Hi, Unless you have proper procedures for safegaurding this stuff, and legals in place, I would do this all on the customer's premises (or wherever they instruct you to work) on their equipment. They must have a budget for this (otherwise how are they paying you?), and it becomes a cost of part of the project. If someone breaks into their offices and steals a server, that's not your problem then.
Now, I have a bunch of commercially sensitive stuff on my laptop (as do most/all of our other consultants). But we have our risk management in place (e.g. Bitlocker-ed laptops, Exchange sync policy enforcement for phones, IRM/RMS, policy documents we have to sign etc), and we have the contractual stuff in place to indemnify us against customer lawsuits (and no doubt the necessary insurance cover as well). Cheers Ken ________________________________ From: Erik Goldoff [[email protected]] Sent: Wednesday, 8 July 2009 3:54 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain "What happens when you tell the customer you’ve made a backup of their whatever and their office burns down a couple days later? " You're waaaay off base here ... there are too many theoreticals ... what happens, if during the upgrade, something goes wrong and the active directory metabase becomes corrupt... they have no internal backups, I don't make a copy, and now they cannot login to their network resources ... I can still be sued for free, and the probability of that scenario happening is much higher than a bus running over my laptop. And if their office burns down, they're gonna need more than the DC image I have, not to mention that I explicitly state the purpose of the backup copy I make, 'to recover if the upgrade process goes wrong' ... period ... I understand your perspective on the situation, but sorry, it just won't fly in the real world dealing with SOHO and Small business sites. Your data center fires is a neat story, but for Soho and Small business, their 'data center' is usually a commandeered closet or corner with a collection of servers ... note that this issue revolves around upgrading from Windows 2000 ??? Not a technilogically current installation, no spare server or desktop hardware, nor OS license to spare. I'm curious as to how you would handle the business continuity planning for a problem with the upgrade ... Erik Goldoff IT Consultant Systems, Networks, & Security ________________________________ From: Brian Desmond [mailto:[email protected]] Sent: Wednesday, July 08, 2009 1:34 AM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Yes pretty much. Here’s another way I’d think of this. What’s your liability insurance got to say about this bonus service? What happens when you tell the customer you’ve made a backup of their whatever and their office burns down a couple days later? Sure you can just restore that bonus backup except your laptop got runover by a bus in between the backup and the fire. A colleague had some wise words for me the first time I did a gig at a legal services customer – “Just remember, they can sue you for free.” Many customers I deal with, offsite backups consist of tapes going in these heavy duty metal boxes with locks on them. The boxes are barcoded or numbered or something and a guy comes to pick them up, signs for them, and the offsite people basically guarantee their safety until you sign for them when they come back. The delivery guy also drops off any locked tape boxes whose retention policies dictate their return as they’ve expired. In the unlikely event of some major crisis, the offsite people are on the nut to get your box of tapes somewhere in some prearranged guaranteed time window. Some customers are also sending stuff live (e.g. replicas on standby hardware) into a 3rd party datacenter designed for this sort of fallback plan (e.g. Sungard). They also have contracts where if their computer room burns down or something the vendor is on the nut to provide K servers of approximate configuration Z in location Y within X hours of notification of the requirement. These vendors have the kind of capacity and capability to deal with something like 9/11 or Katrina if the customer has the action plan to respond. Or perhaps something more simple like the two datacenter fires this past weekend – Seattle and Toronto both had high rise carrier hotel fires. One of them, I forget which, the electrical busing between floors was completely hosed (literally) from what I heard. Thanks, Brian Desmond [email protected] c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
