Blog

Enterprise Laptop Desktop Backup – Backup Initiator!

This post is part of a Series on planning for Enterprise desktop laptop backup in your organization.  Whether you are considering software or online options for your enterprise PC backup solution there are several items that need to be considered and this series takes a look at those items.  In my last post, I explored the need for restartability, i.e. the ability for a desktop laptop backup application to automatically handle environmental errors as they happen and resume the operation exactly where it was interrupted after the error condition has gone away.  In this post, I'll discuss who should initiate the desktop laptop backup: the backup server or the PC itself.

Who initiates the desktop laptop backup: the PC or the Backup Server, is a key consideration.  Many backup products with roots in server backup have the server initiate the backup, but that doesn't really work for the PC because of the following reasons:

• Unreliability: unlike a server, which is always running, the desktop or laptop may be switched off at the time of the backup - causing the backup to fail. This is a problem on two fronts: first the PC is not backed up; second the backup server will report a failure on its management console or report. The second problem is an issue because in an enterprise with a large desktop laptop population the administrator may have to deal with hundreds of such failures on a daily basis.
• Won't work for VPN connections: if the PC is connecting over VPN, it may not even be reachable from the server because the DNS doesn't usually reflect the VPN connection address of the PC - making the PC unreachable from the server. This is actually a really severe problem because your remote users who are perhaps the most vulnerable to data loss are primarily connecting over the VPN and they would be exposed for a long period of time.
• Security Risk: When the server initiates the backup, it requires that there be an incoming TCP/UDP port open on the PC to allow the server to connect. This is a major security hole in this day and age of mobile and remote users who are constantly using their laptop at various public WiFi spots: airports, cafés and the like. Security at these public WiFi spots is already suspect, but having an open incoming communication port via a hole in the PC firewall is simply inviting trouble.
• Poor Recovery Point Objective (RPO): Server initiated backup of the enterprise laptop desktop population can have a poor RPO because of two reasons: first the PC may be switched off or unreachable from the server for long periods of time (only connected over VPN), and secondly the PC may have a large amount of data to be backed up but until the server successfully initiates the backup the data won't be backed up - increasing the risk of data loss.

The best enterprise class solutions have the desktop or laptop initiate the backup connection to the server.  This ensures that whenever all PC conditions are favorable to perform backup (i.e. not in use, connectivity is available etc) a backup can be performed.  Of course this means that the backup server needs to be enterprise class, i.e. should be able to handle a large number of concurrent incoming connections, so make sure that you're aware of the peak capacity for the backup server you're looking at and the behavior when the load exceeds peak capacity.