Why Snapshots Are Not Backups

Online Backup

You are likely one of those too. You want terabytes of data accessible anywhere on any device. The same is true of your most critical applications. If you inadvertently delete something, you want the information restored in just a few minutes.

That magic is called a snapshot. For a Storage Area Network (SAN) that holds your data and has regularly scheduled snapshots, a previous copy of your data is available and can be rolled back to that point in time. However, there are some important aspects to understand about snapshots and these are the key take-aways:

  1. Without the current copy of your data, snapshots are worthless as they are dependent upon the differences between the original information.
  2. Snapshots for virtual machines allow rollback for any changes, but cannot be used by themselves as a functional virtual image.
  3.  Snapshots are not a backup of server system state, especially for critical roles like domain controllers.
  4. Snapshots do not clear the transaction logs of Exchange databases.
  5. For all of the above reasons, online backup should backup system states and databases independent of server incremental snapshots.

This post was inspired by a customer who recently and painfully experienced why snapshots are not backups. The customer was updating an application on their main domain controller (not a good practice either and a topic for another time) which went awry. After restart, the NETLOGON service would not remain started and Active Directory would not replicate with the secondary domain controller.

The customer lamented that they had performed the application update on several servers with no issues and had not taken a snapshot of the virtual machine. It wouldn’t have mattered. The problem is known as USN rollback where the server was no longer recognized as the master security database for the network. With a system state backup, the issue could have been resolved in a few minutes with an authoritative restore.

Instead an emergency project was required to:

  • Create a new virtual server
  • Export DHCP scopes
  • Manually remove the errant server from Active Directory
  • Seize the FSMO roles on the secondary domain controller
  • Shutdown and destroy the errant server
  • Promote the new server as a domain controller
  • Change the IP address of the new server to the previously errant server
  • Broadcast to users to shutdown workstations for cutover
  • Import DHCP scopes
  • Verify Active Directory replication

Fortunately, the secondary domain controller processed user logons during this scenario, even though no changes could be made to any Active Directory accounts. If the customer had not had a secondary domain controller, they would have had the ugly prospect of building a new domain controller and rejoining every user and device to the domain with weeks of profile and application hell.

When asked about other backup scenarios like Exchange, the customer said they used Symantec Backupexec as it was easier to restore than using their current online backup. More likely, someone on their staff discovered the Exchange logs weren’t being cleared and they had no way of restoring an individual mailbox using a server snapshot.

If you’re depending on snapshots only, then heed the warnings above and know you’re operating under high risk of downtime and data loss. The simple fact is snapshots are not backups.


About these ads

How to Disable Apple iCloud

Apple iCloud LogoAccording to industry experts, Apple is 10 years behind in security. Apple.com currently asks “What will your verse be?” on the home page in the wake of a huge security breach. The rise in popularity of Apple products in the last 5-7 years has primarily been centered around music, so it should not be a surprise that the Apple iCloud has serious security vulnerabilities.

Unlike Microsoft or Google, Apple iWork is still in beta and has achieved none of the high compliance standards required for commercial use or proven years of safe productivity across millions of users in the cloud. To help protect business users who may be using Apple devices, the following steps outline how to disable Apple iCloud:

  1. Be sure to have photos saved on your PC or another storage device first.
  2. Go to either the Photo Stream tab in your photo gallery in iOS or the Photo Stream option in iPhoto on Mac OS to view existing photos in Photo Stream. Here you can manually delete existing individual photos or whole albums.
  3. Then go to the settings menu on your iPhone or iPad (‘System Preference’ on Mac OS)
  4. Open the ‘iCloud’ category
  5. Switch off Photo Stream (which automatically uploads photos to iCloud)
  6. Repeat this on all your Apple devices

To be fair, Apple does offer Two Factor Authentication like other major providers. However, Apple continues to be very new at online services and Apple iCloud has been reported to be unsafe by local news stations.

Managed Services First Bootstrap Website

Managed Services77% of mobile searches are in a location where a PC is available, according to the Google 2013 Mobile Search Study. Amazingly, most of the technology industry (including Apple) has not embraced this overwhelming mobile search trend. So we decided to share some insights into managed services first bootstrap website.

Bootstrap is a sleek, intuitive, and powerful mobile first front-end framework for faster and easier web development. While Matrixforce is not a web design firm, it’s obvious that you are just frustrating your largest audience of mobile and tablet users by forcing them to scroll and zoom legacy websites. In 2014, not having a mobile responsive website gives the impression that your organization is out of touch – especially if you’re in the technology sector.

The following list provides specifics on the unique user experience at Matrixforce:

  • Mobile first: The display automatically adjusts to fit the screen size of smart phones, tablets, or desktops. Users don’t have to pan or zoom parts of a whole page on smaller devices.
  • No app required: There is no separate mobile site or app in Apple iTunes, Google Play, or Windows Marketplace.
  • Single source: Bootstrap eliminates unnecessary code for mobile sites or apps and the possibility of duplicate content to hinder search results.
  • Clean URLs: Our web pages have no .html, .php, or other extensions. The page names are short and easy to understand, with an obvious boost for search.
  • Sticky header: The logo and menu are always at the top of the screen. You never have to scroll to find menu options to move to another page.
  • Different color: Nearly every competitor has a blue or black website. Dark maroon definitely makes us stand out. A gradient gives some flare and character versus the mundane flat look.
  • Logo is home: Home menu options are redundant, extra clutter, and no longer relevant for modern websites.
  • Touch menus: Traditional pulldown menus don’t work on smartphones or tablets. Bootstrap menus work on any screen size and the size is large for easy menu selection on tablets or touchscreens.
  • Large font: On conventional monitors, the font is large with easily readable typography and gray contrast that is easier on the eyes. For smaller displays, the font adjusts accordingly.
  • Images adjust: Images automatically resize to fit the device display.
  • Grid structure: The row and column format of each page fluidly adapts for smartphones and mini-tablets.
  • Content rich: The competition generally has a couple dozen pages amidst plenty of bluster. We have over 200 pages and growing of customer focused benefits, features, cost comparisons, frequent questions, requirements, knowledgebase articles, white papers, and videos.
  • Simple footer: Since the top menu is always available, duplicate navigation links are no longer necessary in the footer. The footer is really only supposed to be legal and contact information. Putting copious amounts of random information in the footer and inviting your audience to drift off to social media on every page was never a good idea.

As always, we’d like to thank our customers for the opportunity to provide insight, streamline technology, and improve business operations. For the competition and the rest of the technology sector, you’re going to have to get with the times.



CRM Next Release Spring 2014

Dynamics CRM Online LogoThe Spring 2014 update for Microsoft Dynamics CRM Online is nearly here with most customers automatically upgraded with no downtime by the end of May. The new capabilities will help you put your customer at the center, create deeper customers connections, and continue to evolve your customer relationship management.

Here is a short list of things you need to know:

  1. Enable using Product Updates. The Product Updates feature allows the CRM Online Administrator to enable these new features in the organization when the time is right for you.
  2. No roll back. Once you choose to install the spring product updates, you cannot roll back.
  3. Sandbox testing. After the update, new functionality and customizations can be tested in a “sandbox” instance isolated from your production environment.
  4. Powerful customer service. Top new features include: e-mail to case functionality, customer case entry self-service, and social listening for brands and products. See the CRM Customer Center for more information.
  5. How to install. Sign-in to CRM Online and go to Settings > Administration. Select Install Product Updates in the lower left corner.

Matrixforce anticipates enabling and testing these new features with select customers in June. General deployment to all customers is anticipated by September. Look for further announcements coming soon.

Microsoft Patches IE in 3 Days While Heart Bleed Persists

Security ResponseAt approximately 10am PDT on 5/1/2014, Microsoft released an out-of-band update for the Internet Explorer/Adobe Flash vulnerability published in Security Advisory 2963983:

  • Microsoft customers with automatic updates or Intune will not need to take any action, as the patch will be automatically downloaded and installed.
  • Windows XP customers will also receive the update despite the fact the 14-year-old technology is no longer supported by Microsoft.
  • Join the bulletin webcast for this update at 11am PDT, 5/2/2014.
  • See the Microsoft Security Response post by Dustin Childs for more information.
  • Microsoft released this patch just 3 business days from discovery, while the Heart Bleed vulnerability persists in over 20,000 of the top 2 million Linux/Unix websites after nearly 30 days.

On April 28, 2014, Matrixforce posted Facts of Internet Explorer Vulnerability 2014. Contrary to popular misconceptions, the Secunia Browser Vulnerability Report shows Open Source browsers like Firefox and Chrome have over twice the vulnerabilities of Internet Explorer. The Department of Homeland Security couldn’t issue an advisory against using Linux/Unix websites at risk with Heart Bleed, because it was difficult for users to determine the platform and there are dozens of manufacturers. Unfortunately, unlike Microsoft there is no automatic update for Linux/Unix. If a similar Adobe Flash vulnerability emerges for those platforms, then it would likely take much longer to eliminate as evidenced by Heart Bleed bug still persisting.

Facts of Internet Explorer Vulnerability 2014

Internet Explorer LogoFollowing the recent Heart Bleed exploit, Open Source pundits have been scrambling and the press has capitalized on a slow news cycle to bash Microsoft. Here are the actual facts:

  1. On April 27, 2014, ZDNet published Microsoft discloses zero day in all versions of Internet Explorer. Debate raged in the comments about which platforms were more secure.
  2. The vulnerability is really from Adobe Flash. Windows systems without Adobe Flash installed are not vulnerable.
  3. Later on the same Sunday, Gizmodo published New Vulnerability Found in Every Single Version of Internet Explorer. The article incorrectly stated that Internet Explorer is only 26% of the browser market and Windows XP customers would be forced to pay exorbitant support. Out of touch comments exploded based upon these erroneous details.
  4. Secunia Browser Vulnerability Report for 2013 shows Internet Explorer with leading market share on Windows OS devices, less than half the vulnerabilities of the least secure browsers of Firefox and Chrome, and lowest percentage of unpatched systems of any manufacturer due to automatic Microsoft Updates.
  5. Search Engine marketers have recommended not using Adobe Flash for over 5 years, as it provides little information to be indexed. Industry sites like SEOWorks still advise against SEO & Flash Web Design. XP or any Windows user may simply uninstall Adobe Flash to avoid this vulnerability with little browsing impact.
  6. The last Internet Explorer vulnerability was reported October 9, 2013. IBM just discovered multiple Firefox vulnerabilities March 26, 2014. The latest Chrome vulnerability was published April 10, 2014.