Restore it All Podcast: The Anniversary of GDPR

In our premiere episode of Backup Central’s Restore it All Podcast, W. Curtis Preston (Mr. Backup) & Prasanna Malaiyandi discuss the one year anniversary of GDPR

Restore it All Podcast: That’s not Backup

W. Curtis Preston (Mr. Backup) and Prasanna Malaiyandi discuss various things people say are backup, which actually aren’t backup.

Restore it All Podcast: Protecting from Ransomware

W. Curtis Preston (Mr. Backup) and Prasanna Malayaindi discuss how to protect yourself from ransomware, and how to recover from if it happens.

Restore it All Podcast: Disaster Recovery

W. Curtis Preston (Mr. Backup) and Prasanna Malaiyandi discuss various ways people perform disaster recovery

What’s the difference between VCF, VMC, and “VMware on X?”

There have been a lot of announcements in the last year or so where VMware is available on various cloud or cloud-like platforms. If you’re wondering what the difference is between these various offerings, you’re not alone.

What is VCF?

VMware Cloud Foundation (VCF) is the first thing you need to understand when considering this topic. VCF is a software stack offered by VMware that bundles vSphere (compute), vSAN (storage) and NSX (networking) into a single platform. This gives those who would like to deploy it – for themselves or by offering it as a service for customers – a complete solution to draw from. If you know a solution is based on VCF, you also know that it will cover all compute, storage, and networking needs that you may have.

What is VMC?

VMC is an unofficial designation for VMware Cloud on some platform, the first example of which was VMware Cloud on AWS. The second example of this was announced at Dell Technologies World and is called VMware Cloud on Dell EMC.

Note to the wise: These products are not called “VMC,” at least not by anyone from VMware, AWS, or Dell. The product name is “VMware Cloud on AWS” or “VMware Cloud on DellEMC.” Think about it. The real names have both brands in them; “VMC” has neither.

“VMware Cloud on x” is VMware as a service offered by VMware on the platform in question, and it is based on VCF. Customers can manage it via vSphere, without having to worry about the hardware aspect. They can provision all the VMs, storage, they like without having to worry about where the hardware will come from.

There are two important things to note in the previous paragraph. If you see “Vmware Cloud on X,” that means the service is being offered by VMware itself. Your bill and support will come from Vmware.

What about Microsoft and IBM’s offering?

There are similar offerings from IBM and Microsoft. IBM offers VMware SDDC on IBM Cloud and Microsoft offers Azure VMware Solutions. Notice that neither is called VMware Cloud on X.

VMware on SDDC on IBM Cloud does not appear to use VCF, but Azure VMware Solutions is based on VCF. But the important differentiator is the service is offered by the platform vendor, not by VMware. Your bill and support will come from IBM or Microsoft, not from VMware.

Service

VCF?

Provider

VMware Cloud on AWS Y VMware
VMware Cloud on Dell EMC Y VMware
Vmware SDDC on IBM Cloud N IBM
Azure VMware Solutions Y Microsoft

Hopefully that helps clear things up.

Please use a password manager

Over one billions email address/password combos were recently leaked under the name “Collection #1,” suggesting there may be more. When something like this happens, I just take a deep breath and change my passwords on any sites that were affected, and I move on with my day.

Why can I do that? Because I use a password manager that notifies me of the hack and any affected sites. It will then assist me with changing the password in question, and I go back to work. (I also keep track of affected sites using Have you Been Pwned? )

Defense in Depth

Defending against cyberattacks requires a multi-faceted approach. Here’s a quick list off the top of my head. These will be very brief, because I want to focus on the last one.

  • Backup your data
    • I really don’t understand people that pay ransomware. Why don’t they just restore from backup? Oh, right. They don’t have a backup. Please backup your mobile phone and laptop data. And of course, backup your company’s servers.
  • Secure your physical devices
    • If someone gets hold of your physical device, all bets are off. Use a strong password on every device you have. If you lose a device and then get it back, do not just start using it again. You need to wipe it clean and re-install everything, because a hacker may have installed a key-logger that could steal the master password to the password manager I’m going to tell you to use in a minute.
  • Practice safe-browsing
    • Make sure you’re using secure sites if you’re logging in. Check anything you download for viruses. Don’t visit sketchy sites. I know you want to see that latest episode of Star Trek: Discovery and you don’t want to pay for the CBS All Access pass. But downloading a torrent is risky and may have other problems.
  • Watch for phishing & other social engineering attacks
    • Watch for those emails from companies you do business with that warn you of something and tell you that you need to login and fix it. Login manually to the real site; do not follow the link. (BTW, a password manager fixes this, too, because it won’t enter your password at the wrong site.)
  • Use an anti-malware product
    • And whatever you happen to pay for, also run some free checkers once in a while. (I run a malwarebytes free scan whenever it comes to mind).
  • Use multi-factor authentication whenever you can
    • The more important the account is, the more important it is that you use MFA. Also, one of your “important” accounts it the email address that you use everywhere. Make sure that account is protected with MFA. That way someone can’t hack it, and then use it to reset all your passwords.
  • Use a unique password for every single site where you login
    • And finally we come to the biggie. Make sure you do not reuse passwords on the sites you do business on. If any of them are hacked, you’re vulnerable everywhere that email address and password have been reused.
    • Doing this without a password manager is impossible if you have more that a few accounts. (I have 329 accounts in Dashlane, my password manager.)

Please use a password manager

I don’t know how anyone doesn’t use a password manager. It makes things so much more secure and so much easier. How often do you see the words secure and easier in the same sentence?

I chose Dashlane years ago for a unique combination of features that I no longer remember, but there are other password managers like 1password and Lastpass that are quite popular as well. They use one master password to give you access to all your encrypted passwords.

In the “How is Dashlane safe?” article, they have several answers.

  1. They enforce strong passwords on your Master password, and if you lose it, you’re toast. So don’t do that. But honestly, if you’re using it regularly, you will be typing in that password many times a day, so I don’t know how you would forget it.
  2. Your Master password is never stored on their servers. Even though they support multi-device syncing, your master password is never stored on their servers.
  3. All data is encrypted locally w/AES-256 encryption.
  4. They use AWS servers for added security
  5. They continually audit their system for vulnerabilities.

No security system will ever be 100%, but I say NONSENSE to those who think that keeping passwords in your head is more secure than a password manager. How exactly is a typical user, who has dozens of online accounts, supposed to create a unique password for each account and store it in their head?

The average user is going to use the “remember password” feature of their web browser, and that’s not secure at all.

Like I said, use a password manager so that when you’re hacked, all you have to do is change one password. But please, someone leave a comment about how password managers are less secure than your brain.

Lack of backups on your part does not constitute negligence on your vendor’s part

If you care about your data, back it up.  If you don’t care about your data enough to back it up, don’t tell me it’s your vendor’s fault when something goes awry.  

This is what came to me when I read the article about the Adobe Premier Pro user that lost what he described as $250,000 worth of videos due to a bug in Adobe’s software.  He said that the video cost him more than $250,000 to create, so he is suing Adobe for that amount plus additional damages. Besides the fact that I am pretty sure that Adobe – and every other software and hardware vendor – has a clause in their contract that specifies that data loss is not the responsibility, it’s just common sense. Software and hardware products make mistakes – that’s why we make backups.

Apparently, there was a bug in Adobe Premiere Pro that manifested itself when you stored your original video and Adobe’s cache directory on the same hard drive.  If you cleared your cache, it would delete the original video as well. 

The lawsuit alleges massive negligence on the part of Adobe during their software development and testing process. That’s a really high bar if you ask me.  Even if he is able to prove that they were negligent during the development process, they would easily be able to prove that he was also negligent during his system management process.

If your job is to create video, backup the video. If your job is to create anything, backup whatever it is. I don’t care how reliable your hardware or software is, things happen. That’s why we make backups. I hate to blame the victim here, but as far as I’m concerned he is a victim of himself.

Backup anything important to you

As I’ve already said, this should go without saying. There are too many ways to easily backup your data.   use a cloud-based data protection service. Use a number of open source products and a portable hard drive. I’m not personally a fan of the latter, but it’s still better than nothing. Having all your data stored on a single hard drive is simply asking for trouble.

Use a drive repair service

If you didn’t listen to the last paragraph and you find yourself with data that matters to you and no backups of that data, don’t touch the drive. Immediately look into a drive repair service. They are expensive, but they are your only choice if you didn’t backup your data. And the more you play around with the drive trying to find your data, the less likely they are to be successful. So if you are sitting there in a world of hurt with no backups, turn off your computer and start searching for a drive repair company. Some of them have flat fee services, and others are based on the number of gigabytes they recover for you. But again, if you have no backups, they are your only choice.

Go check your data

If you have computers where you store your data, and you have not yet lost any data, consider yourself lucky. My advice to you is to go check that your backup systems are in working order. If you don’t have a backup system, now is the time to get one.

But lack of backups on your part does not constitute negligence on your vendor’s part.  That’s my story and I’m sticking to it.

A parody of How to Save a Life

This was the first time we decided to make our own funny music video to go along with the song.  An early effort, of course.  Please note the Guitar Hero guitars the band is playing, along with the rusty guitar set.  (It makes an appearance in another video.)

One of the things we learned over time was that the video ALSO needs to be funny. I think we accomplished that with this one.

Bad restore – A Music Video Parody

Fans of my books and websites may not be aware of my music parody hobby, partly because I never put them all in one place.  So I recently uploaded all of them to Youtube, and am going to post them here as separate articles.

This was the very first one we did, and we didn’t have the budget to do a full video production.  I wrote the lyrics, the very talented Lindsay Romney did the vocals, and her brother did the music and mixing. For the video, we used sections of Lady Gaga’s video and inter-spliced it with sections of other videos.

There is a French portion, since the original song had a French portion.  It simply says “I want my files or I’m going to get fired,” in French.  (Or something like that.)

I hope you enjoy this one.  There are more (and better) videos to come.

Does Bit Error Rate Matter?

Magnetic devices make mistakes; the only question is how many mistakes will they make. I was presenting a slide a while ago that listed the Bit Error Rates (BERs) for various magnetic media, and someone decided to take issue with it.  He basically claimed that it was all bunk and that modern-day magnetic devices don’t make mistakes like I was talking about.  He said he had worked several years in businesses that make disk drives, and that there was essentially no such thing as a bit error.  I thought I’d throw out a few other thoughts on this issue and see what others think.

Note: The first version of this post referred to Undetectable Bit Error rate vs just Bit Error Rate.  The more common term is just BER.  But when it’s UBER, the U apparently refers to unrecoverable, not undetectable.

He said that all modern devices (disk and tape) do read after write checks, and therefore they catch such errors.  But my (albeit somewhat cursory) knowledge of ECC technology is that the read after write is not a block-for-block comparison.  My basic understanding is that a CRC hash is calculated of the block before the write, the write is made, the block is read back, the CRC is calculated on what was read back, and if they match all is good.  HOWEVER, since the CRC is so small (12-16 bits), there is a possibility that the block doesn’t match, but the CRC does match.  The result is an undetected bit error.  (This is my best attempt at understanding how ECC and UBERs work.  If someone else who has deep understanding of how it really works can explain it in plain English, I’m all eyes.)

There was a representative in the room from a target dedupe vendor, and he previously worked at another target dedupe vendor.  He mentioned that both vendors do high-level checking that looks for bit errors that disk drives make, and that they had found such errors many times — which is why they do it.

I once heard Stephen Foskett (@sfoskett) say that he thinks that any modern disk array does such checking, and so the fact that some disk drives have higher UBERs than others (and all are higher than most tape drives) is irrelevant.  Any such errors would be caught by the higher level checks performed by the array or filesystem.

For example, an object storage system (e.g. S3) can product a high-level check on all objects to make sure that the various copies of the object do not change. If any of them show a change, it would be flagged via that check, and the corrupted object would be replaced.  It’s a check on top of a check on top of a check. ZFS has similar checking.

But if all modern arrays do such checks, why do some vendors make sure they mention that THEY do such checking, suggesting that other vendors don’t do such checks? 

Unless someone can explain to me why I should, I definitely don’t agree with the idea that UBERs don’t matter.  If drives didn’t make these errors, they wouldn’t need to publish a UBER in the first place.  I somewhat agree with Stephen — if we’re talking about arrays or storage systems that do higher-level checks.  But I don’t think all arrays do such checks.  So I think that UBER still matters. 

What do you think?

Continue reading