We were all thrown into a whirlwind of activity with North Plain's (NP)  notice this year of the End of Life of SGL's FlashNet for Xinet. Here's the State of the Nation with regard to Archives:

In the immediate near term there's a great new archiving solution using modern software. The builder of the integration has a long history of writing to exactly this space, and his current tools allow restores from FlashNet as well. For the medium term, we can help you setup a system that will give you easy access to archives using the familiar tools, while you restore as much legacy archives as you feel needed. Long term- you restore files using the base FlashNet software, for as long as you can find hardware that will support the tape technology in use at time of archive.

SGL's FlashNet is going away, and in it's place we'll be relying on Archiware's P5 Archive. This backup software is robust, modern, with a hugely enhanced toolset, and a long history or being present in this exact space of Graphic Arts. We're excited by the options and capabilities it presents, from hyper-intelligent backups to much better hardware support, to a modern web-based interface. Archive to Disk? check. Perpetual intelligent incremental backups? check. Ability to offload backup off primary disk to either other disk or tape? check. It's great stuff, and we can't wait to help you getting  it in place and using it.

FlashWeb and it's recent replacement WebNative Archive are going away, being replaced by InPress' OnFile. InPress has been building solutions for Xinet for forever, and has a rich history and understanding of how to write robust code for the ecosystem. They have hundreds and hundreds of instances of InPressive and Accelerator out there, and a great tool set that enhances the Xinet experience. NAPC has been doing business with them for years, and are really excited and pleased by North Plains choosing of InPress as the heir to building out the interface between Xinet and Archive. Jorgen and Co. are well on the way to an initial release that will fulfill the common need- an easy way to find archives, submit them for restore, monitor progress, or ask an admin to restore files.

The other large concern we've been facing is how to ensure continued access to legacy archives. SGL's licensing machine is going dark next summer, so if there's a HW failure that requires a new license, one won't be available after that, which is a crippling prospect. We've worked out with NP a strategy for setting up a legacy restore server: a separate, static Xinet setup, one that has a small license but full access to archives through the web interface, to allow for easy user restores while a larger restore operation takes place. We're envisioning this as a small older server (or VM) with the older tape library attached.

In the longer term, for 'deep' archives that weren't worth the effort of restoring in bulk, you'll be able to attach a standalone drive to an even smaller box, and restore the very occasional file through the much beloved X interface. There's never been a license needed for FlashNet to restore through a single tape drive, licenses are only needed to drive a robot or to use the higher level functionality.

We're all over this- we understand the value and need for robust archiving and access to the lifework of your company. Please let us know if you have any questions, concerns, etc..., etc....

rob

"BEIJING: Cyber attacks that stole information from 141 targets in the US and other countries have been traced to a Chinese military unit in a drab office building in the outskirts of Shanghai, a US security firm alleged Tuesday." - Reuters

Google, Facebook, New York Times, U.S. Chamber of Commerce, Nortel Networks hacked. What chance do you stand?

If you can't trust your hardware, what do you trust? Information. Information is the key to both preventing and recovering from cyber attacks to your infrastructure. The right set of tools can be essential in protecting your data, digital assets, and your peace of mind.

1. Firewall - The first line of defense.

This is reasonably straightforward, however you need to be sure you're getting what you expect. Newer hardware from Cisco, Sonicwall, HP and Dell should be fine. ZTE not so much. Keep your hardware reasonably up-to-date to ensure the best security at the perimeter. Older, unpatched hardware is just open door.

2. Identity Management - a means of authentication and Identification. You need to know who is in your systems.

You need to maintain a centralized store of usernames and passwords. Islands of unmanaged identities is questionable if it is resides inside your firewall or even worse, on your DMZ. Ensuring that you are both recording login failures and password lockouts is also an essential part of prevention. If you have stores of unmanaged accounts that provide access to anything on your network you really need to make those go away. This is the achilles heel of any security-conscious company.

3. Authorization - You need to know who can do what.

You need to manage what levels of access every account in your organization has. This means that each role in your company should have an assigned set of requirements for infrastructure access, and that should determine exactly what their needs are for privilege requirements.

4. Auditing - you need to know what they are doing or what they did.

Log as much information as possible and review that information regularly. It's often the case that after the forensics on a hacked system that evidence of the compromise was there weeks or even months prior to the system actually being hacked. In fact we've found it's more the rule han the exception. Hackers are lazy, and typically will simply run automated scanning scripts on entire ranges of IP addresses looking for vulnerable systems. They often don't come back to the list of systems until they have some need later on. In many cases you can prevent a system compromise by simply being diligent in monitoring your systems.

5. IDS/IPS - Intrusion Detection and/or Prevention system.

"IDS" if you are unaware stands for Intrustion Detection System. These are typically network-resident systems that monitor network traffic and analyze it for potential nefarious conditions. Some of these systems rely simply on being able to promiscuously monitor all network packets, however some actually use client-installed detection systems that read directly from the machines in question. Using a combination of a well-designed IDS and IPS (Intrusion Prevention System) it's pretty much assured that you will prevent 99.9% of network/server compromises.

The part not discussed here is the likelihood of individual vulnerable systems either becoming compromised or becoming vectors for compromise. Some of this can be mitigated by the items above, however it's not silver bullet. The primary goal of the above is to prevent unauthorized access to your critical systems. Preventing access to your desktops, laptops and mobile devices is going to be a much more difficult job.