OMG Spammers are out in full force

We have seen a significant increase in spammy comments on this blog.  Some of them are so blatant and irrelevant to data backup and recovery that it is laughable.  From now on, all comments are moderated.  If the comment isn't interesting and somewhat relevant to data backup and recovery, then it will never be seen by anyone except a moderator.  

Feel free to post comments related to IT, data, computers, backup, disaster recovery, hardware, software,  or whatever.   But, make it something worth posting.   Short comments like "nice post" with a link to your website is not going to make it.   Links in your comments are accepted as long as the comment is good and relevant and the link is not a blatant attempt to sell something not related to backup and recovery.

Thanks for reading

Why You Need to Backup RAID Arrays

I never trust a single hard drive with anything.  All of my important business systems use RAID, mirroring, and sometimes even replication to protect against common hard drive failures.  Every hard drive is going to fail.  Even solid state drives are not immune to failure.  In fact, I am not yet convinced that SSDs are any more reliable than traditional spinning hard drives.  None of this keeps me awake at night.  Any hard drive can fail and I don't lose a bit of data.  Even with this protection, I still backup all important data because there are other failure scenarios that RAID, and mirroring, and replication don't help with.

We had a database server with high-end HP RAID system attached.  There were two physical arrays, one for the database, and one for the logs.  Each array was RAID AVG (AKA RAID 6), which allows up to two hard drives to fail simultaneously without losing any data.  In addition the arrays had hot spare drives that are activated if any drive fails.  We were also using the highest quality enterprise SCSI drives.  Sounds like we had it covered, right?

That database server went down when the RAID controller failed.  We had no access to any of the data, even though every drive was still healthy.  We couldn't afford to let the server stay offline for a day while a new controller was shipped in. In fact, no controller was going to arrive for a few days because of a snow storm.  Fortunately, we had the data backed up and it was easily restored to an alternate database server.

The loss of a RAID controller is an obvious problem that can occur and common RAID redundancy is going to be of little help.  There are many other scenarios where a good back is the only solution.  RAID, mirroring and replication definitely reduces the stress associated with a disk failure in a critical system, but it is by no means a substitute for effective and reliable backups..

Carbonite sues Promise after failures result in lost data

Apparently Online Backup provider Carbonite has suffered serious problems with Promise Array technology over the last couple of years. There are dozens of articles on the internet over the last month about Carbonite suing Promise. For example: Carbonite sues Promise Technology for unreliable storage. You can also find information directly on Carbonite's website: Further clarification on our lawsuit against Promise Technologies. And of course Promise has a response on their website:, however, they are trying their best not to draw any more additional attention to this case and don't even mention Carbonite.

While Carbonite is squarely placing the blame on Promise and at the same time trying to minimize the issue by saying that few customers were impacted, the publicity from this lawsuit may be damaging to both companies. I can clearly see how Carbonite and their customers have suffered pain. And I can also understand why Carbonite wants to hold Promise accountable for their flaws. I have no doubt that Promise Storage systems have serious flaws and reliability problems. However, Carbonite seems to have exposed some flaws of their own.

I have already seen several postings by IT Professionals, one on Carbonite's own blog, pointing out that Carbonite should share some of the responsibility for not implementing a better storage architecture. I don't think these comments relieve Promise for once ounce of their problems, but Carbonite could have done more to avoid them. I am not familiar with Carbonite's process and standards for selecting suppliers, but there may be issues with how the decision to select Promise was made. It's hard to make a case in this area because Promise does seem to have the redundancy, and hotswap replaceable components that you would expect from a high availablity enterprise class solution. I can easily say that regardless of how that decision was made, placing the Promise hardware into a critical area that could result in loss of critical customer data was a major mistake. I am sure Carbonite would agree with that statement now. They obviously had not gained enough experience with these Promise arrays to place them in such systems. But what's more troubling is the fact that they would allow any customer data to reside in a single place dependent on any single piece of technology, regardless of who made it, or how reliable they thought it was.

Those of us who have been in the storage and system management business for many years know that even the best technology can fail. I have decades of experience with enterprise systems and I know that most competent IT organizations have protections in place to prevent a total loss of data in almost any situation. It is ironic that Online Backup is one of the best ways to protect your data against virtually any disaster or event in your own environment.

I am very familiar with the operation of Rhinoback Professional Online Data Backup. I know that they replicate all data to mulitple independent systems just in case of such a failure as what was experienced at Carbonite. Rhinoback even replicates data to a second data center in the event that the entire data center is destroyed or inaccessible. A couple of years ago they also experienced failures with Promise RAID systems, but since they had replicated copies of the data, none of their customers were impacted. This is not just a pitch for Rhinoback, I am sure other online data backup service providers use similar approaches, they are the one I am most familiar with.

Another point I would like to bring to the surface about Carbonite's explanation that the 7500 customers who's data was lost on the Promise equipment that failed. Even though most of them didn't suffer a severe problem because they were able to get another complete backup done before they lost their local data, the fact remains that 7500 customers were exposed with no backup data for a period of time. This is not a good situation for people who think their data is safely stored in professionally managed environment. And even though they were able to backup their data again before they had a disaster, depending on the amount of data they had, it may have taken days or weeks and tons of bandwidth to achieve fully backed up data once again.

In Carbonite's defense; their business model seems to be based on providing the lowest possible cost of service to the largest possible customer base. This is great for the type of customer who considers price to be the most important factor, and there are millions of people who want this type of solution. Carbonite and apparently Mozy too, have done a wonderful job of making online backup available for a very small price to anyone who wants it. They must control costs or this model will eventually fail and then those of you who want to backup your data online for a very small price will not have a solution. I don't know that any of us should have the expectation that they will use the most expensive equipment and keep multiple copies of your data in multiple locations, and defend against every conceivable problem. Maybe we should all be happy that they do what they do. And, by the way I think they provide a valuable service and do a fine job of it.

If you prefer an online data backup service provider that is focused on business and professional users who need more high-availability and redundancy, then take a look at Rhinoback Professional Online Data Backup, or one of the many other fine online data backup services business and office use, but don't expect the prices to be as low as Carbonite or Mozy.

Xdrive to Shutdown by End of Year

According to an article recently published in The New Your Times, AOL has decided to shut down the Xdrive online backup and file sharing service. According to an internal memo, AOL Executive Vice President Kevin Conroy said Xdrive and several other services will be "sunset" because they haven't gained enough popularity. AOL will try to sell Xdrive so that customers will be able to transition to another service, but if no buyer comes forward, then the service will be terminated at the end of the year.

Xdrive is a an online backup service targeted at consumers and home users. Apparently AOL found that selling dirt-cheap, and free online backup services wasn't profitable and they couldn't effectively leverage those Xdrive customers for advertising revenue. It makes you wonder about other online backup services such as Mozy and Carbonite. EMC has already made moves towards getting more revenue from their Mozy products by raising the prices for business users.

Providing services for free or dirt-cheap may be a great way to build up a customer base, but eventually the model has to be leveraged for profit in some way. I am sure that some of these online backup service providers have hopes of acquiring so many millions of customers that they can make a profit through economies of scale. The profit may come through advertising revenue, cross-selling other services to customer, or even selling the entire operation to someone willing to pay big-bucks for a customer base.

Watch out for the providers who offer unlimited backup for a low price. Regardless of what they say, those providers have some visions of leveraging their customers in some way, or selling off the business once they reach a certain size. When they do sell, the buyer will also have a plan to get those customers to pay. When AOL acquired Xdrive three years ago, you can bet that they thought they would be able to make healthy profit off of that customer base. And now that they can't, the're dumping it.

If you are more than just a casual computer user, you probably store important information and records on your computer. You want your backup data and archives to be around for the long term. The free and cheap services with unsustainable business models are likely to change, or change-hands, or go away. It's not easy to find a good online backup provider that you can depend on, but it is easy to spot the ones that you can't count on. If the deal seems too good to be true, then it probably is. You're probably better off choosing a service that charges a reasonable fee for defined amount of space. Anything free, dirt-cheap or unlimited should be a red-flag. And you can't just trust the big-names either, AOL, like other large companies has no problem trimming a line of business that is not producing enough profit. I think the best bet is to choose a company that has a primary focus on online data backup and charges a reasonable price for their service.

Encrypting Backup Data is Not Just for Online Backup

I have noticed that when data encryption is mentioned about backup data, it is almost always in the context of online backup. It is quite obvious that backup data needs to be encrypted when it is transmitted over a network. But it doesn't seem to be so obvious that a tape with the same backup data needs to be encrypted when it is stored offsite. I am quite sure that the backup tape is the bigger risk. There have been many more security breaches involving lost and mishandled backup tapes than breaches involving online backup.

Every online backup service that I am aware of encrypts backup data during transmission and most of them store the data in encrypted form. Some backup services are more secure than others, and few online backup services do an excellent job of securing data.

Most modern tape backup systems also provide encryption technology, but the encryption is not used in the majority of cases. I think there are two reasons for this: 1) some don't think encryption is needed for tapes, and 2) some IT operations just haven't updated their processes yet. As for the first reason; a tape being handed over to courier that makes stops all over town before delivering your tape to a storage location, is at least as vulnerable as data being transmitted over the Internet. For the IT shops that haven't updated their procedures; all it takes is to designate an IT professional as responsible for implementing the encryption that is already part of the backup software. There is a relatively minor upfront cost in terms of someone's time to get the encryption turned on, tested, and procedures documented, but after the initial hit, there is no additional cost.

Even if backup media is not being stored offsite, it should be encrypted. How many times have you heard about a diskette, hard-drive, or tape being lost or stolen that contains sensitive information. Encryption is for every backup job. Don't wait until sensitive data is compromised.

Broadband and Online Backup

The availability of broadband Internet service to the majority of US homes and businesses brings with it the availability of online backup services. The fact that broadband, whether cable or DSL, usually provides much more bandwidth in the downloading direction than uploading actually is ideal for backing up files over the Internet. At first glance one might think that the relatively slow upload speeds would cause backups to be too slow. The slower upload speed mostly affects the initial backup rather than periodic backups after the initial backup. Good online backup services do a nice job of minimizing the amount of data that needs to be transmitted to the backup service through compression and only backing up changes.

While your initial backup may take a while, it is usually not performed under an 'urgent' situation. When data is lost the situation tends to become more urgent, and fortunately the high broadband download speeds are available to restore data. Read more at Data Backup and Recovery.

Is Online Backup Risky?

Ever search the Internet for information on a particular topic and find a lot of worthless noise? Happens to me all the time. The bigger problem is when people with little or no knowledge of a subject pipe up and post in online forums as if they are experts. Sometimes they have just enough knowledge (or BS) to sound like they know something. Unsuspecting searchers find this garbage and think it is correct. In most cases the dumb-@$$ poster actually thinks he is smart and everyone should know what he knows.

I was researching data backup methods when I ran across a posting where someone was thinking about using an online backup service. One of these dumb-@$$ posters who thinks they know what's best posted a reply, something the effect that online backup is risky and not secure. I bet that dumb-@$$ poster hardly ever back's up his own data, and when he does, he probably does not encrypt the data and probably stores it in the same room with his computer.

The fact is online backup is usually safer than other forms of backup for a number of reasons. It is actually more secure than other media because it is almost always encrypted and furthermore it is always off site where it is safely out of reach of any disaster that would destroy your computer and your backup media that is stored in the same location. So don't believe the mis-informed, un-informed, or otherwise dumb-@$$ 's; online backup is probably your best choice and is far less risky than most other methods. Just do your homework and choose a good provider. You can find a lot of good information about online backup at the Data Backup and Recovery site.

Relatively offsite

I just heard about a business that was storing their offsite backup data in the basement of their building. I guess offsite is a relative term. The backup tapes were out of the data center which is on the fourth floor. This is definitely better than storing the tapes in the data center, but it falls short of storing the tapes in another building in a different location.

The degree of offsite that you need depends on several factors. In general, further away from the data center offers more protection. But, even that is not always true. Just imagine a data center in a valley near a river. If your offsite backup location is 50 miles away, but in the same valley near the same river, then the same flood may make your data and your backup in accessible. On the other hand if your backup location was just a mile away in a building on higher ground, you may have more protection from that type of disaster. It is best to think about the types of events that you want to protect against. An offsite backup across town in New Orleans is probably not very useful in a Katrina type event. You could have the same kind of problem in places that are susceptible to earthquakes, or blizzards.

Storing data in the same building is not likely to protect your data from a wide range of problems. However, it may be convenient if you need get your offsite data in a hurry. That brings up another interesting factor. If you are shipping your backup data across the country, how long will it take to get your backup data when you need it.

One great suggestion worth looking into is online backup over the internet. Your data can be stored a reasonable distance away to protect against most disasters, but can also be retrieved relatively quickly when needed.

The Dog Ate My Backup, What's Your Excuse?

The teacher wasn't impressed when Johnny said the dog ate his homework, but the rest of the class got a laugh out of it. It was as if Johnny didn't expect anyone to ask for his homework assignment. What is an IT person supposed to say when asked to restore data and can't because of a problem with the backup. Maybe he can say the tape is corrupt, or maybe he can blame someone else. Perhaps he thought the backup was happening but it wasn't. The excuses become obviously lame when he can't even restore data from the day before yesterday, or last week, or last month. You might as well say; "The Dog Ate My Backup" because nobody cares about your excuse. Lost data isn't very funny.

So you are not an IT person... If you have important data on your computer, or if you are responsible for computers in your office or department, then you may just be the IT person or the closest thing to one. The results are the same, data is lost and you can't help. How smart does that make you look?

Avoid the loss of data and the embarrassment. Protect your data with real backups that work. Just little extra effort and you can avoid critical mistakes. Online backup is a safe and simple way to get good reliable backups.

Unencrypted Backup Data Leads to Identity Theft!

The University of Utah Hospitals and Clinics is in the process of warning about 2.2 million patients that their personal information may have been exposed to identity thieves. Backup tapes of billing information was stolen from a car owned by a driver for an off site storage company. Just three months earlier, the University of Miami had backup tapes stolen from a van containing patient records.

If these backup tapes were properly encrypted, then lost or stolen tapes have far less impact. In fact, I think it is incompetent to store sensitive data on any portable media that is not encrypted. Any backup software worth using has the capability to encrypt the backup data. One of the simplest ways to secure backup data is to use a secure online backup service. If you are going to use an online service, you will want to make sure the service is using good security technology.

Many businesses should take data security to whole new level and encrypt the data on workstations and portable computers. It's not just backup tapes that get stolen. Computers, especially portable computers, are often stolen. It is not feasible to stop all thefts of computers, hard disks, and backup media, but it is not very difficult to protect the data by using encryption.

Worst Practices for Data Backup

Here are some of the worst practices in backing up data:

  1. Doing no data backup at all. This seems like a no-brainer but it is a common mistake. In many cases it is an unintentional mistake. Backup jobs are neglected and don't backup all important data.

  2. Failing to keep offsite backup copies of data. This is one of the most common problems. Storing backup copies in the same building as the computers your are backing up does not protect against many disasters.

  3. Failing to monitor your backup jobs effectively. Don't assume that no news is good news. Backup jobs often fail, don't run, or skip files. Check your backup jobs and logs often and correct any problems as soon as possible.

  4. Using manual procedures. Manual procedures are often forgotten, postponed, neglected and just not performed. Use automated procedures to make your data backup reliable.

  5. Not encrypting backup data. Most backups contain some sensitive data. Backup media, including portable disk drives, can be lost or stolen and fall into the wrong hands. An old tape or disk drive that you may have erased, may end up being salvaged and data scavenged by identity thieves long after you have discarded them.

  6. Not performing test restores of your data. Just because a backup job finished without errors doesn't guarantee that you can restore your data. The only way you can be sure is to periodically test the restore procedure.

Data Backup and Recovery

Online Backup: SSL or AES encryption??

If you have been shopping around for an online data backup service, then you have probably noticed that many of the providers use two different terms when describing their encryption capabilities. Some say SSL, some say AES, and some say both. Which one is best? Here's the scoop:

SSL is an acronym for Secure Socket Layer. SSL is used to encrypt data during transmission. It scrambles data so that if someone taps the wire, they will only see scrambled data. Your browser knows how to decrypt the data from an SSL encrypted web page because when the request was made for the page, your browser and the web server exchanged a unique session key that is required to view the data. SSL is a well established and documented technology. In addition to browsers and web servers, many other data transmission systems implement SSL as well. This includes online data backup systems.

AES is an acronym for Advanced Encryption Standard. AES is a very secure encryption technology that has been through rigorous analysis and testing by the US Government as well as many universities and private organizations. AES is the encryption technology recommended for government top-secret documents. AES is used to encrypt any data for storage. Unlike SSL, AES is not a protocol that exchanges session id's and keys with a browser or any other system. When data is encrypted with AES, the same key that was used to encrypt the data is required to decrypt it. Whoever or whatever receives AES encrypted data, must have the encryption key to access the contents.

While SSL is good for encrypting data during transmission, AES is good for encrypting data for storage. Online backup is an interesting case for AES. Some of the secure online backup services encrypt the data with AES before it is transmitted to the off site Internet storage facility. This negates the need for SSL because the data is encrypted before it reaches the transport layer. Furthermore, the data will remain encrypted while at the offsite storage facility until a program beyond the transport layer uses the original encryption key to decrypt the data. In the case of a truly secure online backup service, the encryption key is never sent to the offsite storage facility, therefore, the data remains encrypted at all times and can only be decrypted by the owner who has the original encryption key. See this statement from one of the top-notch secure online backup services.

Just because an online backup service boast of SSL and AES doesn't necessarily mean they will keep your data secure. SSL by itself will prevent a wire-tapper from capturing your data as it flows through the internet, but it does nothing to protect your data from a number of other security problems. If a hacker gains access to the internal network of the online backup service provider, then your data may be exposed. But if your data is stored in encrypted form with strong encryption technology like AES, then a hacker would need your encryption key to get access to your data. But wait, there is another threat; what if a technician at the offsite data center uses your encryption key to access your private data. Don't rule it out, it is not unusual for businesses suffer losses due to inside jobs. If your data is strongly encrypted with AES, and your key is never known by the online backup service provider, then your data is safe from insiders as well as hackers. The last threat would be your own encryption key. As long as you use a reasonably good encryption key, your data will be safe, but if you use your name, telephone number, address, or any other personally identifiable information, then all bets are off.

So when you see an online backup service provider throwing around terms like SSL, encryption and AES; don't feel safe just yet, dig deeper and make sure they state how they use the technology to secure your data. And last but not least, use strong passwords and encryption keys.

Data recovered from hard disk drive after Columbia space shuttle disaster

Don't count on being this lucky with your data. The following article describes how hard disk drive data was recovered from a burned hard drive after the Columbia space shuttle crashed in 2003. There were other hard drives on board Columbia that have been recovered, but the data was not recoverable. In addition it can be quite expensive to recover data from a damaged hard drive. Your best bet is to backup your data on a regular schedule.

Data recovered from Columbia space shuttle disaster

The Associated Press

Jon Edwards often manages what appears impossible. He has recovered precious data from computers wrecked in floods and fires.
Now Edwards may have set a new standard: He found information on a melted disk drive that fell from the sky when space shuttle Columbia disintegrated in 2003.
“When we got it, it was two hunks of metal stuck together. We couldn’t even tell it was a hard drive. It was burned and the edges were melted,” said Edwards, an engineer at Kroll Ontrack Inc.
Like other Columbia debris, the mangled disk drive turned up in Texas.

The recovered disk drive from Columbia had been used to capture data from a scientific experiment on the way xenon gas flows.

Comparing Data Backup to Insurance

Most responsible people understand why they need to buy insurance for their automobiles and homes. Insurance provides financial recovery in the event of an accident or loss. Most of us hope that we will never need to file a claim to recover from losses. In fact, most of us don't ever need to file a claim. Backing up your data is similar to automobile or homeowner insurance in that both are needed to recover from losses. However, there are some major differences worth noting.

Insurance is usually intended to protect against unexpected losses. You don't expect your house to burn down, and you don't expect to have any automobile accidents. You may not expect your hard disk to fail either, but this is where the big difference comes in. Every hard disk will fail, and most will fail without warning. There are almost no exceptions. I will say it again. Every hard disk drive will eventually fail!

Can you imagine how much your automobile insurance premium would be if you were certain to have an accident? In many cases the insurance companies expect you to have losses based on your driving record, and they charge you accordingly. Most of us have reasonable premiums because we drive carefully and avoid accidents. But, when you do have an accident, your premiums are probably going to go up.

Your data backup is there when you need it. And you certainly will need it. Your backup doesn't get more expensive based on how many losses you have experienced in the past. And the cost doesn't skyrocket as soon as you lose your data. Data backup is actually very reasonable in terms of cost when you consider the value that it is protecting.

Just like insurance policies, data backup systems are not all the same. Your insurance policy may have coverage limits, and exclusions. It may not cover every kind of loss. Same goes for data backup systems. If you are backing up to a portable hard disk, or dvd's, then you are protected against most hardware failures, but probably not protected against a natural disaster or even a fire at your home or office. If you are using an online backup system, then you may have the ultimate coverage that protects against wide variety of losses. When you compare the cost of an online backup subscription to the cost of an automobile policy, you will probably come to the same conclusion that I did. It's a great deal!

Five Reasons Why Small Businesses Should Consider Online Backup Services

I think most small business owners have some idea of the importance of backing up their computer data. However, since their IT budgets are limited, they don't usually get the same level of protection that a professional IT operation would provide for a larger business. Online backup provides small businesses and even home offices professional quality data backup services at very reasonable costs.

Here are five clear reasons why small businesses should consider online backup systems.

1) Offsite Storage - Online backup services by their nature store data off site. Tape and other media-based local backup solutions require an additional, and manual, effort to move backup copies of data to off site locations. The procedures and human efforts required to transport and store backup data off-site are often complex, expensive, error prone, and inconvenient.

2) Security - Professional online backup services always encrypt backup data. The better services also store the data in encrypted form. And some of the better online backup service providers use private key encryption methods so that even their own engineers and technicians have no access to the contents of your backup files. There are numerous examples of backup tapes, CD's, and portable devices turning up lost or stolen and exposing thousands of customer and employee records to potential identity thieves.

3) Consistency - Manual procedures and human intervention are the source of inconsistent data backups. Online backup systems are the most automated that you can get. In most cases there are absolutely no manual procedures to be neglected, skipped, or forgotten.

4) Simplicity - Online backup is much simpler than other solutions because you don't need to set up any hardware or complex software. In addition there is no media to be handled or manual procedures. Most online backup services require a subscription and a simple piece of software that is downloaded from a website.

5) Cost - Online backup services are much less expensive than traditional backup technology. You save the upfront costs of hardware, software, and media. And then you continue to save on the ongoing maintenance and cost of ownership of the system. Furthermore, there is no additional expense involved in transporting and maintaining backup data in an offsite storage location. Online backup also requires very little human resource time to setup, monitor, and operate.

There is no reason why a small business should have a less robust data backup system than a larger organization. A good online backup service provides enterprise quality data backup service at an affordable price.