Re: [NTSysADM] Re: scheduling iSCSI connections
It really seems like an effort to solve the wrong problem. Why not just ensure that end-users don't have direct access to the device which is handling backups, or to the back-end storage location of the backups? It's not like malware cannot lurk and wait for access... Regards, *ASB* *http://XeeMe.com/AndrewBaker <http://xeeme.com/AndrewBaker>* *Providing Expert Technology Consulting Services for the SMB market…* * GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842 On Sun, Aug 13, 2017 at 5:30 PM, J- P wrote: > While its possible , it is less likely as most infections are due to users > clicking on or opening something , which will not occur off hours. > > And in reality the window would be shorter since it uses CBT, so on > average the backups are about 10 minutes for most servers, with the > exception of Exchange it usually takes about 45 min. > > > I could theoretically install a new server (off domain) and run the backup > software on that server which would solve the problem- lets see if I can > sell them that idea. > > > thanks > > > > > > > -- > *From:* listsad...@lists.myitforum.com > on behalf of Brian Desmond > *Sent:* Sunday, August 13, 2017 12:06 PM > > *To:* ntsysadm@lists.myitforum.com > *Subject:* [NTSysADM] RE: scheduling iSCSI connections > > > So what happens if your ransomware scenario occurs while the backup is > running? That invalidates all your backups at that point as well. > > > > Perhaps I’m thinking of something else but all the backup toolsets I’ve > worked with all push the data over the network to a central system that > interacts with the backend storage/media. > > > > Thanks, > > Brian > > > > > > *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists. > myitforum.com] *On Behalf Of *J- P > *Sent:* Saturday, August 12, 2017 10:39 PM > *To:* ntsysadm@lists.myitforum.com > *Subject:* [NTSysADM] Re: scheduling iSCSI connections > > > > not sure I follow, the backup runs to a "local disk iscsi target" then > replicates offsite- - but I'm assuming (God forbid) ransomware hits the > host then it would also encrypt the "local iscsi disk" - > > > > tia > > > > > -- > > *From:* listsad...@lists.myitforum.com > on behalf of Brian Desmond > *Sent:* Saturday, August 12, 2017 5:51 PM > *To:* ntsysadm@lists.myitforum.com > *Subject:* [NTSysADM] RE: scheduling iSCSI connections > > > > Wouldn’t your backup tool be responsible for doing this? This seems very > likely to fail in some way, shape, or form at some point. > > > > Thanks, > Brian > > > > > > Thanks, > > Brian Desmond > > > > w – 312.625.1438 <(312)%20625-1438> | c – 312.731.3132 <(312)%20731-3132> > > > > *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists. > myitforum.com ] *On Behalf Of *J- P > *Sent:* Friday, August 11, 2017 12:59 PM > *To:* NT > *Subject:* [NTSysADM] scheduling iSCSI connections > > > > Is it possible to schedule iSCSI connections (connect at 11pm, disconnect > 6 am) > > > > We currently backup our hyper-v guests to our NAS which is presented to > the host via iSCSI, > > > > The goal is to achieve the equivalent of ejecting a tape after backup is > complete, in case of a ransomware infection. > > > > We do also have it offsite, however, I'd much rather restore 6tb locally > than over the wire. > > > > Any thoughts feedback are greatly appreciated > > > > > > >
[NTSysADM] Re: scheduling iSCSI connections
While its possible , it is less likely as most infections are due to users clicking on or opening something , which will not occur off hours. And in reality the window would be shorter since it uses CBT, so on average the backups are about 10 minutes for most servers, with the exception of Exchange it usually takes about 45 min. I could theoretically install a new server (off domain) and run the backup software on that server which would solve the problem- lets see if I can sell them that idea. thanks From: listsad...@lists.myitforum.com on behalf of Brian Desmond Sent: Sunday, August 13, 2017 12:06 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: scheduling iSCSI connections So what happens if your ransomware scenario occurs while the backup is running? That invalidates all your backups at that point as well. Perhaps I’m thinking of something else but all the backup toolsets I’ve worked with all push the data over the network to a central system that interacts with the backend storage/media. Thanks, Brian From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of J- P Sent: Saturday, August 12, 2017 10:39 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] Re: scheduling iSCSI connections not sure I follow, the backup runs to a "local disk iscsi target" then replicates offsite- - but I'm assuming (God forbid) ransomware hits the host then it would also encrypt the "local iscsi disk" - tia From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> mailto:listsad...@lists.myitforum.com>> on behalf of Brian Desmond mailto:br...@briandesmond.com>> Sent: Saturday, August 12, 2017 5:51 PM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: [NTSysADM] RE: scheduling iSCSI connections Wouldn’t your backup tool be responsible for doing this? This seems very likely to fail in some way, shape, or form at some point. Thanks, Brian Thanks, Brian Desmond w – 312.625.1438 | c – 312.731.3132 From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of J- P Sent: Friday, August 11, 2017 12:59 PM To: NT mailto:ntsysadm@lists.myitforum.com>> Subject: [NTSysADM] scheduling iSCSI connections Is it possible to schedule iSCSI connections (connect at 11pm, disconnect 6 am) We currently backup our hyper-v guests to our NAS which is presented to the host via iSCSI, The goal is to achieve the equivalent of ejecting a tape after backup is complete, in case of a ransomware infection. We do also have it offsite, however, I'd much rather restore 6tb locally than over the wire. Any thoughts feedback are greatly appreciated
[NTSysADM] RE: scheduling iSCSI connections
So what happens if your ransomware scenario occurs while the backup is running? That invalidates all your backups at that point as well. Perhaps I'm thinking of something else but all the backup toolsets I've worked with all push the data over the network to a central system that interacts with the backend storage/media. Thanks, Brian From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of J- P Sent: Saturday, August 12, 2017 10:39 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] Re: scheduling iSCSI connections not sure I follow, the backup runs to a "local disk iscsi target" then replicates offsite- - but I'm assuming (God forbid) ransomware hits the host then it would also encrypt the "local iscsi disk" - tia From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> mailto:listsad...@lists.myitforum.com>> on behalf of Brian Desmond mailto:br...@briandesmond.com>> Sent: Saturday, August 12, 2017 5:51 PM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: [NTSysADM] RE: scheduling iSCSI connections Wouldn't your backup tool be responsible for doing this? This seems very likely to fail in some way, shape, or form at some point. Thanks, Brian Thanks, Brian Desmond w - 312.625.1438 | c - 312.731.3132 From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of J- P Sent: Friday, August 11, 2017 12:59 PM To: NT mailto:ntsysadm@lists.myitforum.com>> Subject: [NTSysADM] scheduling iSCSI connections Is it possible to schedule iSCSI connections (connect at 11pm, disconnect 6 am) We currently backup our hyper-v guests to our NAS which is presented to the host via iSCSI, The goal is to achieve the equivalent of ejecting a tape after backup is complete, in case of a ransomware infection. We do also have it offsite, however, I'd much rather restore 6tb locally than over the wire. Any thoughts feedback are greatly appreciated
[NTSysADM] Re: scheduling iSCSI connections
not sure I follow, the backup runs to a "local disk iscsi target" then replicates offsite- - but I'm assuming (God forbid) ransomware hits the host then it would also encrypt the "local iscsi disk" - tia From: listsad...@lists.myitforum.com on behalf of Brian Desmond Sent: Saturday, August 12, 2017 5:51 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: scheduling iSCSI connections Wouldn’t your backup tool be responsible for doing this? This seems very likely to fail in some way, shape, or form at some point. Thanks, Brian Thanks, Brian Desmond w – 312.625.1438 | c – 312.731.3132 From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of J- P Sent: Friday, August 11, 2017 12:59 PM To: NT Subject: [NTSysADM] scheduling iSCSI connections Is it possible to schedule iSCSI connections (connect at 11pm, disconnect 6 am) We currently backup our hyper-v guests to our NAS which is presented to the host via iSCSI, The goal is to achieve the equivalent of ejecting a tape after backup is complete, in case of a ransomware infection. We do also have it offsite, however, I'd much rather restore 6tb locally than over the wire. Any thoughts feedback are greatly appreciated
[NTSysADM] RE: scheduling iSCSI connections
Wouldn't your backup tool be responsible for doing this? This seems very likely to fail in some way, shape, or form at some point. Thanks, Brian Thanks, Brian Desmond w - 312.625.1438 | c - 312.731.3132 From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of J- P Sent: Friday, August 11, 2017 12:59 PM To: NT Subject: [NTSysADM] scheduling iSCSI connections Is it possible to schedule iSCSI connections (connect at 11pm, disconnect 6 am) We currently backup our hyper-v guests to our NAS which is presented to the host via iSCSI, The goal is to achieve the equivalent of ejecting a tape after backup is complete, in case of a ransomware infection. We do also have it offsite, however, I'd much rather restore 6tb locally than over the wire. Any thoughts feedback are greatly appreciated
[NTSysADM] Re: scheduling iSCSI connections
yup, 2012r2 will try that thanks Jean-Paul Natola From: listsad...@lists.myitforum.com on behalf of Damien Solodow Sent: Friday, August 11, 2017 2:18 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: scheduling iSCSI connections Most likely; depends on the OS of the host. I’d guess that ‘Disconnect-IScsiTarget’ and it’s Connect- counterpart would do the trick. Running a pair of PowerShell scripts as scheduled tasks is pretty easy. DAMIEN SOLODOW IT Engineering Lead 317.447.6033 (office) HARRISON COLLEGE From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of J- P Sent: Friday, August 11, 2017 1:59 PM To: NT Subject: [NTSysADM] scheduling iSCSI connections Is it possible to schedule iSCSI connections (connect at 11pm, disconnect 6 am) We currently backup our hyper-v guests to our NAS which is presented to the host via iSCSI, The goal is to achieve the equivalent of ejecting a tape after backup is complete, in case of a ransomware infection. We do also have it offsite, however, I'd much rather restore 6tb locally than over the wire. Any thoughts feedback are greatly appreciated
[NTSysADM] RE: scheduling iSCSI connections
Most likely; depends on the OS of the host. I'd guess that 'Disconnect-IScsiTarget' and it's Connect- counterpart would do the trick. Running a pair of PowerShell scripts as scheduled tasks is pretty easy. DAMIEN SOLODOW IT Engineering Lead 317.447.6033 (office) HARRISON COLLEGE From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of J- P Sent: Friday, August 11, 2017 1:59 PM To: NT Subject: [NTSysADM] scheduling iSCSI connections Is it possible to schedule iSCSI connections (connect at 11pm, disconnect 6 am) We currently backup our hyper-v guests to our NAS which is presented to the host via iSCSI, The goal is to achieve the equivalent of ejecting a tape after backup is complete, in case of a ransomware infection. We do also have it offsite, however, I'd much rather restore 6tb locally than over the wire. Any thoughts feedback are greatly appreciated