Feeds

User Data: Here, there, everywhere

But rarely where you need it

  • alert
  • submit to reddit

Securing Web Applications Made Simple and Scalable

Blog Every computer user in the world has heard tales of “the computer that ate my files”. Perhaps the magical write-limit fairy arrived and turned your SSD back into a pumpkin. The infamous “someone, definitely not me” could have opened an infected email or Facebooked up an infected flash ad, corrupting the OS and causing all sorts of merriment.

The reasons all vary, but the result is always the same: there are no backups, and you had just put some incredible amount of time into a project on that computer which is absolutely crucial to your personal survival in the modern world. Since computer components eventually die, what can possibly be done to prevent this?

The single most important measure of preventative digital medicine (ironically also that which is most frequently ignored) is to back up your data. The second most important item is to make your data fault tolerant. In a business IT environment both of these can usually be accomplished in one fell swoop: put all of the user data on the servers, not the local computers. The servers are regularly backed up, have RAID and other goodies for fault tolerance, and are looked after by a cadre of good looking, witty, intelligent well paid systems administrators. (Well, I hope the servers at least have a RAID and scheduled back ups.)

How then do we get the user data onto the servers? User data is generally stored in two locations: the user’s profile, and their homefolder. In Windows, these are most often separate concepts. In Linux, Unix or OSX the profile is most often a part of the homefolder. When talking about a scenario where all of your users are always connected to the same network (ie no roaming or VPN users) then Linux, Unix and Mac admins have it easy. They configure their server to post an NFS share, map /home (or its equivalent) to the server, and this whole mess of trying to get user data to live on the server is done and dusted.

Windows doesn’t offer anything quite so simple. Windows has at its disposal “roaming profiles” and “folder redirection”, neither of which is a complete solution. Folder redirection is simple enough: you can tell certain pre-determined folders that they exist on the server, not on the local computer.

In a Windows environment, homefolder remapping is the canonical example of this practice. The limitation being that you can not arbitrarily remap any folder you choose; Microsoft has determined that there are a limited set of folders to which you may do this.

Most importantly, you can not redirect the entirety of a user’s profile to the server, thus preventing a Unix-like easy approach to this problem. Both the Unix approach of mapping the homefolder/profile set entirely to the server and the Windows approach of very selectively synchronising or redirecting folders to the server completely break down when you start talking about remote (VPN or laptop) users or individuals who log onto multiple machines.

If you look at the traditional Unix approach to keeping the user’s data on the servers, the instant the connection between the user’s computer and the server is severed, the user loses all access to that information. A laptop user can then do nothing without a VPN connection; there is no local copy of the data on his laptop. There are some attempts to get around this, but the really short answer is that there is no nice and clean solution. If you are using Unix, then either your users' information lives on their system, or it lives on the server. Attempts to bridge the gap in Unix are…generally very complicated.

The Essential Guide to IT Transformation

More from The Register

next story
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
FLAPE – the next BIG THING in storage
Find cold data with flash, transmit it from tape
Seagate chances ARM with NAS boxes for the SOHO crowd
There's an Atom-powered offering, too
Gartner: To the right, to the right – biz sync firms who've won in a box to the right...
Magic quadrant: Top marks for, er, completeness of vision, EMC
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.