src=\"https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/04\/users-cant-store-local-files.jpg\" alt=\"\" class=\"wp-image-9444\" srcset=\"https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/04\/users-cant-store-local-files.jpg 700w, https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/04\/users-cant-store-local-files-300x226.jpg 300w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><figcaption>Can&#8217;t store important data locally<\/figcaption><\/figure>\n\n\n\n<p>There&#8217;s a funny constant about users: they&#8217;ll do things you think they can&#8217;t. It starts by thinking of the most basic things \u2013 data validation. Sometimes it seems that half of UI testing is deliberately putting weird data into input fields to see how a program reacts to it. &#8220;Enter a number between 1 and 100&#8221; works well until someone puts in &#8220;-0.ninety \u03c0&#8221; and suddenly your nuclear control station catches on fire, right?<\/p>\n\n\n\n<p>So whenever I&#8217;m told by someone that they don&#8217;t need to backup laptop\/desktop computers because users can&#8217;t store important data on their local systems, I&#8217;m reminded of &#8220;oh my sweet summer child.&#8221;<\/p>\n\n\n\t<div class=\"wp-block-jetpack-gif aligncenter\">\n\t\t<figure>\n\t\t\t\t\t\t\t<div class=\"wp-block-jetpack-gif-wrapper\" style=\"padding-top:56%\">\n\t\t\t\t\t<iframe src=\"https:\/\/giphy.com\/embed\/A3V0H9zDV0uLS\" title=\"summer child\"><\/iframe>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t<figcaption class=\"wp-block-jetpack-gif-caption gallery-caption\">Users find a way.<\/figcaption>\n\t\t\t\t\t<\/figure>\n\t<\/div>\n\t\n\n\n<p>Users find a way. Jeff Goldblum in Jurassic Park might have made the line &#8220;Life, uh, finds a way&#8221;, but any data protection expert will say, &#8220;Users, uh, find a way.&#8221;<\/p>\n\n\n\n<p>Here&#8217;s my rule of thumb: at least 10% and up to 30% of your essential unstructured data reside on user laptops and desktops scattered about your organisation. Note I&#8217;m not saying of<em> <\/em>your<em> data<\/em>, but<em> <\/em>your<em> essential <\/em>data. That data\u00a0<em>might<\/em>\u00a0(eventually) be copied to OneDrive or a central file share, but while it&#8217;s being &#8220;worked on&#8221;, it&#8217;s sitting on your end-user systems. And it&#8217;s always for the same reason: <em>the network isn&#8217;t fast enough to be the computer<\/em>. It&#8217;s all cool that you&#8217;ve got 10Gbit, 25Gbit or 100Gbit networking backbones in your datacentres, but your users are connecting over variable WiFi or those cheap-as-chips 100Mbit hubs to the data. The first time a document freezes for 20 seconds during a save operation, your user will copy it across to his\/her desktop to work on it.<\/p>\n\n\n\n<p>(Those freezes and glitches are going to happen more regularly during a work-from-home situation, so it&#8217;s important to start thinking of solutions.)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Desktop\/laptop backup is too hard<\/h2>\n\n\n\n<p>Look, it&#8217;s easy to think that desktop\/laptop backup is too hard, particularly if you come at it thinking you can do it with the <em>same<\/em> install that&#8217;s protecting your core infrastructure.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"522\" src=\"https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/04\/desktop-laptop-backup-does-not-compute.jpg\" alt=\"\" class=\"wp-image-9445\" srcset=\"https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/04\/desktop-laptop-backup-does-not-compute.jpg 800w, https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/04\/desktop-laptop-backup-does-not-compute-300x196.jpg 300w, https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/04\/desktop-laptop-backup-does-not-compute-768x501.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption>Despite the mythos, desktop\/laptop backup <em>does<\/em> compute<\/figcaption><\/figure>\n\n\n\n<p>Note that I&#8217;m saying you shouldn&#8217;t do desktop\/laptop backup with the same <em>install<\/em>, not the same product. Think of your standard systems infrastructure, regardless of whether it&#8217;s traditional, or hybrid\/private cloud: you design on the expectation that a very high percentage of clients are powered on and responsive 100% of the time.<\/p>\n\n\n\n<p>On the other hand, your end-user computing environment is a collection of systems that are randomly shut-down and rebooted regularly, that might get kicked off VPNs, and (particularly with laptops) switch between wired and wireless networks a dozen times a day as users move around. Yet, you know that users in control of their own backup will be a protection nightmare \u2013\u00a0both in terms of providing any measurable guarantee that backups will be done and from a security perspective.<\/p>\n\n\n\n<p>If you start firing off backups of say, blocks of 100 laptops at a time with the expectation they&#8217;ll be accessible and able to start backing up immediately, you&#8217;re going to end up with an exceptionally high failure rate. Even back in the days when most end-user compute was in the form of desktops, the customers I had that followed this approach usually considered a 60% failure rate to be acceptable. The immediacy of &#8220;start = start now&#8221; in server-based backup scheduling doesn&#8217;t work for laptop\/desktop backups.<\/p>\n\n\n\n<p>And then there&#8217;s the bandwidth problem: all those mediocre WiFi signals and cheap 100Mbit hubs will stymie a &#8220;full once a week&#8221; schedule. A &#8220;start = start now&#8221; process is just the beginning of a high failure rate \u2014 wait until you try to send 20GB over the WAN tethered to a $49 WiFi router in the garage when your end-user is working from their balcony at home.<\/p>\n\n\n\n<p>Centralised control, minimised data transfer, work-order based system that allows activities to be started without immediate action. That might just be a job for <strong><a href=\"https:\/\/nsrd.info\/blog\/2018\/07\/20\/super-backup-in-a-box-thats-really-quite-bodacious\/\" target=\"_blank\" aria-label=\"super backup in a box that's really quite bodacious (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"aioseop-link\">super backup in a box that&#8217;s really quite bodacious<\/a><\/strong>:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"900\" height=\"575\" src=\"https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2018\/07\/DD4400.jpg\" alt=\"DD4400\" class=\"wp-image-6949\" srcset=\"https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2018\/07\/DD4400.jpg 900w, https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2018\/07\/DD4400-300x192.jpg 300w, https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2018\/07\/DD4400-768x491.jpg 768w, https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2018\/07\/DD4400-313x200.jpg 313w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><figcaption>DD4400<\/figcaption><\/figure>\n\n\n\n<p>If you&#8217;ve suddenly got a large part of your team working from home, now might be the perfect time to consider something like an IDPA-based backup solution for laptop\/desktop. Being a full appliance, you can spin it up quickly and leave your current infrastructure backup system untouched.\u00a0<\/p>\n\n\n\n<p><span style=\"font-size: inherit;\">Operating in laptop\/desktop mode, the backup services in an IDPA generate\u00a0<\/span><em style=\"font-size: inherit;\">work orders<\/em><span style=\"font-size: inherit;\">: when it&#8217;s time to run a backup, a job-ticket is created for the client, and the client periodically checks in (e.g., when it&#8217;s powered on and connected to the VPN). Once the client finds the ticket, it does the backup job. So you don&#8217;t have a morass of failures from backup jobs starting when clients aren&#8217;t connected. And yes, you can <\/span><em style=\"font-size: inherit;\">backup over the VPN<\/em><span style=\"font-size: inherit;\"> because there&#8217;s so little data transferred. If you thought a 40:1, 50:1 or 60:1 deduplication ratio was impressive, wait until you start doing desktop\/laptop backups and hit 80:1, 100:1 or higher, which is entirely possible with pre-imaged end-user compute systems.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Stay Safe<\/h2>\n\n\n\n<p>That&#8217;s it for Meme Monday. This is an odd year to be sure, and perhaps never more so than now we&#8217;re asking <em>are you well?<\/em> Our interactions have switched from physical to digital, and businesses that have long said there&#8217;s no way work-from-home will work are discovering that things have changed.<\/p>\n\n\n\n<p>What hasn&#8217;t changed of course is that we still need to protect data. Regardless of where it is.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It&#8217;s that time again to explore data protection myths and details through the power of the meme! Since it seems&hellip;<\/p>\n","protected":false},"author":1,"featured_media":6949,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[3,1133],"tags":[1564,1538,1565],"class_list":["post-9441","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-architecture","category-best-practice","tag-desktop-laptop","tag-meme","tag-work-from-home"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2018\/07\/DD4400.jpg","jetpack_shortlink":"https:\/\/wp.me\/pKpIN-2sh","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/posts\/9441","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/comments?post=9441"}],"version-history":[{"count":4,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/posts\/9441\/revisions"}],"predecessor-version":[{"id":9448,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/posts\/9441\/revisions\/9448"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/media\/6949"}],"wp:attachment":[{"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/media?parent=9441"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/categories?post=9441"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/tags?post=9441"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}