Looking for a data transfer tool

N2ITN2IT Posts: 7,483Inactive Imported Users
Currently I working in an environment that currently has 30,000 users. Some of these users work in remote locations that don't give them access to a LAN or a LAN nearby. They all have VPN access to the network, but I am afraid backups aren't friend on satellite connections ;)

Has anyone ran into this problem and if so what have you done to provide a service. Most of our end users are connected to a lan, but 20% of them are remote users. We are trying to come up with a standard tool that can copy the data over even with encryption on the OS.

Our encryption device is Credant and our OS is XP 32.

Any ideas or solutions would be greatly appreciated!

Currently we are using data cables with a NIC between the USB connections to keep the files from being obsolete during the transfer. We are also using a VB app to pick up all the file types that are deemed useful. About 150 different along with PST, network profiles, and other personalities.
Thanks!

N2

Comments

  • EveryoneEveryone Posts: 1,661Member
    RoboCopy. :p

    What I find interesting is that you're doing backups at the desktop level. I've never seen anyone even want to do that in such a large environment. Usually the data is stored on a file server, and the file server is what gets backed up. The desktop is expendable.
  • rwmidlrwmidl CISSP, CISM, MCSE, MCSA, MCPxAlot Worldwide AvailabilityPosts: 807Member ■■■■■■□□□□
    This may be outside of the scope of what you are trying to do but what about:

    1. Have a "home folder" set up (designate in AD) that resides on your file server(s) for all users, and have users keep "important" items (mail files, etc) in there. That way they are backed up automatically (assuming you do backups of your file servers).

    2. Look at implementing some sort of "virtual" desktop solution (Citrix, Remote Desktop) for your virtual users. When the users logs in to the virtual desktop, all their drives, etc are mapped to your file servers, and again the files are backed up. Plus you are controlling the virtual users environment and possible eliminating the introduction of viruses, etc to your network (when I use to deal with virtual users, they were the hardest ones to keep their systems patched and up to date).
    CISSP | CISM | ACSS | ACIS | MCSA:2008 | MCITP:SA | MCSE:Security | MCSA:Security | Security + | MCTS
  • EveryoneEveryone Posts: 1,661Member
    rwmidl wrote: »
    This may be outside of the scope of what you are trying to do but what about:

    1. Have a "home folder" set up (designate in AD) that resides on your file server(s) for all users, and have users keep "important" items (mail files, etc) in there. That way they are backed up automatically (assuming you do backups of your file servers).

    2. Look at implementing some sort of "virtual" desktop solution (Citrix, Remote Desktop) for your virtual users. When the users logs in to the virtual desktop, all their drives, etc are mapped to your file servers, and again the files are backed up. Plus you are controlling the virtual users environment and possible eliminating the introduction of viruses, etc to your network (when I use to deal with virtual users, they were the hardest ones to keep their systems patched and up to date).

    This is what I was thinking too, we do both of these where I work. Home folders, and folder redirection, plus some remote users have virtual desktops, using VMWare's VDI solution. However we don't have any users on a satellite connection. At worst they are DSL or Cable.

    Do NOT store PST files on a network share, that is a VERY bad thing to do, and would only be made worse over a satellite connection.
  • rwmidlrwmidl CISSP, CISM, MCSE, MCSA, MCPxAlot Worldwide AvailabilityPosts: 807Member ■■■■■■□□□□
    Everyone wrote: »
    This is what I was thinking too, we do both of these where I work. Home folders, and folder redirection, plus some remote users have virtual desktops, using VMWare's VDI solution. However we don't have any users on a satellite connection. At worst they are DSL or Cable.

    Do NOT store PST files on a network share, that is a VERY bad thing to do, and would only be made worse over a satellite connection.

    I'd never advocate using PST files over a network share. I'd be a lot more inclined to "up" the storage space on the mail server(s) for virtual users, or ideally use virtual desktops for them, though I'm not sure if the latency from using satellite connections would work with this.
    CISSP | CISM | ACSS | ACIS | MCSA:2008 | MCITP:SA | MCSE:Security | MCSA:Security | Security + | MCTS
  • N2ITN2IT Posts: 7,483Inactive Imported Users
    PST are mapped to the My documents folder. No offline versioning available for backup, so everything is self contained on the C drive. I agree about network shares.

    That is an interesting concept.

    Let me make sure I am synched up with you guys.

    Have the remote user vpn into the network
    Give them access to a virtual server
    Have them save their information to a homedirs back up folder on that PFP they remoted into?
  • rwmidlrwmidl CISSP, CISM, MCSE, MCSA, MCPxAlot Worldwide AvailabilityPosts: 807Member ■■■■■■□□□□
    N2IT wrote: »
    PST are mapped to the My documents folder. No offline versioning available for backup, so everything is self contained on the C drive. I agree about network shares.

    That is an interesting concept.

    Let me make sure I am synched up with you guys.

    Have the remote user vpn into the network
    Give them access to a virtual server
    Have them save their information to a homedirs back up folder on that PFP they remoted into?

    What my thought was more of the following:

    1. Have the user vpn in to your network.
    2. Lauch RemoteDesktop/Citrix/whatever to log on to their "virtual" desktop.
    3. All of the users "work" would be done via virtual desktop. PST files, etc would reside on this virtual desktop (your home folders, file shares etc would reside there).

    There would be no "work" done on the physical computer. Mail could still be accessed via Webmail, but anything that is on the computer would not be backed up to the network.

    While this may be a pain for users, from a company perspective there are benefits:

    1. Standard desktop environment for all users. Patches, security, etc are consistent and maintained.

    2. Protection of company information. Since company information resides on the virtual desktop, the concern for "data leaks" is reduced (not eliminated).

    3. Reduced hardware costs. Possibly reduce or eliminate the need to provide laptops/desktops to virtual users (and the costs associated with lost/stolen/missing equipment - see also point 2 above).

    4. If an employee leaves or is about to be terminated, all of the users files are already backed up so management has access to them (can also reduce the change of the employee spiriting out confidential information/sales lists, etc).

    Benefits to user:

    1. Standard desktop environment for all users that is secure and maintained.

    2. Data is backed up (it's on the virtual desktop so the data would be backed up).

    3. Ability to access the data wherever. If you have a web page/portal to access vpn, users can vpn from say a hotel computer then access the virtual desktop to do any work - no need to be tied down to a laptop). Email wouldn't require access to Outlook - just log in to webmail (ok PST files aren't there but you get the idea).

    4. Lessen the concern about loss/theft of equipment, plus it should be a lot easier for helpdesk to manage/maintain a virtual desktop vs having to remote in to a users laptop and "fix" an issue.
    CISSP | CISM | ACSS | ACIS | MCSA:2008 | MCITP:SA | MCSE:Security | MCSA:Security | Security + | MCTS
  • EveryoneEveryone Posts: 1,661Member
    If you're already a Citrix shop, use their solution, if you're a VMWare shop, use theirs. We have both, I prefer VMWare. I think Citrix calls theirs "XenDesktop" or something like that, and VMWare is "VDI", can't remember right now.

    rwmidl laid it out pretty well. User connects to VPN, all work is done from the virtual desktop, and not from the users PC, so all data is stored within your network, no need to worry about backing up over slow remote connections.

    You don't have to use webmail... You can run Office from within a virtual desktop. We have home transcriptionists using the full Office 2010 suite inside of a virtual desktop, they are our first deployment of the technology, and it has worked out very well. They VPN in from home then launch their virtual desktop to do all their work. We're planning to spread this to other areas as much as possible.
  • EveryoneEveryone Posts: 1,661Member
    Another thing worth mentioning is how easy the backups are. You can take snapshots of the virtual desktops and have a complete point in time image of it.

    You'll still want to do home drives, and folder redirection if you aren't already. I.e. My Documents points to H:\username\Documents, and "H" is mapped to \\fileserver\$home\username or something along those lines.
  • rwmidlrwmidl CISSP, CISM, MCSE, MCSA, MCPxAlot Worldwide AvailabilityPosts: 807Member ■■■■■■□□□□
    Everyone wrote: »
    If you're already a Citrix shop, use their solution, if you're a VMWare shop, use theirs. We have both, I prefer VMWare. I think Citrix calls theirs "XenDesktop" or something like that, and VMWare is "VDI", can't remember right now.

    rwmidl laid it out pretty well. User connects to VPN, all work is done from the virtual desktop, and not from the users PC, so all data is stored within your network, no need to worry about backing up over slow remote connections.

    You don't have to use webmail... You can run Office from within a virtual desktop. We have home transcriptionists using the full Office 2010 suite inside of a virtual desktop, they are our first deployment of the technology, and it has worked out very well. They VPN in from home then launch their virtual desktop to do all their work. We're planning to spread this to other areas as much as possible.

    Oh yeah totally use the Office suite within the virtual desktop. I was mentioning webmail in that you are not tied in to logging in to vpn/virtual desktop to check email, nor are you tied to using company assets (ie company laptop with Office/outlook installed) to check email.
    CISSP | CISM | ACSS | ACIS | MCSA:2008 | MCITP:SA | MCSE:Security | MCSA:Security | Security + | MCTS
  • rwmidlrwmidl CISSP, CISM, MCSE, MCSA, MCPxAlot Worldwide AvailabilityPosts: 807Member ■■■■■■□□□□
    Everyone wrote: »
    Another thing worth mentioning is how easy the backups are. You can take snapshots of the virtual desktops and have a complete point in time image of it.

    You'll still want to do home drives, and folder redirection if you aren't already. I.e. My Documents points to H:\username\Documents, and "H" is mapped to \\fileserver\$home\username or something along those lines.

    Agreed. If you do utilize virtual desktops I still would use/implement home drive and or folder redirection. The last shop we remapped via the users account their home drive plus with some scripting we had the script check with groups the user was a member of and mapped other drives accordingly (we did this when we moved everything from a powervault drive array to a NetApp solution).
    CISSP | CISM | ACSS | ACIS | MCSA:2008 | MCITP:SA | MCSE:Security | MCSA:Security | Security + | MCTS
  • instant000instant000 Posts: 1,745Member
    ^^^
    Just adding to all of the great tips above.
    Depending upon your needs, you can get this done via terminal server, or virtual desktops. Virtual desktop provides a better user experience, while terminal server provides a better resource utilization (from a $$$ standpoint). With virtual desktop, you're giving each user their own windows 7 (or XP or whatever) desktop computer, virtually. With terminal services, you are giving users sessions onto a Windows Server OS computer.

    Terminal Services are solid, but if the terminal server gets issues that require a reboot, you've just affected 25 to 50 users (or more) at a time. Whereas a single virtual desktop having an issue affects only a single user.

    VDI is waaaay dependent upon storage performance, so plan for it accordingly.

    Not sure if you're looking at this from the implementation side, or just the recommendation side, to throw ideas out there with your coworkers.

    I'd be most concerned about the security of the netbooks, but I think there are even solutions for "offline VDI" if you want to explore that some. Not sure if those have incremental updates, as I stopped investigating it last summer when my employer at the time decided to go with Xen App over Xen Desktop. Probably due to the fact that I got up the pilot of Xen App quite speedily, but the guy who'd gone to the Xen Desktop class couldn't get the pilot up at all. ... I tried to say it wasn't a good idea to send someone inexperienced in Citrix to that course and expect the world after a week of class, but that's neither here nor there ... maybe I was just jealous that I did not get to go to the Xen Desktop course.

    EDIT: I only mentioned offline VDI, because you kept mentioning the satellite connections, and I was wondering if those were unreliable in nature, or just low on bandwidth. If unreliable, then you need some way for them to cache work locally (but this just brings up security issues ... don't want it to be like the misplaced laptops, and I'm sure your employees lose EQ from time to time, with 30,000 of them, odds are that it happens every so often.) If just low on bandwidth, then remote sessions to a terminal server or a virtual desktop will be just fine. I'd recommend Microsoft Terminal Server (RDP) on the low end, and Citrix (ICA) on anything else.

    EDIT2: Licensing. It goes without saying, with running Citrix, it's on top of the Microsoft stack, so you have to pay licensing to both parties. Don't get blind-sided by the licensing costs.
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
  • rwmidlrwmidl CISSP, CISM, MCSE, MCSA, MCPxAlot Worldwide AvailabilityPosts: 807Member ■■■■■■□□□□
    One thing to add. Not sure what industry you are in, but one thing to add to management if you think the virtual desktop solution would work, is this could help with your DRP/BCP. Example - you work in a call center. We have an outbreak of the Wales String Bean Flu (made that up). The office is closed. But, with virtual desktops and some phone redirection (I'm not a telecom person but I believe with Cisco's voip solution there is a way to redirect call trees to home phone #'s or something), those users who are "well" could still answer/man the phones and handle customers inquiries through vpn to their "virtual" desktop.
    CISSP | CISM | ACSS | ACIS | MCSA:2008 | MCITP:SA | MCSE:Security | MCSA:Security | Security + | MCTS
  • it_consultantit_consultant Posts: 1,903Member
    I have had limited success with VDI or XenDesktop, not because they don't work but because having 2 desktop interfaces confuses the crap out of users. Using traditional XenApp may be preferable.
  • N2ITN2IT Posts: 7,483Inactive Imported Users
    Gents,

    Thanks for taking time out of your day to provide some outstanding solutions. I am going to plow through some of these and see if one is a potential option. This data transfer tool is bizarre. I come from several environments who utilized personality backups via USMT and other solutions. Like Altiris from Symantec. '

    Let me go through some of these ideas, in my position I can only recommend, which I have been asked so it's not like it's unsolicited or not warranted.

    Thanks again. Culture is going to be the biggest hurdle, well and maybe money!
Sign In or Register to comment.