Feeds

User Data: Here, there, everywhere

But rarely where you need it

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

Blog Every computer user in the world has heard tales of “the computer that ate my files”. Perhaps the magical write-limit fairy arrived and turned your SSD back into a pumpkin. The infamous “someone, definitely not me” could have opened an infected email or Facebooked up an infected flash ad, corrupting the OS and causing all sorts of merriment.

The reasons all vary, but the result is always the same: there are no backups, and you had just put some incredible amount of time into a project on that computer which is absolutely crucial to your personal survival in the modern world. Since computer components eventually die, what can possibly be done to prevent this?

The single most important measure of preventative digital medicine (ironically also that which is most frequently ignored) is to back up your data. The second most important item is to make your data fault tolerant. In a business IT environment both of these can usually be accomplished in one fell swoop: put all of the user data on the servers, not the local computers. The servers are regularly backed up, have RAID and other goodies for fault tolerance, and are looked after by a cadre of good looking, witty, intelligent well paid systems administrators. (Well, I hope the servers at least have a RAID and scheduled back ups.)

How then do we get the user data onto the servers? User data is generally stored in two locations: the user’s profile, and their homefolder. In Windows, these are most often separate concepts. In Linux, Unix or OSX the profile is most often a part of the homefolder. When talking about a scenario where all of your users are always connected to the same network (ie no roaming or VPN users) then Linux, Unix and Mac admins have it easy. They configure their server to post an NFS share, map /home (or its equivalent) to the server, and this whole mess of trying to get user data to live on the server is done and dusted.

Windows doesn’t offer anything quite so simple. Windows has at its disposal “roaming profiles” and “folder redirection”, neither of which is a complete solution. Folder redirection is simple enough: you can tell certain pre-determined folders that they exist on the server, not on the local computer.

In a Windows environment, homefolder remapping is the canonical example of this practice. The limitation being that you can not arbitrarily remap any folder you choose; Microsoft has determined that there are a limited set of folders to which you may do this.

Most importantly, you can not redirect the entirety of a user’s profile to the server, thus preventing a Unix-like easy approach to this problem. Both the Unix approach of mapping the homefolder/profile set entirely to the server and the Windows approach of very selectively synchronising or redirecting folders to the server completely break down when you start talking about remote (VPN or laptop) users or individuals who log onto multiple machines.

If you look at the traditional Unix approach to keeping the user’s data on the servers, the instant the connection between the user’s computer and the server is severed, the user loses all access to that information. A laptop user can then do nothing without a VPN connection; there is no local copy of the data on his laptop. There are some attempts to get around this, but the really short answer is that there is no nice and clean solution. If you are using Unix, then either your users' information lives on their system, or it lives on the server. Attempts to bridge the gap in Unix are…generally very complicated.

3 Big data security analytics techniques

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
BOFH: Oh DO tell us what you think. *CLICK*
$%%&amp Oh dear, we've been cut *CLICK* Well hello *CLICK* You're breaking up...
AMD's 'Seattle' 64-bit ARM server chips now sampling, set to launch in late 2014
But they won't appear in SeaMicro Fabric Compute Systems anytime soon
Amazon reveals its Google-killing 'R3' server instances
A mega-memory instance that never forgets
Cisco reps flog Whiptail's Invicta arrays against EMC and Pure
Storage reseller report reveals who's selling what
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.