Building a hardened Veeam Repository from a Synology NAS

Veeam has done some really good work on the implementation of hardened backup repositories to help protect against advanced ransomware attackers that go after backups as well as primary data. In the wild I see a lot of smaller and mid-sized organisations using Synology or QNAP NAS boxes as the storage for their backup repositories as they are significantly less expensive than their “enterprise” counterparts and you can use disks from any supplier and not have to pay the exorbitant markup from <insert enterprise supplier here>. [Read More]

Re: What’s your work from home DR plan?

Following up on the excellent article from @networkingnerd I thought I give out some background on how I’ve approached the issue. Since much of what I do is consulting around designing and assisting companies in building their own disaster recover plans and processes it’s incumbent on me to set the example as much as possible. But of course as an independent consultant I don’t have access to the same kinds of budgets as an enterprise, but it’s surprising just how far you can push things even on a small scale. [Read More]

Veeam, S3 Object Locks, MinIO and TrueNAS

I’ve been using the Veeam feature of a scale-out repository that leverages S3 storage for offsite and long term retention for a while. One of the interesting variants on this option is the ability to leverage the S3 object lock feature which basically tells the system that whatever happens, an object that is written cannot be deleted for a fixed amount of time, generally 15-30 days in our use case. This type of WORM feature is becoming a necessary tool in restoring from ransomware/cryptolocker attacks, especially since the attackers are getting smart and go looking for the backup systems and try to compromise them as well. [Read More]

Mobile Lab v2 part 1

Note: this is going to be a long one as it’s the accumulated stream of notes on the project over close to a year of reflection and iterations. It’s been about 4 years since I built my original Mobile Lab so it’s time for some updates. The original lab has been (sadly) mostly decommissioned for parts as the 16GB RAM ceiling on the Mini PCs was a real problem with the newer technologies where some VMs require 16 GB just for their base configuration. [Read More]

First world problems and iOS automation

The environment At the house, I have a pfSense router set up for Dual-WAN connectivity that uses a Netgear 4G LTE Modem for the primary link because my ADSL connection maxes out at 8Mbps while I can get up to 40Mbps on the 4G connection. This if course is made possible by living in France where I have access to an uncapped 4G service. The only problem with this setup is that the 4G connection will sometimes drop connectivity at random moments for random amounts of time. [Read More]

Data Protection in 2020

Zerto presented at Tech Field Day 21, and helped bring into focus a number of thoughts I’ve been having regarding some of the different approaches to data protection and what they actually entail in our current context of computing and how Zerto’s approach fits well in this changing world. Disaster Recovery vs Backup vs Archive Each of these are activities that fall under the umbrella term of Data Protection, but they have very different functions, requirements and even terminology. [Read More]

Stupid network tricks

As a consultant, I’m frequently working on client sites. In many cases, I will end up with a client-supplied workstation or laptop that allows me to access everything internally, but the bigger the company, the likelier it is that they have piles of security infrastructure that means that I can’t get out to my mail server from the machine that they’ve given me, VPN connections are usually out of the question, Dropbox is blocked, along with protocols like BitTorrent used by Resilio Sync so I end up working with my personal MacBook Pro sitting on the desk next to theirs connected to my own 4G router, tethered to my iPhone or one some kind of relatively permissive guest Wifi. [Read More]

Travel kit update

I’m currently on a project with rotating weeks living in hotels, so optimizing the travel kit got pushed up the priority queue and I’ve found a few new tools to add to the kit which get rid of a lot of extra overhead. My usual travel computing is provided by a MacBook Pro and an iPad Pro. The nice thing about this is that they both use USB-C for charging. But of course travelling with two regular chargers is a pain, both from a size perspective and the requirement for finding individual plugs for each charger. [Read More]

Re: Sending emails to your inbox is a dangerous default

An article by Chris Siebenmann over a the University of Toronto got me thinking about how I’ve avoided this particular trap (after living with it far too long). I’ve been through email bankruptcy a number of a times and a few years ago I landed on a method that has addressed the worst of this situation rather handily. Unfortunately, this approach is dependent on the level of integration and rule sophistication your email client is capable of. [Read More]

Vast Data at Storage Field Day 18

Vast Data came out of stealth mode at Storage Field Day 18 with a number of surprises including an innovative architecture that takes advantage of all of the newest hardware advances. My first thought was to see if I could write up an explanation of the architecture, but based on the same public information I have access to, Glenn Lockwood wrote this excellent description which covers everything I was going to (and then some). [Read More]