Archives for : August2010

Minimizing Downtime Costs Through Virtualization

Human VirtualizationTechnology has changed the pace and space of business.

25 years ago, the average company operated on a 9-5 schedule… and most of their customers resided within in the same area code. Today it’s much more common for companies to operate on a 24/7 schedule, serving customers all over the world.

This new way of working has placed special pressures on IT departments to reduce or eliminate any unnecessary downtime. If business systems go offline during business hours at a mid-sized company, the costs can easily reach into the thousands of dollars per hour.

This means that:

  • Backup windows must be reduced or completely eliminated
  • Regular maintenance must be performed in less time
  • In the event of a disaster, servers must be restored quickly

Because of the way it improves operation efficiency, server virtualization can help reduce the costs associated with both planned and unplanned downtime.

Backing up a single physical box reduces the chances of human error of physical media failure, since you’re dealing with fewer backup devices. This simplified approach also helps to reduced backup windows. (If you’re not already running continuous backups to an off-site location or the cloud)

Since there are fewer physical devices to restore, backup recovery is faster, easier and more efficient. Also, a simplified backup process leaves less opportunity problems to arise during the chaotic moments of an emergency recovery.

Virtualization also simplifies the process of continuous server mirroring for high-availability systems that reduce (or completely eliminate) unexpected downtime.

If your virtual servers suddenly crash, these systems can be quickly reconfigured and deployed with the click of a button… from a remote location. On a physical device, this process would normally involve considerable manual labour. IT support staff would need to show up on-premises to restore the systems.

Virtual servers can also often be moved to another device without disruption to the end-user. This minimizes downtime for planned maintenance of the host system.

If your company can’t afford the high-cost of downtime – whether it’s planned or not – then you should look into switching your servers to a virtualized environment as a means of maximizing uptime and simplifying data protection.

Image Credit: http://www.flickr.com/photos/skepchick/192749622/sizes/m/

15 Most Common Reasons Backup Data Can’t Be Recovered (Or Becomes Lost)

File Not Found - Gone ForeverDespite our best laid plans, details can sometimes slip through the cracks when protecting data. In their effort to maintain reliable backups and fast recovery times, IT departments have to overcome hurdles such as:

  • Limited available time for maintenance
  • Constantly changing infrastructure and new technologies
  • Diminishing IT budgets

And sometimes, when backed up data needs to be recovered, it can’t. And that’s what I want to talk about today.

Here are some of the most common reasons that IT staff can’t recover files from their backups:

  1. No backup copy was available. This can happen if the data loss occurred before the daily tape backup was processed.
  2. The backup copy was corrupted. This can happen if the backup device was damaged or processed incorrectly. It may also happen if the storage device contained some sort of physical defect.
  3. Backups were done incorrectly. This is a common scenario in businesses that host their own SQL databases or Exchange servers, but lack the proper training to back up properly. One day, they load up their backup tapes and find that they’ve only been backing up their flat files… and have never backed up their database.
  4. All backup copies were corrupted. This can happen if invalid data is unknowingly backed up repeatedly over a long period of time.
  5. Loss reported too late. Most corporate backup policies state that deleted files must also be removed from the backups after a specified length of time. If the data loss isn’t reported before this time has elapsed, the data could be gone forever.
  6. Important files, directories or components were excluded from the backups. Many home users will only back up their “My Documents” folder, leaving other files at risk such as their Outlook files and those files saved on the Desktop. Many applications will also save important data to a sub-folder under their “Program Files” directory.
  7. Other systems or hardware were added without updating the backup process.
  8. Files were saved on the end-user’s local drive or portable media instead of the assigned network folder. If you have users who save data locally – as is common with laptops – you must have a plan to protect those as well.
  9. Human error. Everyone messes up once in a while. That’s why you have to automate as much of your backup process as possible, and ensure that your IT staffs are properly trained.
  10. Software bugs. Although software providers do their best to write bug-free software, they’re constantly racing to catch up with the fast-changing operating systems and external applications that they must interact with.
  11. Backup software was not installed or configured properly. Once again, this can be attributed to human error and lack of proper training.
  12. Unable to locate files, or locating files would be too inconvenient. Sometimes, the process of recovering files can simply be too laborious, or it would eat up too much precious IT time. In this event, the company must evaluate the maintenance costs against the cost of the lost data before making a decision.
  13. No backup process in place. As crazy as this might seem, many smaller businesses either have no backups at all, or only back up a few of their machines. For them, every day is Russian roulette.
  14. Forgot the encryption password. Nothing is more painful than backing up properly, then being locked out of your files when you need them the most.
  15. Only one copy of the backups were ever made, and they were destroyed with the servers. This is usually the case in the event of fires or natural disasters.

And there you have it. I’ve just given you plenty of reasons for why you need to test your recovery process on a regular basis. No matter how perfect you think your process is, every tiny change to your IT system increases the odds that something might go wrong later on.

It’s better to invest the time now and iron out the kinks, than to wake up one day and realize that you’ve been forgetting an important step all along.

Image Credit: http://www.flickr.com/photos/rickymontalvo/3237982968

The Difference Between Hosted, SaaS (Software-as-a-Service) and the Cloud

A few readers have asked me about this one, so I thought I’d type up a short clarification along with some real-life examples. But to keep things simple, I’d just like to start by pointing out the differences between hosted applications and SaaS. (We’ll save the cloud for later in the article)

The most obvious biggest difference between “SaaS applications” and “Hosted applications” is that one is a “service” that you use, and the other is a “product” which you own.

When you rent a car, you are paying for the service of that vehicle. This is similar to Software-as-a-Service.

But when you buy a car, you are paying for possession of a product. This is similar to purchasing a software package and having it hosted on a rented server.

There is also some overlap between SaaS applications and hosted applications. You can reasonably say that all SaaS services are hosted, but it would not be accurate to say that all hosted applications are SaaS.

Example 1:

If you wanted to start a blog today, you could visit wordpress.org and download everything you need to start and manage your own blog. You simply upload the application to your web server and run the installation process.

In this instance, you are responsible for maintaining the web site and have the ability to modify the code in any way you wish. Also, you have exclusive control over all of the data in your database. Nobody can ever delete your account or block your access to it.

WordPress is effectively a software product that you own, and is hosted on your web server. This approach is more work, but you also have more control over the application and its hosting environment.

Example 2:

If you don’t have a web server, you can go to wordpress.com and access the SaaS version of WordPress.
In this instance, wordpress.com will host the application for you. However, they retain control over all of the information, and you can’t modify the source code or move it to another server. The software belongs to WordPress, and you are only taking advantage of the service that this software offers.

Although you lose some control over the application and your information, you gain a lot in terms of ease-of-use, convenience and Total Cost of Ownership.

Another Example:

If you wanted to start a message board, you could go one of 2 routes:

  • Hosted: You could spend a lot of time setting up and running an open-source message board system on your web server. This is more work, and makes you a potential target for hackers. However, you get to control all of the information in your database, and you can set your own rules. (http://phpbb.com)
  • SaaS: You could sign up for a SaaS message board system, and let someone else worry about maintenance. Although you lose control over your data and are bound by the rules of the message board host, you can manage your message board much more easily and securely than hosting it yourself. (http://www.proboards.com/)

Of course, that only leaves 2 major questions:

  • What’s the difference between SaaS and Cloud?
  • What’s the difference between Hosted and Cloud?

There are many different takes on this one, but here’s my personal opinion.

First of all, let me just start by saying that any remotely hosted application, service or data would qualify as “Cloud” in my opinion.

Let’s suppose that you run a web server on your laptop, and you code a custom PHP script that pulls raw data from Twitter, RSS feeds, and Google Analytics. Would this be SaaS or Hosted?

Since you wrote the software yourself, and are running it on your own web server, it certainly isn’t SaaS. And since you’re running the web server on your own computer, it certainly isn’t hosted.

But here’s where the controversy starts.

Since the data is being pulled from Google Analyitcs, Twitter and externally hosted RSS feeds, many would argue that this is still SaaS. I’d have to disagree with these people, since the application is simply integrating components of the remote applications without the benefit of direct services from the remote host.

In this instance, I would consider it a Cloud application. The application is pulling components from multiple sources in order to form a completely separate software product.

Let’s also consider a custom-written PHP shopping cart on your web site that allows people to log in using their Facebook logins. This would also be an example of a cloud application. It’s not SaaS since you’re not actually using Facebook. You’re simply asking Facebook to provide a service or a piece of data for your application.

At the same time, I would also consider all previous examples to be cloud products. Both the hosted wordpress.org and the SaaS wordpress.com accounts are hosted remotely and provide access to remotely stored resources.

Still Confused?

Consider the metaphor of a man ordering a meal at a restaurant:

 

Hosted Software

“I brought my own food, but my house is boring. I’ll give you $25 if you let me eat my meal here, with your lively atmosphere and decor.”

Software as a Service

“I like coming to this restaurant here because I can just eat the food without having to buy a kitchen, prepare the food or wash the dishes.”

The Cloud (And here’s where it gets wierd)

“I don’t want to buy the whole meal. I just want the taste of garlic and broccoli in my mouth, and the feeling of a full stomach.”

I know this article has gone on a bit longer than usual. But hopefully, this should help bring a bit of clarity to the debate between Cloud, SaaS and Hosted applications.

The Meanings of “Area Network” Acronyms – The difference between LAN, WAN, SAN, GAN, CAN

Another common question that I’ll get is something along the lines of:

  • What’s the difference between a LAN and a WAN?
  • What’s the difference between a CAN and a GAN?
  • What’s the difference between a LAN and a SAN?
  • What’s the difference between a WAN and a GAN?
  • Etc…

I was a bit hesitant about answering these kinds of questions at first.

For this blog, I wanted to be very careful about approaching the topic of networking. This is a complicated field that actually requires quite a bit of formal study to grasp. My goal in providing networking information is simply to help you communicate more easily with technical staff and outside consultants when making IT decisions.

When it comes to defining specific types of networks, you’re likely to hear different infrastructure topologies described as one of the following:

Local Area Network: This is the simplest and most common type of network. Most LANS exist within a very small geographic area, or even within the same building. The wireless network in your home can be said to be a type of LAN.

I’ve included a drawing below to provide context. Please forgive my horrible MS Paint Skills.

LAN topology

Campus Area Network: This applies to multiple small LANs that are connected across multiple buildings within a small area. It’s common to see CANs used to link up multiple buildings of a large company’s head office, a military base, or even a college campus. (Once again, sorry about the artwork)

CAN Topology

Wide Area Network: A WAN is created when 2 or more LANS are connected together across a large geographic area. On a map, a WAN would look like several stars, linked together. The most famous example of a WAN is – of course – the Internet.

CAN Topology

Global Area Network: A GAN is a single giant private network that covers the entire globe. Only extremely large companies use GANs. If you were to look at a GAN on a world map, it would resemble a single giant spider web. This topology makes it very different than a WAN, and more like an extremely large LAN.

LAN topology

IMPORTANT EXTRA NOTE

Storage Area Network: This one actually DOES NOT belong on this list. I’ve only added it here because many people seem to be confused about the term. Although there are some networking components to a SAN, it should primarily be considered a storage device. Simply put, a SAN is an external storage device that can be used by a server as a primary disk storage. (Much like your C: drive)

There are a number of reasons why you’d want to do this… and I’ll discuss those in a later article. But for now you just need to know that when someone uses the term SAN, they are not talking about networking. They’re talking about STORAGE.

Let’s make this even simpler.

The field of networking is constantly evolving, and new terms come out all the time. But these are the major ones.

Having said that, LAN and WAN are the most commonly used acronyms. They can be usually be substituted for other types of networks without getting into semantics. If you can just remember those two descriptions, you’ll be fine for most discussions.

13 Information Compliance and IT Compliance Blogs To Keep You Safe

They say that being sued is a sure sign that your company is starting to become successful. If your company hasn’t been taken to court yet, it’s only a matter of time. And in order to keep legal costs down while ensuring your chances of success, you need to keep yourself informed on your IT compliance obligations.

Below, I’ve included a few of the best information law blogs that will keep you up-to-date on potential threats and obligations.

  1. hipaacompliancejournal.com – Covering emerging trends and common questions relating to medical information compliance since 2005.
  2. compliancebuilding.com – Doug Cornelius is an expert on legal and ethical issues relating to IT, with a special focus on the real-estate industry.
  3. legaltimes.typepad.com - A law blog focusing on Washington DC. Also offers their own iPhone app.
  4. ediscoverylaw.com – This blog is run by the K&L Gates law firm, and they focus on electronic discovery for courtroom disclosures. The firm is very large, with over 2000 lawyers.
  5. eddblogonline.blogspot.com – A blog run by Jeffery Fehrman and Bob Krantz. They’ve been covering various information compliance issues such as cloud computing, social media, digital forensics and more.
  6. e-discoveryteam.com – Ralph Losey has been involved with Law and Technology since the late 1970s, and has a very strong understanding of ediscovery and its related challenges.
  7. ediscoveryconsulting.blogspot.com – Charles Skamser is CEO of eDiscovery Solutions Group, and is a strong believer in using SaaS to help with information compliance.
  8. hipaablog.com – All about Medical Privacy and HIPAA compliance. Part of the NinerNiner blog network.
  9. www.emrandhipaa.com – An open forum for HIT, EMR, HIPAA and EHR.
  10. blog.privacylawyer.ca – A Canadian blog that focuses on PIPEDA and Canadian information compliance
  11. www.soxfirst.com – All about accounting, ethics, executive pay, and other areas related to SOX compliance.
  12. www.big4guy.com – A business blog about Ernst & Young, KPMG, PriceWaterhouseCoopers and Delloitte.
  13. soxresource.com – A lesser-known site with lots of great information about SOX 404 compliance.

Those are my lucky 13 pics to help keep you out of trouble.