Month: June 2017

The Case for data protection – Tuesday’s ransomware attack

hacker, malware, ransomware
Image courtesy of photouta at

The second reported attack of NSA-esque ransomeware this Tuesday should not surprise any systems administrators or IT staff. These attacks are happening on an increasing basis, and with the release of the “Vault 7” documents as a how-to-for-hackers, they will only increase. Google hacker culture, Vault 7 or script-kiddies. Suffice it to say, that dangers like this are a growing concern that needs to be addressed in your Data Protection plan.

Data Protection Plans

Getting back to the basics of Data Protection, todays’ article will discuss how backups as a part of your DP program, can help with ransomeware attacks. Backups may bring up visions of hurricanes or tornadoes, but it goes well beyond that. Data protection also means, well, protecting your data. From all the threats out there, including accidentally deleted files and not so accidentally deleted files, or even ransomed files.

So, you may be asking, how does data protection actually protect me from ransomeware? To put it simply, ransomeware doesn’t remove your data and your files, like a tornado, hard drive crash, or hurricane. It removes YOUR ACCESS to that data and files.  Time and mathematics instead of wind, rain, and lightening are denying access to your data. The files are still there, but you can’t use them to do what you need to do.


This is the case for backups. We previously discussed the several use cases for snapshots in an article, but in this instance, any backup will do as long as the backups were taken BEFORE the systems became infected with ransomeware.

To this point, you should have a backup SCHEDULE. That means that you don’t just keep the latest copy of your backup, your keep staggered copies of your backups. One of the most famous backup schemes is Grandfather-Father-Son backups. While the scope of your backup schedule is beyond this article, suffice it to say that you should have at least one month of good backups if you have to restore data. With many of the backup appliances on the market these days, this is taken care of for you. And with compression and deduplication technologies the amount of data that can be stored on-site or remotely is truly astounding.

This solution is not perfect, but better than paying someone to release the data that you generated in the first place. Or maybe not – maybe the hackers will sell you an enterprise license? Good Data Protection policies deal with many ways to keep your data YOUR data. This includes making sure you can access it.

In the grand scheme of things, this rash of WannaCry-type ransomeware attacks will continue. While security companies are rapidly working to cut down these attacks, if your data protection isn’t cutting the mustard these attacks will be terrible for your ability to support the other departments of your company. It is time to have a discussion with management about your data protection strategy and how these attacks affect it. Like they say “Life is tough, but it’s tougher if you are stupid.”

Share this:

The SMB IT Guy’s guide to ensuring your success from Hyperconvergence.

Image courtesy of Stuart Miles at

By now, everyone realizes the advantages of server virtualization. Flexibility in the face of rapidly changing technology, reduction in administrative effort on busy IT staff, and cost savings from reducing physical machines is just the beginning. As you may have heard, hyperconverged infrastructure solutions offer all of these advantages, plus the added benefit of simplicity in your environment.

This article is targeted towards small to mid-sized business: 50 to 500 employees supported with 1-5 or so staffers in the IT department. These IT shops don’t rely on specialists, but a few really good “jack-of-all-trades”.  If you are looking for a way to bring this up with the boss, make sure to see the article written for the senior directors or owners in the business here.

So – there are a lot of different hyperconverged vendors out there and a lot of solutions. If you believe the literature and web demos, they will all do everything you need in your environment. How do you know which is the best and what to look out for?

As with everything in life, the answer is – It depends. No one can answer the question of which is best for you, without the intimate knowledge of your environment which probably only you have. What I can do is provide you with some questions that you might want to ask the various solutions providers. These may help you determine which solution works best for your organization, and that management will buy off on.

Here are 5 questions to help you in your inquiry.

What comes in the box?

Well, not literally, but what does this solution entail? How many servers of MINE will this solution cover, and how much extra capacity will I have? Are there any extras that might later cost me money or maintenance fees? Are installation services needed and possibly included in this solution? Is high availability between hardware units included in this quote? The answers to these questions may not make or break the solution for you, but you should know what you are getting for your money. You need to be able to present this effectively to management so no one gets any unpleasant surprises later. Maybe you only need a barebones system right now. That’s fine, but make sure that you know what is included and what everyone’s expectations are.


There are a few main solutions out there and they all handle this differently. Many manufacturers of these solutions OEM hypervisors, so ask how that affects the cost of your unit(s). Is there the possibility of having to purchase additional software licenses in order to expand? Are all of the management consoles and utilities provided under the license of the hyperconverged product? If not, what isn’t included that I may want, and where can I get it? Do I need to deal with the hyperconverged manufacturer, or do I have to drag another vendor into this? How many vendors are involved in this solution and who do I call if I need support? Are there different tiers in the number of licenses? What do my maintenance costs look like 3 and 5 years out? If my server count grows by 20% per year, what additional costs will I encounter? Most solutions providers will be more than happy to work these numbers for you, and your management will love your forward thinking “strategic planning”.

Simplicity and Ease of Use

Hyperconverged infrastructure solutions are all about making things simple, right? Find out. Get to know how this particular solution works. You don’t need to see the actual code, but it might be nice to know conceptually how everything fits together. Does this solution come with any training? Is training required? Is training an extra cost? Are basic functions like setting up virtual machines, virtual disks, and virtual NICs intuitive? What about more advanced tasks? That pesky application that we have that demands VLAN tagging, how does this solution support that? Can I do every task I need to do from the management interface? How easy is this product to use for non-pre-sales-engineers-that-don’t-work-for-the-manufacturer?

Backup, Recovery, and Failover

OK – we are looking at this solution because recovery and business continuity are supposedly made much easier with this. Can I stop dropping by the office after hours and on weekends to do silly little server tasks, like rebooting crashed boxes… for payroll… at the end of the month? How does this solution help me with recovery tasks? How does it handle a crashed server? How does the solution handle network failures, disk failures, or whole server failures? Can I SEE it demonstrated live? How will this solution affect my existing backup strategy? Will my current backup solution work, or does this solution include something that replaces it? Does it do native snapshots? How many? Will it replicate those snapshots somewhere automagically? How can my existing DR plan be improved with this solution?


Everyone has a constantly changing environment. How does this solution handle growth and changing needs? What does it take to add 20% capacity to this solution? How much does it cost, and how easy is it to do? Will I have to stop production or do it at 3am? Do I need additional chassis to do this, or can I upgrade the units internally? Will this require downtime? What if I want to start moving things to the edge of my infrastructure? How flexible is this product? Do I have the ability to add more memory, CPU, or plain disk to this solution independent of purchasing the next model? What is the roadmap for this product line – Flash disk, software, and NIC speeds?

Hyperconverged infrastructure promises to be an amazing step in the IT virtualization lifecycle. There are different capabilities and features in all of the various solutions. You just need to ask a few questions to figure out which one is right for you. Not just right for you right now, but right for you in 3 to 5 years. Only after you can answer the questions above will you be able to enjoy the REAL benefits of simplicity that hyperconvergence provides.

Share this:

Snapshots – Everyday Uses and Hacks

Storage Snapshot
Image courtesy of ddpavumba at

Creating snapshots in a storage environment is an amazing technology.  The ability to take an instant “picture” of a data volume is a tool that is used in a variety of ways.  It makes your job easier and more manageable.  It can help secure your environment.

Different vendors implement snapshots in various ways, but the general theory remains the same. An almost instantaneous copy of data that may be moved and manipulated by a system administrator.  The theory of this is nice, but how can we USE this functionality.  Can it make their job easier and protect their systems from the everyday issues they see “in the wild”?

With organizations I work with, we see many innovative uses of snapshotting technology.  There are amazing examples of real world IT organizations making their jobs faster, easier, and much less stressful.  In other words, they used “business hacks” to make their snapshots work for them. We will discuss five real world ways to use snapshots that are relevant and guaranteed applicable to your everyday work load.

Snapshots in your DR strategy

The first things that pops into most people’s mind is backups and disaster recovery.  Snapshots produce an exact copy of virtual machines or data volumes that is stored within the storage appliances.  Most vendors allow these snapshots to be replicated or moved to another storage appliance.  This allows you to use an appliance in another location as a disaster recovery site.  Or, it is possible to mount these snapshots as volumes and allow your backup server to incorporate these exact replicas of data into your existing backup or Disaster Recovery plan.

There are several advantages to this approach.  The data in a snapshot is an exact replica in time, so it is easy to manage RPO and RTO.  Also, this approach takes the data backup “offline” of your production servers.  Sure, the network and storage are still involved in transferring this data, but the data transfers happen out-of-band.  This reduces slow systems and lag.  Many vendors now include APIs for cloud storage in their software and storage appliances.  Now, you may back up your snapshots directly to cloud storage.

Update “insurance” snapshots

We’ve all done it.  Installed that patch from our system or software vendor and it breaks the box.  Perhaps breaks is a strong word.  It temporarily overwhelms our system with new features and benefits. While snapshots can’t make the process of ironing out an ornery system update any easier, it can provide you with insurance.

By taking a snapshot before you update a system, you have an exact copy that you know works.  Suppose you cannot straighten out all the goodness that was Big-Name-Accounting-Package 5.0 before Monday 8am rolls around.  Now you have the ability to fail-back to your old system while you continue to straighten out the misbehaving upgrade.  Almost a form of version control for those of you familiar with the software development world.  This nifty trick also works on desktops.  If you are using VDI, make copies of your desktop images and use the same concept.  It may not save you time getting to the next version, but it will certainly save your bacon as far as system up-time and help-desk calls are concerned.

Gold copy snapshots

If you are making snapshots of servers before you upgrade, you are probably already doing this, but we will mention it anyway.  Snapshots are amazing tools for creating new servers, virtual machines, or desktops.

Once you have installed an operating system and all the various patches and utilities that you routinely use – take a snapshot.  Now this new, untouched system as-pure-as-the-driven-snow will be the starting point for all new servers or desktops that you implement.  This is often referred to as the “Gold copy“, a reference to software development and when code is ready to ship out to customers.

This “Gold copy” has standard system configurations already in place, various drive mappings, and config files.  It is all in there.  Sure you may edit some things like network and licensing, but you have a starting place that is pretty solid.  In the future, if you need to make changes then just make changes and save as a new snapshot.  This may not seem like much, but anyone who has built a new system from scratch will tell you that this is a genuine lifesaver.

This concept applies to both virtual machines and stand-alone servers or desktops.  Several customers we work with will use an application to “ghost” images from storage appliances to a new non-virtualized server or desktop.  Mount the snapshot you would like to use as your system image, then transfer it over to your new hardware using the disk image utility of your choice.  Of course, this works best in a virtualized environment, but it is also a valuable tool for the not-yet-virtualized.  By the way, why aren’t you virtualized yet?

Instant data set snapshots

We regularly hear from customers asking how to generate test data for new systems testing.  In several cases, systems administration is tasked with creating data sets that the consultants or systems specialists can use to ensure the systems are working as anticipated.

Instead of this being a problem, use the best test data that there is – an exact copy of your current, live data.  There is no need to create new data sets from your existing data. By creating a snapshot of your current databases, you may test systems with what was once hot and live data.  But, there is no negative impact if this data is corrupted or destroyed.  You can even create multiple copies of this data to use across multiple tests.

Getting around malware with snapshots

Today’s data environment can be a pretty scary place.  Look no further than the headlines to see

Malware, virus, spyware
Image courtesy of Stuart Miles at

stories about malware and ransomware wrecking havoc on organizations.  If the recent exploits of the bad guys is any indication, things are getting much larger in scope.  The WannaCry attack is still fresh in everyone’s minds and is rumored to have effected over 230,000 machines world-wide. It is safe to say that there are external threats to your data that can be remediated with snapshots.

A schedule of snapshots  on your storage appliance is the solution.  Whether this is part of your disaster recovery planning or not, set up a schedule. This concept is similar to the “patch insurance” we discussed above.

By making a number of snapshots over time, we are able to go back to former snapshots and explore these snapshots for malware.   Perhaps we may extract data from our snapshots before the encryption activates.  Of course, data sometimes is lost.  It is up to management to decide to pay faceless hackers for your data or try to recover it via backups and snapshots.

Snapshots have been in the storage technology tool bag for a while.  The technology has matured so that most storage array vendors are offering this functionality.  Over years of working with clients, we have discovered many innovative ways that people are using snapshots.  In this article, I have shared what I have seen, but I am interested in what you are doing with your snapshots.  Feel free to share and let everyone know how they can use snapshots within their storage appliance.


Share this: