DavsDisorder

I just shot off a quick email to a prospect who is about to submit an internal review of the backup tools on the market in view of a possible company wide change...trying to get their attention (so as to deliver some consulting for them :)))) I quickly spun together a quick list of current backup players off the top of my head (the list is pretty big these days compared to the 90s!!), so I thought I would share it with you and welcome additions or comments...note that this was not a thoroughly researched email and we as a company certainly do not sell/integrate all of these (probably not even half)...but the majority of them we have either tested or had exposure to in customer environments.

I may consider making this a more formal listing one day complete with known OEM arrangements and licensing model overview. Get in touch if you'd find such a thing useful.

I assume you have surveyed the major Enterprise solutions ?

• Symantec NetBackup (dedupe from PureDisk or external target device)
  
• EMC Networker (dedupe from either Avamar or Data Domain or other external target device)
• IBM Tivoli (dedupe from built in storage pool dedupe or external target device)
• Commvault Simpana (built in dedupe or external target device)
  

But then there are other players...

The fringe Enterprise players?

• CA ArcServe (built in dedupe or from Commvault Simpana (built in dedupe or external target device)
  
• Quest Bakbone (dedupe from external target device or their VTL software)
• Syncsort BackupExpress (dedupe external target device)
  
• Arkeia Network Backup (built in dedupe and from external target device)
  

The SMB Specialists (some which can play in some Enterprise spaces) ?

• Symantec BackupExec (dedupe from PureDisk or external target device)
  
• HP Data Protector (your incumbent I think you said ...?)
• Novastor NovaBackup (dedupe from external target device)
• Amanda Backup (dedupe from external target device)
• Yosemite (now Barracuda - built in dedupe or external target device)
  
  

The service provider/cloud delivered/charge-back-able players ?

• Asigra
• Seagate eVault
• Vembu StoreGrid
  

And then the niche/specialists (usually Windows only or virtual only or imaging only - can be used with other traditional backup tools)

• Veeam
• Acronis
• PHD Virtual
• StorageCraft
• Microsoft DPM
• Druva - Phoenix and Insync (think KPMG already use InSync for Laptop protection)

Ok, I know it's been some time since I posted...at least 5 months!! I have made a commitment that I will begin posting at least once, but hopefully twice a week. As a small consultancy firm with myself heading up both sales and commercial project management, not enough of my time is spend having "conversations" with customers like I used to as a sales guy working for other people's companies. So, I have decided that this blog is a good way for me to tell some stories and give my opinions on topics relevant to what our customers do day-in-day-out...and probably some irrelevant crap too! Although I do not have the 'blogosphere' prestige of some tech bloggers out there (many of whom I read daily and will share with others), I hope to generate a multi-way conversation from topics in this blog...so please sign in and comment/question or berate and insult me anonymously..at least I will know someone is reading!!

ANYWAY...on with what I was actually going to talk about.

Recently, and on two occasions, one or more of my online social media service accounts has been compromised. I am not sure of the method of attack used however I am sure of the intrusion because on both occasions postings and/or comments were published via those social media web services (and syndicated to other web services in one case) that were certainly not penned by yours truly.

The comments were the 'get-rich-quick', 'own your own successful small business for zero effort' type of thing I'm sure you have all seen or heard before. As I indicated in a genuine posting to all contacts via the compromised (and now password changed) accounts, owning a small business is definitely a bag of mixed blessings...and there is nothing "rich" or "quick" about anything!! :)

Although I had thought about the precarious nature of web services password many times in the past, these recent incidents brought the topic into stark contrast for me and I thought I would comment on the topic. 

I have noticed over the years that I re-use the same password (or set of about 3 passwords) for varying web services and applications from things like Gmail through to Amazon accounts and Twitter/LinkedIn. I was aware that this presented a risk to security of my access to these services, particularly when most of them allow email address based login names/usernames or I have chosen fairly standard guessable usernames (e.g tdavoren, timdavoren, tdav, etc). The convenience of not having to remember multiple passwords therefore means that one breach with one particular web application opens me up to multiple breaches across different applications.

Some rogue tweets or postings via Social media are unlikely to be too damaging (for me that is...for larger PR reliant firms they may be), but the possible information leakage from other 'non-social' (i.e personal/private/secure) web applications is worth pondering...banking details, client information, sales prospect information, any kind of intellectual property.

This situation obviously calls for either stronger passwords (and a way to manage/track them...I swap browsers/computers all the time so browser solutions are no good) or for a two-factor authentication access method. I will be opting for the second...and I reckon most businesses considering any 'cloud' or web based platform or application will be doing like wise. The idea of 'something you know and something you have', whilst not entirely unhackable, is a significant improvement on just strong passwords.

Of course, you might think why haven't I done this already...well of course, the cobbler's son has no shoes right?!? We will be looking to use technology that we sell/integrate for a living to solve this issue....EMC RSA SecureID, Symantec Verisign, Microsoft Access Gateway or SafeNet are amongst the primary candidates.

Stay tuned.

Hi Everyone, if you are interested please jump over to here and tell us what you think of our new logo we are thinking or going with as we transition the ENSTOR name and logo away.

Just came across this quote from EMC Asia Pacific President, Steve Leonard;

Leonard said the use of one company to approach market would help to win business over competition, and provide better servicing.

“What we’re trying to do is position Vblock as an architecture, and VCE as a company that can bring that with one support number, one architectural campaign, and we think that if we can do that faster, we think we can win,” he said.

“We want to be the guys who help put the engines in the data centres." (my emphasis)

So, do we Steve, so do we...oh, its in our company name!

With thanks to my client and friend Mr Justin Kurosawa over at Security Circus.

I refer here to a recent article penned by Tony Pearson of IBM discussing a recent catastrophic failure of an EMC Symmetrix within the State of Virginia's IT environment. Aside from some cheap inter-vendor point scoring, Tony mentions as one of the 'lessons' from this event; "Lesson 4: This can serve as a wake-up call to consider Cloud Computing as an alternative option". There is a faint tinge of irony here in that this post of Tony's was written in Australia in early September. At the end of that month the IT community (and the broader travelling public) witnessed how a 'cloud' provider can be just as exposed to downtime as your now unfashionable internal IT team. Virgin Blue's ticketing and reservation systems were brought offline due to an as yet unidentified systems failure within the storage data path. Virgin Blue do not own/operate their own ticketing and reservation system, but source such a service from Navitaire (disclosure: Navitaire are an old client of my firm). It took Virgin Blue (and I assume Navitaire) almost 7 days to return this service to normal operation. I wont call these observations 'lessons', rather just 'comments;

1. I agree with Tony (and probably every other seasoned data storage professional)...storage systems fail, that's why we have backup systems. These systems in turn are definitely only as good as their last successful test...if regularly testing is too much of a burden then you ought to at the very least audit the environment according to some baseline.
2. Whilst the person in question at the State of Virginia may be a little ashen faced currently, I can assure you that the "service delivery manager" (as they were called in the hey day of outsourcing), at Virgin Blue for the reservation and ticketing system will be feeling the same churning in the lower part of the stomach...his contact at Navitaire probably likewise. Just because a cloud provider is 'big' or ' branded' or, (inserted alarm bells), 'multi-tenanted', does not mean for one second that they can do better/cheaper job of helping you meet your SLAs for service uptime and/or data recovery.

I advise strong governance of how storage systems are used in medium - large organisations, as well as a strict focus on 'recoverability' in governance of backup systems.

In the former instance remember that 'speeds and feeds' as Tony puts it indicate in my experience the 'bleeding edge' of what a product can reliably do...divide by 2 and set that as your peak load. The more complex the data storage layout on a disk array (fragmented RAID  groups, meta-LUNs, concatenated LUNs, etc, etc), the longer your restore/rebuild will be. Remember that in the never ending race toward better storage performance, there is a necessary compromise around recoverability.

In the latter instance, just 'think' in terms of recovery, not 'did it get backed up'...build backup systems that focus on the process of data restoration (we talk only of data availability here, compute availability is a whole different story). It is far better to have a backup run for 8-10 hours, complete, validate and be easily restorable than a backup that runs in half that time but require multi-step, error prone recovery procedures.

This article probably somes up my disposition towards the issues raised by this election process (note I say issues raised by the process, not issues rasied in the election contention itself), better than anything I have read recently:

Worth subscribing to;

http://www.crikey.com.au/2010/08/02/this-is-all-your-fault/

A friend (Carl, thank you), just sent me this...a little reminder of how far data storage technology has come in 50 years.



In September 1956 IBM launched the 305 RAMAC, the  first 'SUPER' computer with a hard disk drive (HDD). The HDD weighed over a ton and stored a 'whopping' 5 MB of data. Not even big to hold a digitised MP3 of John Coltrane's 'Blue Train' recorded the following year.

I thought I would post the text of a comment I made on Scott Lowe's (now of EMC) blog, regarding NetApp's future (like most posts of mine, its half baked and badly worded...thus Dav's Disorder)...

Guys, just a quick thought on these observations…if Scott’s take on NetApp is correct then surely the same applies to HDS? They are apparently releasing a server line themselves (great another fly for the ointment), but in essence they are the storage person’s storage company right? They will even rebuild microcode for customer’s if you have a particularly pressing requirement? I think enterprise storage requirements are breaking out into those demanded by true commercial enterprises (with governance and high uptime needs) and enterprise, as-in-as masses of storage and huge data rates, enterprises (scientific, research, university, aerospace, engineering, Tv and other media). Storage vendor’s cost models vs feature sets will determine their value in either market.

Whilst doing some research around options for moving our internal mail and file serving/collaboration requirements into a 'cloud' provider, I came across the details of the Telstra T-Suite offering, part of which is the Microsoft BPOS suite. As we are thinking of consolidating telecoms with Telstra also, I thought I'd test how their "implementation" (assuming they are actually hosting it in Australia somewhere) of the suite responded (browser refreshes etc). As a Microsoft partner we can use their BPOS but I am guessing it is hosted in an US or other remote DC so I thought I would try Telstra; unfortunately, whilst trying to secure a trial I got the follow screen:

 
Not an encouraging way to greet prospective SaaS buyers!!!