Thursday, 13 October 2016

Office 365 backups

We have until now carried out on-site backups of our Office 365 mail, calendar and contacts using CodeTwo Backup, which I agree is a bit perverse.  The space we are using on our trust Nimble CS220 is starting to be of concern, so I'm giving in and looking at cloud backup solutions.

There are lots of these several of which I've trialed before but am looking at again:
  1. CloudAlly - http://www.cloudally.com/
  2. Dell EMC Spanning - http://spanning.com/ 
  3. SkyKick - https://www.skykick.com/ (but sold through partners, not direct I think)
  4. CloudFinder - http://cloudfinder.com/office-365-backup/
  5. Datto Backupify - http://www.datto.com/backupify
  6. UpSafe - http://www.upsafe.com/
My high-level requirements are:
  1. At least daily backups of Mail, Calendar and Contacts
  2. Quick search to find any of the above.  In particular, ability to find Calendar entries by date of event (not date it was last modified, which is no use at all - do you hear me CodeTwo?)
  3. Ability to restore individual mails, calendar items and contact to the original mailbox (and less importantly, to another mailbox)
  4. Storage located in the EU (UK ideally, given potential Brexit, but EU will do)
  5. Unlimited storage per user
  6. A modest cost per user (no more than £3 per user per month)
  7. Reasonable and credible assurances around data security (ideally as part of the terms and conditions)
I am in contact and/or trialing the systems above, and will update this post shortly to detail the differences, costs and my overall rating.

CloudAlly

 Pros

  • Easy set up.  I had backups running in less than 5 minutes.
  • Well priced - $30 per user per year is very competitive.
  • Covers lots of services in one product.  Sharepoint Online; Google Apps; Box; OneDrive and more.
  • Allows items to be restored from a specific snapshot (backup run) so the backup set isn't one big dumping ground.  This is useful for those "It was there on the 5th April" restore requests.
  • Backups can be run on demand as well as on a daily schedule.
Cons
  • Can't search calendar entries by date of event - this is a common problem, and a real issue for me.  Someone asks me "I had a meeting in my calendar for this morning but I can't recall what it was, can you look in the backup as it has gone" - in this case unless they can recall when they modified it it can be very hard to track down.
  • The UI isn't to my liking.  It isn't clear what is going on.  For example, I manually started a backup and the user now shows the total for his mailbox accurately in the user list.  However, the total for amount backed up for the whole of my Office 365 still says 0.  It might be that the backup is still running, but I can't really tell.  Also, you can list accounts that have backups, but from that list you can't get to restores.  To do that you have to navigate to the restore section and find the user there.  As I say, not my favorite UI.
  • Not a lot in the way of reporting, no clear way to see if anything is going wrong.

Spanning

Pros
  • Very fast set up
  • Allows items to be looked at by date of backup.
  • Provides a summary of backup issues (though there are often many during initial backup due to MS throttling, etc.)
  • Nice UI.  Easy to see what is backed up for whom and how much.
  • Well regarded by my peers.  Relatively big player in the market with huge backing (Dell/EMC)
  • EU datacenter option
Cons
  • Doesn't backup contacts yet - Spanning don't seem able to tell me when it will (but insist it will eventually)
  • At the high end in terms of cost, even after haggling.
  • Calendar entries cannot be searched for by event date


 SkyKick

 Pros
  • Nice UI with reasonable reporting.
  • Sold through channel so easy invoicing.
Cons
  • Can't restore individual calendar items!
  • Search is hard to use (IMO) and doesn't offer any advanced filters, just keywords.
  • No way to kick off a backup of one mailbox manually

CloudFinder

Pros
  • Very fast to set up
  • Nice, useful dashboard showing current backup status
  • Simple but useful reporting
  • Seems quite fast to backup
  • Search is fast and seems accurate
Cons
  • No way to search for calendar events by date of event - only by date of backup (which is of very little use to me)

Backupify

Pros
  • Big player in the market.
  • UI is relatively clear and functional
  • Backs up three times a day and allows manually initiated backups
  • *Can* search for calendar events based on date of the event
  • Sold through the channel so easy invoicing.
Cons
  • Considers the backup as a 'single dump' of all data per person, so there's no way to look at the data by backup date.
  • No easy to access trial
  • Sold through the channel, so a lot slower to get info on than the direct, self-service alternatives
Posted by at No comments:

Wednesday, 17 February 2016

AD Domain Administrator password and name change

Changing the AD domain administrator username is good practice, as is a regular change to the password.  Our password had remained the same for a good long time due to fear of breaking things (and an apparently inaccurate belief that one system in particular would break).

In practice it isn't so bad:


  1. Get Service Credentials Manager from http://www.cjwdev.co.uk/Software/ServiceCredMan/Info.html - very handy tools to trawl the network getting the details of all services and scheduled tasks along with their login account details
  2. Run the above - if your network is small the free version of the tool is sufficient.  Larger networks would benefit from the ability to export the output to Excel, so the paid version is a better option.  What comes out of this will help you plan the change - if nothing or little runs as the domain administrator then the process is generally quick and smooth.
  3. In Active Directory Users and Computers, right click on the administrator account and click on Rename - enter the new name.  Log our and back in as this user, if you are logged in as it (though you should be using individual admin accounts that are separate from your day-to-day logins).
  4. Again in ADUC right click on the administrator account and select Reset Password.  At this point the change is done.
  5. Wait for AD to propagate the change to other DCs (if you have any), or force it with 'repadmin /syncall <other DC name> /Adep'
  6. Now go to any system with services or scheduled tasks that run as the administrator account.  Ideally, create new account for these (local ones if possible, or domain ones with no or restricted logon rights) and use one account per service 'group' (so one for the Veeam services, for example).  Restart said services and make sure things all still work.
  7. Also look out for applications which cache credentials in their config.  Backup Exec, for example, or Veeam ONE - again, these shouldn't be the domain administrator account, but if they are they will need updating (or ideally replacing with dedicated accounts).
Note that using dedicated accounts for services might require that they have local admin rights.  In our case we had a couple of services on the Domain Controllers (not ideal, but needs must..) so adding the account to the local administrators group wasn't possible via the GUI.  To do this from the command line :

net localgroup Administrators /add DOMAIN\USERNAME

Also a lot quicker than doing it via the GUI on the non-DC systems.
Posted by at No comments:
Subscribe to: Comments (Atom)