Posts Tagged 'Backups'

September 3, 2014

The Cloud Doesn’t Bite, Part I

Why it's OK to be a server hugger—a cloud server hugger.

By now, you probably understand the cloud enough to know what it is and does. Maybe it's something you've even considered for your own business. But you're still not sold. You still have nagging concerns. You still have questions that you wish you could ask, but you're pretty sure no cloud company would dignify those questions with an honest, legitimate response.

Well we’re a cloud company, and we’ll answer those questions.

Inspired by a highly illuminating (!) thread on Slashdot about the video embedded below, we've noticed that some of you aren't ready to get your head caught up in the cloud just yet. And that's cool. But let's see if maybe we can put a few of those fears to rest right now.

"I'm worried about cloud services going down or disappearing, and there’s nothing anyone can do about it."

Let's just get one thing straight here: we're human, and the devices and infrastructures and networks we create are fallible. They're intelligent and groundbreaking and mind-boggling, but they are—like us—susceptible to bad things and prone to error at any given time.

But it's not the end of the world if or when it happens. Your cloud service provider has solutions. And so do you.

First, be smart about who you choose to work with. The larger, more reputable a company you select, the less likely you are to experience outages or outright disappearances. It's the nature of the beast—the big guys aren't going out of business any time soon. And if the worst should happen, they're not going down without a fight for your precious data.

Most outages end up being mere temporary blips that generally don’t last long. It'd take a major disaster (think hurricane or zombie apocalypse) to take any cloud-based platform out for more than a few hours. Which, of course, sounds like a long time, but we're talking worst case scenario here. And in the event of a zombie apocalypse, you probably have bigger fish to fry anyway.

But the buck doesn't stop there. Moving data to the cloud doesn't mean you get to kick up your heels, and set cruise control. (You don't really want that anyway, and you know it.) Be proactive. Know your service-level agreements, and make sure your system structures are built in a way that you're not losing out when it comes to outages and downtime. Know your provider's plan for redundancy. Know what monitoring systems are in place. Identify which applications and data are critical and should be treated differently in the event of a worst case scenario. Have a plan in the event of doomsday. You wouldn't go head first into sharknado season without a strategy for what to do if disaster hits, right? Why would the (unlikely) downfall of your data be any different?

Remember when we backed things up to external hard drives; before we'd ever heard of that network in the sky (a quaint concept, we know)? Well, we think it would behoove you to have a backup of what's essential to you and your business.

In fact, being realistic about technology these days is paramount. We can't prevent failure because we know better. According to Microsoft's chief reliability strategist, David Bills, "It's about designing resilient services in which inevitable failures have a minimal effect on service availability and functionality."

In any event, don't panic. You think you're freaking out about the cloud going down? Chances are, your provider is one step ahead of you already.

"Most of the time you don't find out about the cloud host's deficiencies until far too late." "One cloud company I had a personal Linux server with got hit with a DOS attack, and their response was to ignore their customer service email and phone for almost a week while trying to clean it up.”

Uh. Call us crazy, but we're guessing that company's no longer around—just a hunch.

We cloud infrastructure providers don't exactly pride ourselves on hoarding your data and then being completely inaccessible to you. Do your research on potential providers. Find out how easy it is (or difficult as the case may be) to get a hold of your customer service team. Make sure your potential provider's customer support meets your business needs. Make sure there's extra expertise available to you if you need personal attention or a little TLC. Make sure those response times are to your liking. Make sure those methods of contact are diverse enough and align with the way you do work.

We know you don't want to need us, but when you do need us, we are here for you.

"Of course, you have to either provide backup yourself, or routinely hard-verify the cloud provider's backup scheme. And you'd better have a backup-backup offsite recovery contract for when the cloud provider announces it can't really recover (e.g. Hurricane Sandy). And a super-backup-backup plan in case the cloud provider disappears with no forwarding address or has all its servers confiscated by DHS."

Hey, you don't have to have any of these things if your data's not that important to you. But if you'd have backups of your local servers, why wouldn't you have backups of anything you put in the cloud?

We thought so.

Nota bene: Sounds like you might want to take up some of this beef with Hurricane Sandy.

Stay tuned for part two where we tackle accountability, security, and buying ourselves new yachts.

- Fayza

August 14, 2013

Setting Up Your New Server

As a technical support specialist at SoftLayer, I work with new customers regularly, and after fielding a lot of the same kinds of questions about setting up a new server, I thought I'd put together a quick guide that could be a resource for other new customers who are interested in implementing a few best practices when it comes to setting up and securing a new server. This documentation is based on my personal server setup experience and on the experience I've had helping customers with their new servers, so it shouldn't be considered an exhaustive, authoritative guide ... just a helpful and informative one.

Protect Your Data

First and foremost, configure backups for your server. The server is worthless without your data. Data is your business. An old adage says, "It's better to have and not need, than to need and not have." Imagine what would happen to your business if you lost just some of your data. There's no excuse for neglecting backup when configuring your new server. SoftLayer does not backup your server, but SoftLayer offers several options for data protection and backup to fit any of your needs.

Control panels like cPanel and Plesk include backup functionality and can be configured to automatically backup regularly an FTP/NAS account. Configure backups now, before doing anything else. Before migrating or copying your data to the server. This first (nearly empty) backup will be quick. Test the backup by restoring the data. If your server has RAID, it important to remember that RAID is not backup!

For more tips about setting up and checking your backups, check out Risk Management: The Importance of Redundant Backups

Use Strong Passwords

I've seen some very week and vulnerable password on customers' servers. SoftLayer sets a random, complex password on every new server that is provisioned. Don't change it to a weak password using names, birthdays and other trivia that can be found or guessed easily. Remember, a strong password doesn't have to be a complicated one: xkcd: Password Strength

Write down your passwords: "If I write them down and then protect the piece of paper — or whatever it is I wrote them down on — there is nothing wrong with that. That allows us to remember more passwords and better passwords." "We're all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet." Just don't use any of these passwords.
I've gone electronic and use 1Password and discovered just how many passwords I deal with. With such strong, random passwords, you don't have to change your password frequently, but if you have to, you don't have to worry about remembering the new one or updating all of your notes. If passwords are too much of a hassle ...

Or Don't Use Passwords

One of the wonderful things of SSH/SFTP on Linux/FreeBSD is that SSH-keys obviate the problem of passwords. Mac and Linux/FreeBSD have an SSH-client installed by default! There are a lot of great SSH clients available for every medium you'll use to access your server. For Windows, I recommend PuTTY, and for iOS, Panic Prompt.

Firewall

Firewalls block network connections. Configuring a firewall manually can get very complicated, especially when involving protocols like FTP which opens random ports on either the client or the server. A quick way to deal with this is to use the system-config-securitylevel-tui tool. Or better, use a firewall front end such as APF or CSF. These tools also simplify blocking or unblocking IPs.

Firewall Allow Block Unblock
APF apf -a <IP> apf -d <IP> apf -u <IP>
CSF* csf -a <IP> csf -d <IP> csf -dr <IP>

*CSF has a handy search command: csf -g <IP>.

SoftLayer customers should be sure to allow SoftLayer IP ranges through the firewall so we can better support you when you have questions or need help. Beyond blocking and allowing IP addresses, it's also important to lock down the ports on your server. The only open ports on your system should be the ones you want to use. Here's a quick list of some of the most common ports:

cPanel ports

  • 2078 - webDisk
  • 2083 - cPanel control panel
  • 2087 - WHM control panel
  • 2096 - webmail

Other

  • 22 - SSH (secure shell - Linux)
  • 53 - DNS name servers
  • 3389 - RDP (Remote Desktop Protocol - Windows)
  • 8443 - Plesk control panel

Mail Ports

  • 25 - SMTP
  • 110 - POP3
  • 143 - IMAP
  • 465 - SMTPS
  • 993 - IMAPS
  • 995 - POP3S

Web Server Ports

  • 80 - HTTP
  • 443 - HTTPS

DNS

DNS is a naming system for computers and services on the Internet. Domain names like "softlayer.com" and "manage.softlayer.com" are easier to remember than IP address like 66.228.118.53 or even 2607:f0d0:1000:11:1::4 in IPv6. DNS looks up a domain's A record (AAAA record for IPv6), to retrieve its IP address. The opposite of an A record is a PTR record: PTR records resolve an IP address to a domain name.

Hostname
A hostname is the human-readable label you assign of your server to help you differentiate it from your other devices. A hostname should resolve to its server's main IP address, and the IP should resolve back to the hostname via a PTR record. This configuration is extremely important for email ... assuming you don't want all of your emails rejected as spam.

Avoid using "www" at the beginning of a hostname because it may conflict with a website on your server. The hostnames you choose don't have to be dry or boring. I've seen some pretty awesome hostname naming conventions over the years (Simpsons characters, Greek gods, superheros), so if you aren't going to go with a traditional naming convention, you can get creative and have some fun with it. A server's hostname can be changed in the customer portal and in the server's control panel. In cPanel, the hostname can be easily set in "Networking Setup". In Plesk, the hostname is set in "Server Preferences". Without a control panel, you can update the hostname from your operating system (ex. RedHat, Debian)

A Records
If you buy your domain name from SoftLayer, it is automatically added to our nameservers, but if your domain was registered externally, you'll need to go through a few additional steps to ensure your domain resolves correctly on our servers. To include your externally-registered domain on our DNS, you should first point it at our nameservers (ns1.softlayer.com, ns2.softlayer.com). Next, Add a DNS Zone, then add an A record corresponding to the hostname you chose earlier.

PTR Records
Many ISPs configure their servers that receive email to lookup the IP address of the domain in a sender's email address (a reverse DNS check) to see that the domain name matches the email server's host name. You can look up the PTR record for your IP address. In Terminal.app (Mac) or Command Prompt (Windows), type "nslookup" command followed by the IP. If the PTR doesn't match up, you can change the PTR easily.

NSLookup

SSL Certificates

Getting an SSL certificate for your site is optional, but it has many benefits. The certificates will assure your customers that they are looking at your site securely. SSL encrypts passwords and data sent over the network. Any website using SSL Certificates should be assigned its own IP address. For more information, we have a great KnowledgeLayer article about planning ahead for an SSL, and there's plenty of documentation on how to manage SSL certificates in cPanel and Plesk.

Move In!

Now that you've prepared your server and protected your data, you are ready to migrate your content to its new home. Be proactive about monitoring and managing your server once it's in production. These tips aren't meant to be a one-size-fits-all, "set it and forget it" solution; they're simply important aspects to consider when you get started with a new server. You probably noticed that I alluded to control panels quite a few times in this post, and that's for good reason: If you don't feel comfortable with all of the ins and outs of server administration, control panels are extremely valuable resources that do a lot of the heavy lifting for you.

If you have any questions about setting up your new server or you need any help with your SoftLayer account, remember that we're only a phone call away!

-Lyndell

December 27, 2012

Using SoftLayer Object Storage to Back Up Your Server

Before I came to my senses and moved my personal servers to SoftLayer, I was one of many victims of a SolusVM exploit that resulted in the wide-scale attack of many nodes in my previous host's Chicago data center. While I'm a firm believer in backing up my data, I could not have foreseen the situation I was faced with: Not only was my server in one data center compromised with all of its data deleted, but my backup server in one of the host's other data centers was also attacked ... This left me with old, stale backups on my local computer and not much else. I quickly relocated my data and decided that I should use SoftLayer Object Storage to supplement and improve upon my backup and disaster recovery plans.

With SoftLayer Object Storage Python Client set up and the SoftLayer Object Storage Backup script — slbackup.py — in hand, I had the tools I needed to build a solid backup infrastructure easily. On Linux.org, I contributed an article about how to perform MySQL backups with those resources, so the database piece is handled, but I also need to back up my web files, so I whipped up another quick bash script to run:

#!/bin/bash
 
# The path the backups will be dumped to
DUMP_DIR="/home/backups/"
 
# Path to the web files to be backed up
BACKUP_PATH="/var/www/sites /"
 
# Back up folder name (mmddyyyy)
BACKUP_DIR="`date +%m%d%Y`"
 
# Backup File Name
DUMP_FILE="`date +%m_%d_%Y_%H_%M_%S`_site_files"
 
# SL container name
CONTAINER="site_backups"
 
# Create backup dir if doesn't exist
if [ ! -d $DUMP_DIR$BACKUP_DIR ]; then
        mkdir -p $DUMP_DIR$BACKUP_DIR
fi
 
tar -zcvpf $DUMP_DIR$BACKUP_DIR/$DUMP_FILE.tar.gz $BACKUP_PATH
 
# Make sure the archive exists
if [ -f $DUMP_DIR$BACKUP_DIR/$DUMP_FILE.tar.gz ]; then
        /root/slbackup.py -s $DUMP_DIR$BACKUP_DIR/ -o "$CONTAINER" -r 30
 
        # Remove the backup stored locally
        rm -rf $DUMP_DIR$BACKUP_DIR
 
        # Success
        exit 0
else
        echo "$DUMP_DIR$BACKUP_DIR/$DUMP_FILE.tar.gz does not exist."
        exit 1
fi

It's not the prettiest bash script, but it gets the job done. By tweaking a few variables, you can easily generate backups for any important directory of files and push them to your SoftLayer Object Storage account. If you want to change the retention time of your backups to be longer or shorter, you can change the 30 after the –r in the line below to the number of days you want to keep each backup:

/root/slbackup.py -s $DUMP_DIR$BACKUP_DIR/ -o "$CONTAINER" -r 30

I created a script for each website on my server, and I set a CRON (crontab –e) entry to run each one on Sundays staggered by 5 minutes:

5 1 * * 0  /root/bin/cron/CRON-site1.com_web_files > /dev/null
10 1 * * 0  /root/bin/cron/CRON-site2.com_web_files > /dev/null
15 1 * * 0  /root/bin/cron/CRON-site3.com_web_files > /dev/null 

If you're looking for an easy way to automate and solidify your backups, this little bit of code could make life easier on you. Had I taken the few minutes to put this script together prior to the attack I experienced at my previous host, I wouldn't have lost any of my data. It's easy to get lulled into "backup apathy" when you don't need your backups, but just because nothing *has* happened to your data doesn't mean nothing *can* happen to your data.

Take it from me ... Be over-prepared and save yourself a lot of trouble.

-Ronald

November 21, 2012

Risk Management: The Importance of Redundant Backups

You (should) know the importance of having regular backups of your important data, but to what extent does data need to be backed up to be safe? With a crowbar and shove, thieves broke into my apartment and stole the backups I've used for hundreds of gigabytes of home videos, photo files and archives of past computers. A Dobro RAID enclosure and an external drive used by Apple Time Machine were both stolen, and if I didn't have the originals on my laptop or a redundant offsite backup, I would have lost all of my data. My experience is not uncommon, and it's a perfect example of an often understated principle that everyone should understand: You need redundant backups.

It's pretty simple: You need to back up your data regularly. When you've set up that back up schedule, you should figure out a way to back up your data again. After you've got a couple current backups of your files, you should consider backing up your backups off-site. It seems silly to think of backing up backups, but if anything happens — failed drives, theft, fire, flood, etc. — those backups could be lost forever, and if you've ever lost a significant amount of data due to a hard drive failure or experience like mine, you know that backups are worth their weight in gold.

Admittedly, there is a point of diminishing return when it comes to how much redundancy is needed — it's not worth the time/effort/cost to back up your backups ad infinitum — so here are the best practices I've come up with over the course of my career in the information technology industry:

  • Plan and schedule regular backups to keep your archives current. If your laptop's hard drive dies, having backups from last June probably won't help you as much as backups from last night.
  • Make sure your data exists on three different mediums. It might seem unnecessary, but if you're already being intentional about backing up your information, take it one step further to replicate those backups at least one more time.
  • Something might happen to your easy onsite backups, so it's important to consider off-site backups as well. There are plenty of companies offering secure online backups for home users, and those are generally easy to use (even if they can be a little slow).
  • Check your backups regularly. Having a backup is useless if it's not configured to back up the correct data and running on the correct schedule.
  • RAID is not a backup solution. Yes, RAID can duplicate data across hard drives, but that doesn't mean the data is "backed up" ... If the RAID array fails, all of the hard drives (and all of the data) in the array fail with it.

It's important to note here that "off-site" is a pretty relative term when it comes to backups. Many SoftLayer customers back up a primary drive on their server to a secondary drive on the same server (duplicating the data away from the original drive), and while that's better than nothing, it's also a little risky because it's possible that the server could fail and corrupt both drives. Every backup product SoftLayer offers for customers is off-site relative to the server itself (though it might be in the same facility), so we also make it easy to have your backup in another city or on a different continent.

As I've mentioned already, once you set up your backups, you're not done. You need to check your backups regularly for failures and test them to confirm that you can recover your data quickly in the event of a disaster. Don't just view a file listing. Try extracting files or restore the whole backup archive. If you're able to run a full restore without the pressure of an actual emergency, it'll prove that you're ready for the unexpected ... Like a fire drill for your backups.

Setting up a backup plan doesn't have to be scary or costly. If you don't feel like you could recover quickly after losing your data, spend a little time evaluating ways to make a recovery like that easy. It's crazy, but a big part of "risk management," "disaster recovery" and "business continuity" is simply making sure your data is securely backed up regularly and available to you when you need it.

Plan, prepare, back up.

-Lyndell

March 26, 2012

Planning Your Server Infrastructure = Buying a House

With a little one on the way, I've been spending a good amount of my free time starting to search for a new home for my growing family. While the search continues, I've learned a thing or two about what to look for and what should be done before taking the plunge, and as I've gone through the process, I can't help but notice lot of parallels to what it's like to purchase a new server:

  • It's an Investment

    Just like purchasing a new home, deciding to purchase a server is a huge investment. As you start shopping around, the costs may seem staggering, and while most servers don't cost as much as a small home, your new server will be your business's new home online. When you consider the revenue your site will generate (and the potential cost of not being able to properly support demand), you won't want to skimp on the details. The truth is that like any investment, you can reap great rewards with proper planning and execution.

  • You Have to Know What You Need

    One of the best tips I've incorporated in my home-buying process is the need to differentiate what you want, what you need, and what you can live without. Unless you're royalty, you're likely living on a budget. As cool as it would be to live in a 10-bedroom mansion with an indoor Olympic size pool, there's a lot there that I don't need. That sort of home palace also falls way outside of my personal budget. The same could be said about a business.

    I've heard plenty of stories about companies who slash their IT budgets in order to cut costs, and even the greatest IT departments have to live within their budgets. As you're determining what your next server will be, you need to understand the purpose (and needs) of your workload: Will it be database server? An application server? Will it be an additional web head? Are you using it for mass storage? You need to plan accordingly. I'm sure you'd want a new Xeon E5-2600 server with all of the bells and whistles, but if you don't need that kind of performance, you're likely just going to burn through your budget quicker than you have to. Know your budget, know your needs and purchase your server accordingly.

  • You Should Get to Know the Neighborhood

    I don't intend on purchasing a home in a high-crime area, nor do I plan on moving into a neighborhood with exorbitant HOA dues for services I don't intend to use. Your new server is going to have a "neighborhood" as well when it comes to the network it's connected to, so if you plan on outsourcing your IT infrastructure, you should do the same research.

    You want your critical environments in a safe place, and the easiest way to get them in the right "neighborhood" is to work with a well-established host who's able to accommodate what you're doing. A $20/mo shared hosting account is great for a personal blog site, but it probably wouldn't be a good fit for a busy database server or front-end application servers for an application dependent on advertising for revenue. A mansion worth of furniture doesn't fit very well in a studio apartment.

  • You're Responsible for Maintenance

    Ask any homeowner: Continuous improvements — as well as routine maintenance &mdashl are a requirement. Failure to take care of your property can result in fines and much more costly repairs down the road. Likewise with any server, you have to do your maintenance. Keep your software up to date, practice good security protocols, and continue to monitor for problems. If you don't, you could find yourself at the mercy of malicious activity or worse — catastrophic failure. Which leads me to ...

  • You Need Insurance Against Disaster

    Homeowner's insurance protects you from disaster, and it provides indemnity in the event someone is hurt on your property. Sometimes additional insurance may be required. Many professionals recommend flood insurance to protect from flood damage not covered under a typical homeowner's insurance policy. Ask any systems administrator, and they'll tell you all about server insurance: BACKUPS. ALWAYS BACK UP YOUR DATA!!! The wrong time to figure out that your backups weren't properly maintained is when you need them, more specifically in the event of a hardware failure. It's a fact of life: Hardware can fail. Murphy's Law would suggest it will fail at the worst possible time. Maintain your backups!

I can't claim that this is the guide to buying a server, but seeing the parallels with buying a new home might be a catalyst for you to look at the server-buying process in a different light. You should consider your infrastructure an asset before you simply consider it a cost.

-Matthew

February 28, 2012

14 Questions Every Business Should Ask About Backups

Unfortunately, having "book knowledge" (or in this case "blog knowledge") about backups and applying that knowledge faithfully and regularly are not necessarily one and the same. Regardless of how many times you hear it or read it, if you aren't actively protecting your data, YOU SHOULD BE.

Here are a few questions to help you determine whether your data is endangered:

  1. Is your data backed up?
  2. How often is your data backed up?
  3. How often do you test your backups?
  4. Is your data backed up externally from your server?
  5. Are your backups in another data center?
  6. Are your backups in another city?
  7. Are your backups stored with a different provider?
  8. Do you have local backups?
  9. Are your backups backed up?
  10. How many people in your organization know where your backups are and how to restore them?
  11. What's the greatest amount of data you might lose in the event of a server crash before your next backup?
  12. What is the business impact of that data being lost?
  13. If your server were to crash and the hard drives were unrecoverable, how long would it take you to restore all of your data?
  14. What is the business impact of your data being lost or inaccessible for the length of time you answered in the last question?

We can all agree that the idea of backups and data protection is a great one, but when it comes to investing in that idea, some folks change their tune. While each of the above questions has a "good" answer when it comes to keeping your data safe, your business might not need "good" answers to all of them for your data to be backed up sufficiently. You should understand the value of your data to your business and invest in its protection accordingly.

For example, a million-dollar business running on a single server will probably value its backups more highly than a hobbyist with a blog she contributes to once every year and a half. The million-dollar business needs more "good" answers than the hobbyist, so the business should invest more in the protection of its data than the hobbyist.

If you haven't taken time to quantify the business impact of losing your primary data (questions 11-14), sit down with a pencil and paper and take time to thoughtfully answer those questions for your business. Are any of those answers surprising to you? Do they make you want to reevaluate your approach to backups or your investment in protecting your data?

The funny thing about backups is that you don't need them until you NEED them, and when you NEED them, you'll usually want to kick yourself if you don't have them.

Don't end up kicking yourself.

-@khazard

P.S. SoftLayer has a ton of amazing backup solutions but in the interested of making this post accessible and sharable, I won't go crazy linking to them throughout the post. The latest product release that got me thinking about this topic was the SoftLayer Object Storage launch, and if you're concerned about your answers to any of the above questions, object storage may be an economical way to easily get some more "good" answers.

January 3, 2012

Hosting Resolutions for the New Year

It's a new year, and though only real change between on January 1 is the last digit in the year, that change presents a blank canvas for the year. In the past, I haven't really made New Year's resolutions, but because some old Mayan calendar says this is my last chance, I thought I'd take advantage of it. In reality, being inspired to do anything that promotes positive change is great, so in the spirit of New Year's improvements, I thought I'd take a look at what hosting customers might want to make resolutions to do in 2012.

What in your work/hosting life would you like to change? It's easy to ignore or look past small goals and improvements we can make on a daily basis, so let's take advantage of the "clean slate" 2012 provides us to be intentional about making life easier. A few small changes can mean the difference between a great day in the office or a frantic overnight coffee binge (which we all know is so great for your health). Because these changes are relatively insignificant, you might not recognize anything in particular that needs to change right off the bat. You might want to answer a daunting question like, "What should you do to improve your work flow or reduce work related stress?" Luckily, any large goals like that can be broken down into smaller pieces that are much easier to manage.

Enough with the theoretical ... let's talk practical. In 2012, your hosting-related New Year's resolutions should revolve around innovation, conservation, security and redundancy.

Innovation

When it comes to hosting, a customer's experience and satisfaction is the most important focus of a successful business. There's an old cliche that says, "If you always do what you've always done, you'll always get what you've always gotten," and that's absolutely correct when it comes to building your business in the new year. What can you change or automate to make your business better? Are you intentionally "thinking outside the box?"

Conservation

The idea of "conservation" and "green hosting" has been written off as a marketing gimmick in the world of hosting, but there's something to be said for looking at your utilization from that perspective. We could talk about the environmental impact of hosting, and finding a host that is intentional about finding greener ways to do business, but if you're renting a server, you might feel a little disconnected from that process. When you're looking at your infrastructure in the New Year, determine whether your infrastructure is being used efficiently by your workload. Are there tools you can take advantage of to track your infrastructure's performance? Are you able to make changes quickly if/when you find inefficiencies?

Security

Another huge IT-related resolution you should make would be around security. Keeping your system tight and locked up can get forgotten when you're pushing development changes or optimizing your networking, so the beginning of the year is a great time to address any possible flaws in your security. Try to start with simple changes in your normal security practices ... Make sure your operating systems and software packages are regularly patched. Keep a strict password policy that requires regular password updates. Run system log checks regularly. Reevaluate your system firewall or ACL lists.

All of these safety nets may be set up, but they may not be functioning at their best. Even precautions as simple as locking your client or workstation when not in use can help stop attacks from local risks and prying eyes ... And this practice is very important if you keep system backups on the same workstations that you use. Imagine if someone local to your workstation or client was able to retrieve your backup file and restore it ... Your security measures would effectively be completely nullified.

Redundancy

Speaking of backups, when was your most recent backup? When is your next backup? How long would it take you to restore your site and/or data if your current server(s) were to disappear from the face of the Earth? These questions are easy to shrug off when you don't need to answer them, but by the time you do need to answer them, it's already too late. Create a backup and disaster recovery plan. Today. And automate it so you won't have the ability to forget to execute on it.

Make your objectives clear, and set calendar reminders throughout the year to confirm that you're executing on your goals. If some of these tasks are very daunting or difficult to implement in your current setup, don't get discouraged ... Set small goals and chip away at the bigger objective. Progress over time will speak for itself. Doing nothing won't get you anywhere

Happy New Year!

-Jonathan

December 23, 2011

Back up Your Life: In the Clouds, On the Go

The value of our cloud options here at SoftLayer have never been more noticeable than during the holiday seasons. Such a hectic time of the year can cause a lot of stress ... Stress that can lead to human error on some of your most important projects, data and memories. Such a loss could result in weeks or even years of valuable time and memories gone.

In the past few months, I've gone through two major data-related incidents that I was prepared for, and I can't imagine what I would have done if I didn't have some kind of backups in place. In one instance, my backups were not very current, so I ended up losing two weeks worth of work and data, but every now and then, you hear horror stories of people losing (or having to pay a lot to restore) all of their data. The saddest part about the data loss is that it's so easily preventable these days with prevalent backup storage platforms. For example, SoftLayer's CloudLayer Storage is a reliable, inexpensive place to keep all of your valuable data so you're not up a creek if you corrupt/lose your local versions somehow (like dropping a camera, issuing an incorrect syntax command or simply putting a thumb-drive though the washer).

That last "theoretical" example was in fact was one of the "incidents" I dealt with recently. A very important USB thumb-drive that I keep with me at all times was lost to the evil water machine! Because the security of the data was very important to me, I made sure to keep the drive encrypted in case of loss or theft, but the frequency of my backup schedule was the crack in my otherwise well thought data security and redundancy plan. A thumb drive is probably one of the best examples of items that need an automatic system or ritual to ensure data concurrency. This is a device we carry on us at all times, so it sees many changes in data. If this data is not properly updated in a central (secure and redundant) location, then all of our other efforts to take care of that data are wasted.

My the problem with my "Angel" (the name of the now-washed USB drive) was related to concurrency rather than security, and looking back at my mistake, I see how "The Cloud" would have served as a platform to better improve the way I was protecting my data with both of those point in mind. And that's why my new backups-in-the-cloud practices let me sleep a little more soundly these days.

If you're venturing out to fight the crowds of last-minute holiday shoppers or if you're just enjoying the sights and sounds of the season, be sure your memories and keepsake digital property are part of a well designed SRCD (secure, redundant and concurrent data) structure. Here are a few best practices to keep in mind when setting up your system:

  • Create a frequent back-up schedule
  • Use at least two physically separate devices
  • Follow your back-up schedule strictly
  • Automate everything you can for when you forget to execute on the previous bullet*

*I've used a few different programs (both proprietary and non-proprietary) that allow an automatic back-up to be performed when you plug your "on the go" device into your computer.

I'll keep an eye out for iPhone, Android and Blackberry apps that will allow for automatic transfers to a central location, and I'll put together a fresh blog with some ideas when I find anything interesting and worth your attention.

Have a happy Holidays!

- Jonathan

July 1, 2010

The Invisible Cloud

Our data defines the way we work, the way we relax, the way we play, and the way we live. Few job descriptions can be separated from the data involved. From the nurse who manages patient records to the package deliverer who obtains digital signatures, almost everyone works with data. Likewise, in our personal lives, we store everything from music and movies to photographs and recipes digitally.

Our societally-ingrained reliance on and use of digital data is what makes it so important. And while business data may have an estimable dollar worth, our personal data is often invaluable. A good business lead might be worth thousands of dollars, but a video of a daughter taking her first steps is priceless.

Sadly, such data is being lost every day. It’s been estimated1 that almost 20 billion dollars of business data is lost yearly. It’s hard to imagine how much priceless personal data must also be lost. And even though we in the technical business know to treat hard disk drives as subject to unexpected failure and mobile devices as easily broken, lost, or stolen2, many individuals do nothing to prevent or mitigate the loss of their personal data.

Part of the cause for so much lost data is simply a lack of awareness that the risks are so severe. But at times, even many of those of us who know better have simply succumbed to laziness in our backup habits. Backing up can be a time-consuming and tedious process. And though tools have been created to ease the pain of backups3 by substantially automating the process, they often still involve inconvenience and compromise.

With the advent of devices like the iPhone and iPad, our data usage has become even more mobile, and thereby even more susceptible to damage, loss, and theft.

It’s my opinion, however, that what we need in this age of highly mobile, often valuable data isn’t better backups; it’s a change in our data storage paradigm. The problem with backups isn’t that they can’t or don’t work. In fact, they can work well. The problem with backups is that we must be aware of them. We must use them, if not perform them.

Put a different way, backups are a relic of a “device-based” data paradigm. But with the connectivity and security infrastructures in place, it’s time to move to a “cloud-based” data paradigm. This obviously sounds fuller of buzzwords than meaning, but I believe good definitions of “the cloud” to be more concerned with the way we perceive data and computing than with how it’s implemented.

Regardless of implementation, we should be able to think of our data as being tied not to a physical device or object, but to a username and a password. Webmail was one of the earliest implementations of this paradigm, but it had great disadvantages: a user experience tied to a specific set of web technologies, and even more specifically, a lack of offline access. These have, of course, been alleviated for email itself, but what of everything else?

DropBox is a great step in the right direction, providing device-independent directories. But the best and most complete realization of this new paradigm will be subject-specific. Photos, for example, should be synchronized via the cloud and directly to the album applications we’ll want them in on all our computers and devices. Office documents should be synchronized to online editors as well as desktop and mobile office environments.

The list goes on, but the point remains: data should not only be seamlessly and effortlessly synchronized with the cloud, it should be pushed to exactly the contexts where it’s wanted and needed. The technology is all present and the infrastructure exists4; all that’s left to do is to stop thinking in terms of device-based data storage, and start taking advantage of the cloud in a way that’s invisible to the user, but will make manual synchronization, the need for traditional backups, and data loss itself a thing of the past.

 


1In a study by Dr. David M. Smith
2Or all of the above, if Gizmodo has any interest in your devices
3Such as Apple’s Time Machine application
4Now if only there was a company with reliable, cost-effective cloud-services and a ridiculously powerful and flexible API.

November 11, 2009

Viva Las Vegas!

I just got back in town from Las Vegas, Nevada. That town is filled with stories and you can really love it or hate it, depending on the hour (or if you are like me whether you are arriving into McCarran or departing). I had a great trip this last go around and actually made money on the tables. However, when they say that what happens in Vegas stays in Vegas they are really talking about your money. Never forget that the house always wins. Always. Even if you win money you’ll wind up spending it on stuff out there and perpetuating your own good time. There isn’t anything wrong with this at all. In fact I plan on coming up on the short side of the stick on both the tables and on simply spending cash when I go out that way.

I think the really interesting thing that happens when you go through “the Vegas experience” is the perceived value of a dollar. You can take it for granted that all of a sudden you are transplanted into this fantasy world that is reminiscent of Pleasure Island from the story of Pinocchio and you’ll find that you have anything and everything you could want to do, eat, drink, or experience right at your fingertips. As this begins to progress the value of a dollar plummets quickly. You start overpaying for things at a whim, tipping bigger, making bolder and even just dumber bets. I did this and I can admit that I doubled down on my 11 when the dealer was showing a 10 in blackjack. It was blind luck that I hit it and won every single time. It’s a bold and stupid bet to make, but when you are playing with house money the money doesn’t matter and it’s almost as if you are trying to give it all back. My game of choice is craps because it gives you the best odds and there is a lot of action. It’s good and bad as it can all come and go in a hurry.

I have only been to Las Vegas a handful of times, but each time there is a point where even for a second you can feel invincible – that you can’t lose. Or, that even if you do lose you won’t even care. The flight home is a completely different story. I call it the hangover flight. You may be literally hung over, but no matter what, you will start to deal with all of the actions that happened on your trip and how you will need to handle them. As soon as you touch down in your own home town things slowly start to become “real” again. Your own home can even feel somewhat foreign for a while, but you’ll quickly come to the realization that you had become a completely different person for a short time.

I have come to the conclusion that there is always risk in everything that we do. Exposing yourself to the tables of Las Vegas may carry more financial risk than your morning commute to work, but in both cases there are still risks. There are also risks that we take in setting and running a business. There are countless ways that you could be putting your business at risk without the right plan in place. From an IT perspective alone, you need to consider things like redundancy, failover, security, backups, growth, and even data loss. Knowing what is going to happen next for your business may be as likely as knowing what is going to come up on the next roll of the dice. If you know this for certain you can press your luck and come up big, but if you are not prepared you could lose everything you have on the table. It is better to be prepared.

I think of SoftLayer as the house, and remember as I said before, the house always wins. The good thing about this is that you are betting with the house. Even with this you need to bet on yourself and back up your own bet. If the bulk of your business is in your data then you need to have backups. If you absolutely need to have High Availability, then look into Clusters and Load Balancing. But remember, that you are betting with the house because SoftLayer gives you the capacity to do all of it and do it all at a very affordable price compared to trying to do it yourself and also do it without long term commitments. Long term commitments bring the most uncertainty in making moves that will positively affect your business. Imagine if a casino told you that you “had” to make 12 consecutive bets regardless of how well (or poorly) you were doing?

Coming home from Las Vegas to SoftLayer has been a very good thing and makes me thankful for where I am and what I have. There aren’t the levels of uncertainty here that are automatic with other datacenters or even other business models. SoftLayer is steady and it is very easy to get what you need here while cutting out the risk that you don’t want to deal with. SoftLayer is as much of a “sure thing” as any bet you can make!

Subscribe to backups