Managed Desktop Devices at Scale — SolarWinds TechPod 029

Stream on:
What do IT managers and managed service providers (MSPs) have in common?They both manage a sea of desktop devices.Join the SolarWinds MSPHead Nerds while they discuss the challenges and successes of deploying, managing and securing the multitude of desktop devices in various environments. Related Links Episode Host Eric Anthony Head Operations Nerd, SolarWinds A long-time member of the IT services community, Eric began his career in IT by opening his first break/fix business in 1992.After a couple of c-level management positions in manufacturing and fashion, he returned to IT in 2007 to start an MSP.After selling his MSP, he joined the GFI Max team which has now evolved into his current role as Head Operations Nerd at SolarWinds MSP where he continues to engage in the IT services community daily.Hes a frequent contributor to theSolarWinds MSP blog and hosts many webinars through the MSP Institute to help MSPs grow and succeed. Episode Guests Marc-Andre Tanguay
Head Automation Nerd,
SolarWinds Marc hasexpansive experience in the MSP space. Having worked as an internal IT support engineer for multiple MSPs, Marc has a real understanding of what SolarWinds MSP customers truly go through on a day-to-day basis. In addition, Marc has worked as an automation developer for four years and has written over 200 automation objects for SolarWinds, making him a perfect fit to elevate the SolarWinds MSP automation community and take automation in our platforms to the highest level. His experience working one-on-one with hundreds of MSPs with SolarWinds—helping them create, optimize, and employ some of the strongest automation processes in our industry—will most certainly help to achieve our goal of becoming the leader in automation. Gill Langston
Head Security Nerd,
SolarWinds Gill Langston is Head Security Nerd for SolarWinds MSP. His focus is helping MSPs increase awareness of current security issues and trends to improve protection for their own business—and their customer offerings. Gill’s background is in SMB- and MSP-focused security products, including endpoint antivirus, web protection, patch management, log and event monitoring, advanced endpoint protection, next-gen firewalls, vulnerability management, and email protection. Gill has served in product management roles at GFI Software,ThreatTrackSecurity, Avast, and Qualys. Eric Harless
Head Backup Nerd,
SolarWinds Officially named as Head Backup Nerd for SolarWinds MSP,Erichas over25years ofdata protectionexperienceand has heldsenior-levelproduct management, marketing, system engineering, sales, and customer supportroles withseveral data protection and disaster recovery vendors, includingFalconStorSoftware, Symantec, CA Technologies,CommVaultSystems, Yosemite Technologies, and Veritas Software.  

Episode Transcript

Announcer: This episode of SolarWinds TechPod is brought to you by SolarWinds N-central Remote Monitoring & Management platform. N-central can manage from 100 desktops to tens of thousands. Keep devices patched, secured, and backed up while also providing quick and easy access for remote support.

Eric A.: Welcome everyone to SolarWinds TechPod. I’m your host, Eric Anthony. And I’m joined today by my fellow Head Nerds, Marc-Andre Tanguay, Gill Langston, and Eric Harless. Each of the Head Nerds has their own specialty. Marc is our automation guru. Gill has spent over a decade managing various security products. And Eric Harless has done very much the same thing across the backup space. As for myself, I owned and operated my own IT services companies for a little over 16 years. Now, in this episode, we’re going to discuss the importance of, and the challenges, around managing desktop systems and users at scale. So the way I’m going to introduce our panel today is I’m just going to ask some challenge questions that are going to introduce them, as well as give them an opportunity to talk about these questions. So, what are some of the challenges to managing desktop devices at scale? Gill, our security nerd, what do you think about that?

Gill: Yes. So that can always be a big challenge, right? One of the most important things I would say that across the board with security is it’s only effective if it’s either installed or configured everywhere, you have the right settings set up, you make sure that you’re looking for the right thing. When you’re dealing with a really distributed workforce or desktops in a lot of different locations, the number one thing you really need to be able to do is make sure that you understand all the assets that you actually have out there. Making sure that you’re also then deploying whatever type of security that is to everyone, right? That you’re filling the gaps.

Gill: All it takes is one or two systems that aren’t properly protected to be the source of a breach or an infection, or something like that. So making sure that at scale you can ensure that security is installed. And then secondarily, monitoring it to make sure that it’s functioning properly. And then identifying the right alerts, the things that need to be bubbled up, that you then need to pay attention to, to investigate further. Those are all challenges when you have a large amount of devices, especially when some are appearing and disappearing, is making sure you have coverage, making sure you’re monitoring, and then making sure you’re alerted about the right things.

Eric A.: Important things to consider for sure. Now Marc-Andre is our automation nerd. Marc, what do you think when it comes to automation and the challenges of managing these desktop devices at scale?

Marc-Andre: Yeah. As you grow your deployment and as you scale upwards, one of the biggest thing that I find is people struggle to deal with different OS’s. Not everyone is able to standardize and say, everybody’s on the latest build of Windows 10, and do this. And they end up some of them fall behind, some of them are not refreshed for a few years. Some of them need those old machines for a variety of reasons. And then you’re stuck with a very mixed bag of devices with different OS’s. Being, different Windows, Mac, things like that. And then it’s a difficulty as you scale up. Definitely.

Eric A.: All right. Now, lastly, our backup nerd, Eric Harless, what do you think?

Eric H.: I guess non-standardization is probably the biggest challenge I run into. I see it in MSPs who are handling many companies. You see it at the enterprise level, but you also see it at the small- to mid-size business as well. It’s when you’ve got systems from different manufacturers and different hardware specs, or different OS manufacturers and all the different versions that are currently supported or unsupported, if you will. All of those, plus the range of applications, are going to make it very challenging to identify what data is important and where the data is. And then determining how long you need to retain the data for.

Eric A.: Awesome. Now, Eric, to stick with you. Let’s change the challenge conversation a little bit. Instead of managing desktop devices, what are some of the challenges around managing desktop users at scale?

Eric H.: Ah, well, it’s the user himself. That experience level of the user that can create the most challenges. For example, can the user perform their own restores from a self service perspective if they need to? Or, the user’s work habits, their behaviors, the fact that they’re judicious or not about storing data in the right location, be it on a server or a designated data folder on their machine. Instead of putting it into the download directory, or on the desktop or in an email. And then finally, not knowing that the user is going to be online, or the machine’s going to be online can be a challenge. Is the user putting the machine to sleep or into hibernate mode, shutting it off at night, are they taking it home and leaving it off over the weekend? All of that can add unforeseen issues to your backup.

Eric A.: Yeah. And great things to think about. Marc, same question to you in regards to automation.

Marc-Andre: Yeah. From an automation standpoint, as the users become more varied, as you have different users with different needs, I think the hardest thing is to identify these differences in needs and environments, and what they use and what they need, and adapt to it. So you can’t force everybody to use the same software for something, even though you want to standardize. You need to be able to scale while allowing them some amount of flexibility to their personal needs, as far as you can go without just doing everything one off. So scalability along with needs is a very tricky business.

Eric A.: Yeah. That’s an important point. Now, Gill, to bring us back around full circle. About security, what do you do in terms of managing desktop users at scale in terms of security?

Gill: This is one of my favorite subjects, right? I mean, in the security community a lot of time the joke is that this job would be a whole lot easier if it wasn’t for those pesky users. What I mean by that is, the users are the ones that might click on a phishing email. They might click on an attachment that causes an infection. They might be reusing a password that they used in a social media account that experienced a breach a year ago. What’s important about all of those things is, users are people, they do human type things. Making sure that they understand their role in security is absolutely critical when it comes to users at a large scale, if you will. Because at the end of the day, they don’t always understand all of these risks. We do, in the IT community, because we live in every day, but they’re just trying to get their job done. At the end of the day, making sure they understand that they should be using more complex passwords, make sure that they understand what proper behavior is.

Gill: And also having some policies and processes around what to do if you do experience something that seems a little off, right? So really, users is, besides all of the packages and solutions and things that you can deploy, making sure that those users understand their role is one of the most important pillars of security. Now that being said, I want to talk to you for a minute though, Eric. Let’s talk about some of the solutions. We’ve talked already about some of the challenges, and so how are we going to solve those? One of the things that I think has run through all of our comments about this, really, is there’s monitoring and there’s alerting, right? Understanding the situation and being able to be alerted to things that are important. What are some of the specific solutions that you can use to make sure that you are monitoring at scale all these different desktops?

Eric A.: Gill, you’re absolutely correct. One of the things that we really need to worry about is, how do we proactively monitor and manage these devices? And what we use for that is a tool that’s commonly called a remote monitoring and management platform. So those remote monitoring and management platforms, which we typically call RMMs, and I’ll probably call it that because it’s much shorter, for the rest of this conversation. But we can use those platforms to do a number of different things for these desktop systems and their users. Number one, you can monitor these systems. You can actually set up monitoring services that go in and check things like memory usage and hard drive usage, and virus status, or antivirus status, things like that. To give you a vision into not only the client environment as a whole, but down to the individual device level. And that allows you to proactively see things as they occur, so that you know what things you need to take care of.

Gill: I mean, that’s a great advantage, right? I mean, you can proactively monitor. But I can imagine, sometimes that can be a double-edged sword as well though. I mean, you’re monitoring a large amount of devices. So what would really be the disadvantages to be able to monitor that many systems? What are some of the things that might come up there if you’re monitoring at scale?

Eric A.: Yeah. The conversation we’re having today deals with scale, right? So what happens when this thing grows and you have not just hundreds of devices, but thousands of devices, or even tens of thousands of devices? If you’re getting service alerts, or alerts generated by those monitoring thresholds being breached, you can generate a lot, a lot of noise when it comes to that monitoring. So that’s the big disadvantage. Because what happens is when you get so many of those alerts, they tend to overrun your technicians. They overrun your support queues, and it can create a real problem when it comes to managing that many devices.

Gill: So it’s really all about prioritization and making sure you’re looking at the right one. How would you go about doing that? I mean, you take all of these alerts, all of this stuff that’s just flowing in, some of it important, some not important. How do you manage all of those different alerts?

Eric A.: Well there’s three main ways that you want to manage these alerts. Number one is, you only want to have the right alerts, the alerts that you need on those devices. A case in point, a lot of times when you install a third party AV onto a device, we don’t stop monitoring the old antivirus, or the built-in Windows Defender. And so a lot of times Windows Defender is smart enough that it’ll turn itself off and not update anymore. But the third-party antivirus is taking over that role, but the RMM is still monitoring Windows Defender for updates.

Eric A.: And so you’ll start getting errors. So it’s very important to make sure that if you’re doing something like that, if you’re replacing a backup program or an AV, or something that you’re monitoring, that you’re removing those old checks or those old monitoring services as well. The second thing is to make sure that your thresholds are set correctly, make sure that the thresholds are set so that you’re only getting alerts or creating tickets when the device is actually in a state where you need to take a look at it. Now, there are some other things that you can do around automation, and I’m sure Marc can dig into that further. But you can also set up self healings that would automatically resolve some of those as well. Now the last thing is, a lot of people use their PSAs or their ticketing systems in conjunction with their remote monitoring and management platform.

Eric A.: And the important thing there is you want to make sure that if you’re taking alerts from your RMM solution and pushing those over into your PSA, there’s a couple of things you want to do, or your help desk system. You want to make sure that, first of all, they are going to the right people and only the right people. So those alerts need to create tickets that populate the right queues, so only the right technicians are the right help desk support people can see those tickets and they’re not bubbling up to any other techs who don’t need to see them. The other thing is to make sure that, again, there’s some routing and there’s some timing things that you can do in your typical help desk or ticketing solution to bubble up and prioritize those tickets that are more important, so that you’re getting to the more critical tickets first.

Gill: So what I’m hearing is, while alerting allows you to set and forget a lot of those, you still do have to go back and periodically review those, keep them clean, make sure that you’re being alerted about the right things, and then they’re being routed to the right people to address. Now speaking of addressing, so now you’ve got these user requests, you’ve got these tickets that might be started from the alerting. How are you going to remotely support? You’re not going to be able to visit all of these individual desktops, especially if they’re in disparate locations or in a wide scale. So what’s one of the ways that RMM can help with remote support?

Eric A.: Right. In most situations, the RMM platform is also a remote support tool. And so what you want to be able to do, obviously, is be able to remote into those systems. Now we talked about devices at scale. Now we’re switching the conversation to users at scale. Because we’re talking about users calling into the help desk or sending in an email to the help desk, and they need help with something. And old style, when we used to do it a decade ago, we used to have to literally get up from our desk, walk to that user and help them through whatever issue they were having. Now, with remote support tools, and if you have one built in to your RMM solution, it’s very easy. Because not only do you have a remote support tool that you can now use to access that device remotely, but you also have all of this information about this device at your fingertips.

Eric A.: You know how much memory it has, you know how much hard drive it has, you even know how much of that hard drive is being used. You know what applications are on the device. So you have a much better picture when you’re remoting into that machine of what you’re dealing with before you even get to the screen. Now in addition to that, in the RMM platforms, you typically have background remote options as well, where you can look at what services are running, or sometimes more importantly, not running. You can see what processes are running. You can even kill processes or start processes. You can look at the current performance indicators of the device. There’s a lot of things you can do in that way that doesn’t even interrupt the end user, but allows you to maybe solve their problem without actually taking over their screen.

Gill: That sounds like it’s super important, especially today, right? I mean, a lot of us are working at home. Or at least some kind of a restricted partial work from home situation. But at the same time, people like to work at a lot of different locations. Does that pretty much mean that no matter where you are, you’re at a coffee shop, you’re on a vacation, or you’re simply working from home, that support follows you around wherever you go?

Eric A.: Absolutely. Almost every remote monitoring and management platform that I’ve seen allows you to put an agent on the individual device. And what that does, is no matter where that device is, it allows you to be monitoring it and remote into it, as well as provide the same security features that you would be able to provide elsewhere.

Eric A.: All right, so let’s change the conversation a little bit and talk about automation. So Marc-Andre, are there any tasks that you could improve, talking again about scaling of devices, could you improve with automation when it comes to monitoring and managing these devices at scale?

Marc-Andre: Yeah, there’s always more that can be done. I have yet to find someone that I’ve talked to or met or visited, that’s told me, oh, I’ve done everything. There is nothing left to automate. And so typically I say, start by looking at all the common issues, things like that, and find things to proactively remediate problems so you don’t have to build with them by hand. So if your user complains about an app starting after the reboot and it’s taking a long time and causing problem, well you can script to remove it from the auto startup. And if it’s one of those apps that adds itself back all the time, you can actually just have your script run every day or a couple of times a day to make sure it’s not in the list anymore. So that’s just a very simple example of what you can do with that. And there’s obviously always more to do.

Eric A.: All right, now I know that you talked to a lot of customers on a regular basis. You and I do a lot of boot camps together when it comes to automation. What’s the most common question people ask when they’re trying to get started with automating some of these IT tasks with a remote monitoring and management platform?

Marc-Andre: It’s going to sound like a very simple question, but the most common thing that people ask me is, “where do I start?” And it’s actually a quite simple answer. You don’t want to reinvent the wheel. It’s been invented, it works well. Everybody’s happy with it. And it’s the same thing for automation. There’s already a lot of automation available out there. So first I recommend, look at what available training your RMM vendor has. Because it’s usually a lot of it will be platform specific. So look at what’s available as far as training, like the boot camps that we do on our stuff. Or trainings available in to the training platform, the LMS for that vendor. Then from there, some vendors will also have community websites, forum, sharing sites, or other mechanisms, like our automation cookbook, that you can put automation created by the vendor or by third parties.

Marc-Andre: And that’s a good place to start. If you go through this and you imagine that with some of your tickets, you go, “hey, wait a second. I know I see the script to do so and so,” and you can go and grab it off that site and reuse. Obviously vet it first, and don’t just blindly trust everything. But at least it gives you a good starting point to just easily tackle tasks.

Eric A.: All right, now I know that you and I, because of our backgrounds, have a little experience in programming languages and coding. If they’re going to try and automate some of these tasks, is there a programming language like PowerShell or .net that they should be looking into and learning?

Marc-Andre: Yeah, it depends greatly. It depends on the need. It depends on what RMM platform you use. It depends on a few things. To dive into it a little bit, some RMM platforms to begin with that they require that you upload your own script, be it PowerShell, VBS, Batch, Python, you name it. And that means that you would have to learn, sadly, some basics to at least read through what’s available so that you don’t just blindly take whatever script is available. So at least you need to learn the basics if that’s what you have.

Marc-Andre: Some platforms will offer some kind of interface where you can just pseudo code or drag and drop different blocks of automation. And they all have different capabilities, different extent. And you want to use those as much as you can, so that you don’t have to learn as much coding. In either way, I typically recommend to people that ask me that question, because I get this asked all the time, is at least take a PowerShell primer. There’s a ton of good ones online, some free, some paid. Pick one. And this will at least give you a good basic understanding of scripting in general. And PowerShell, being a very simple and unified language, it’s used everywhere now.

Marc-Andre: Being on Windows, on Mac, on Linux with PowerShell Core. It’s a good one to know, and it’s always good knowledge. I always recommend, start from that. And if you feel like you need more, go for it, go more in depth. But at least a good primer would be my starting point for that.

Eric A.: All right. That’s great information. Now, I want to turn to something that I know from personal experience can be one of the things that can really get dicey, especially as you start to scale the number of devices that you’re trying to manage. And that is patch management. So is there a way we can automate that?

Marc-Andre: Yeah. I mean, I mean most RMM vendors will have some level of patch automation. If you’re not using an RMM and you’re just doing it for yourself, you can use Intune, double-U, SaaS. Just whatever it is, pick it and use it. I still find a lot of people, when I talk to them, that literally RDP the servers every month and manually install their patches. On the desktop side they’ll use some kind of little script they found somewhere to hopefully patch it properly. Or they’ll just put a GPUSE patch every time and that’s it.

Marc-Andre: And then they hope it works. And sometimes it does, sometimes it doesn’t. And most platforms that you can use will have a good way to patch. So if you have 10, 20, 30 devices to patch, it’s not that big a deal typically. But when you go up through to 5,000, 10,000, more than that, becomes a scalability problem to just do it by handle, to leverage a basic script. So leveraging your RMM or platform to do 90, 95% of the work, and then coming around to check what’s happening, is going to allow you to scale up and manage by exception rather than managing the norm of everybody by hand. So there’s so much you can automate depending on which platform you use, it’s really worth looking into.

Eric A.: Yeah. I know that when I started using one as an MSP, that was one of the biggest advantages for me to an RMM tool, was that I was able to deploy those patches out mostly automatically. Another thing that, in my experience also is difficult to manage when you scale to a lot of devices, is group policy type configurations. Can you do that with an RMM platform?

Marc-Andre: Yeah. RMMs will allow you to do a lot of automation scripting, tinkering with the registry with settings and things like that, natively through their automation platform in all the cases. Or they’ll have scripts available to do so. Given that most, if not almost all, group policy flags are done through the registry these days anyways, it’s actually fairly simple to find out what they are and enact it through a script or an automation of some mechanism that you choose to use through your vendor.

Marc-Andre: What it allows you to do is to go away from relying on group policy for everybody. And the reason that I recommend that, is that I see a lot of people that do automation for one, two, five, 10, 50, or 100 domains. And remembering all the things that they have to do between the different domains themselves, not just domain controllers, but between different domains, different forest, different environments. If you manage multiple environments it becomes incredibly difficult to do it all by hand. Whereas if you use your RMM and say, everybody gets the same setting and we’re done, you know this is the one version of the truth and you’re done. So you can definitely take the time to look at what those group policy items are and automate them through your RMM.

Eric A.: Now let’s turn to security and talk to our security Head Nerd, Gill Langston. And ask him, because this relates to the previous question I asked Marc, are there any group policy security type configurations that you can automate and push and monitor when it comes to these devices?

Gill: Yeah, absolutely. And in fact, that kind of builds into a couple of things we were just talking about. One of the things Marc mentioned is group policies. Great, you create your GPO object, it gets pushed out. But we also talked about how many people are remote. And today a lot of people are using cloud applications, so they’re able to log in in other ways, without having to VPN into a network and be on the domain. So there are a lot of reasons that you can actually use the automation policies and scripting to be able to do some of those group policy type changes.

Gill: One of the ones that comes to mind is one that was pretty recently, Microsoft talked about an SMBv1 vulnerability. Now, as we all know, SMBv1 was supposed to be deprecated long ago, but there are a lot of legacy systems out there that still have it enabled through upgrades from one OS to another. So SMBv1 is still turned on. Well Microsoft is now saying, you really should be disabling SMBv1, most applications now aren’t even using it. So this is a great way that you could actually create an automation script that actually looks and says, yes SMBv1 is enabled. So you’re aware, first off. And then second off, that it disables that SMBv1 functionality. And if you’re remote and you’re not logging into the domain, you’re never going to get that GPO update if you’re doing it through GPO.

Gill: So instead, you could create an automation that would actually go and ensure that SMBv1 is disabled, and that’s one less vulnerability that everybody has on those systems. So there are a ton of things like that, especially when, like Marc said, a lot of them are registry changes. You can actually use the automation platform to change those registry settings, no matter where the system is and whether or not it’s currently on the domain. So it’s super important.

Eric A.: All right. Awesome. Now, speaking more generically in terms of deploying security, is there a way that you can use an RMM product or platform to deploy your security features to your different devices and users?

Gill: Well you hit it on the head earlier when you were talking about how most RMMs, they’re agent-based, right? When you first get started monitoring, what’s the first thing you do? You install that RMM agent.

Gill: Well, in a lot of cases you could deliver multiple services through that RMM platform. A lot of them are security focused. For example, a managed antivirus, an EDR solution, or web filtering, something like that. The beauty of it is, once you have that agent, that foothold if you will, on the device, it acts as the orchestrator of other platforms. So you simply tell it, please enable antivirus, please enable EDR on this particular system. And then the agent handles the download, the configuration. It acts as the communication channel back to the RMM platform. So it really is that one stop that lets you have multiple services running, and then letting that RMM agent orchestrate the communications back and forth. So it really does ease the pain of having multiple solutions out there that you’re managing separately, you’re deploying separately. You have to come up with different ways to push out all these different solutions. And a lot of these security solutions now are agent-based, so that really does speed up that whole deployment process.

Eric A.: Yeah. It kind of is like the Swiss army knife of IT tools, in terms of what it allows you to do. All right, one of the things that you talked about earlier when we brought up the challenges of these devices at scale and securing them, let’s talk about, how does monitoring help with security?

Gill: Sure. There are a couple examples I give. In fact, I gave a few of these in my security boot camp when I was talking about how you can use monitoring for a couple of things. One, to uncover a possible infection that may be starting to spread through your network, but also some breach attempts. So let’s use those two examples, right? First, let’s say that you are, to your earlier point, you’re monitoring the services. You’re making sure that your endpoint security solution is running, is operating.

Gill: Now occasionally you’re going to get little blips, right? You’re going to get that situation where maybe the service is down a very short period of time because it’s updating, it’s upgrading, something like that. But there’s another way to look at this. As we know, a lot of malware these days attempts to disable antivirus. So if you’re monitoring these services to make sure they’re up, and suddenly you start to see several of your antivirus services going down, that could be a leading indicator of a problem that’s coming up. That you might have an infection that’s trying to spread and disable your antivirus or endpoint security on that system. So that’s a great way that that monitoring can actually help alert you to something that might be going on in the environment. And then you can react, investigate, use remote support to then login and check out the system if you have to. I think that’s a really important one.

Eric A.: Yeah. I think that’s great information. And being proactive in terms of security, seeing those things that maybe wouldn’t be caught by a typical tool, but can be deduced by a human, is really important.

Gill: Well not to mention, also that second example I gave. So we’re monitoring, right? One of the features of most remote monitoring agents is that I’m going to take a look and give you some of the top Windows events, for example, that are going on. So one of those monitors would be for failed logins. Well one of the signatures or indicators that you may actually have a bad actor in your environment is a higher instance of failed logins on a device. So being able to bubble that up and say, wow, I understand maybe people mess up their password a few times, but I’m starting to see an uptick in the amount of failed logins across my environment, could mean that you have a bad actor lurking in that environment. And that you need to then start, number one, shoring up your security. But two, starting an investigation to make sure you don’t have an incident on your hands.

Eric A.: Absolutely. Great example. Now when we talk about security, we kind of talk about our last line of defense being our backup. So I’m going to switch over to our Head Backup Nerd, Eric Harless. And we’re going to talk about some things when it comes to scaling these devices. And specifically, dealing with desktops. So Eric, what are the most common concerns or maybe missteps that we see when it comes to desktop backup?

Eric H.: Eric, I think you actually hit it right on the nose in the title there. IT has this general disregard for regular consistent desktop, and I’m doing air quotes there, desktop backups. So let’s call it what it really is, it’s endpoint backup. Because it’s desktops, it’s laptops, it’s tablets, it’s kiosks, it’s terminals, and it’s point of sale devices. Plus, a handful of new Internet of Thing devices out there as well. And this old once per day mentality that a lot of IT pros have around desktops is that they fail to schedule these backups to work when the user or the system is going to be online.

Eric H.: You figure you schedule it for 6 p.m., the system gets shut down or it’s turned off, or it’s taken home, it’s hibernating, it’s asleep during that backup window. So your coverage is spotty at best for endpoint or desktop backups. This device could go days or it could go weeks without these regular backups. And the administrators, they don’t flag these as problems. They’ve gotten accustomed, especially over the summer or over holidays, because the users are on vacation or they’re offline for an extended period of time. So it’s the complacency, if you will, of, “oh, it’s just a desktop, they should put their important stuff on the server, that can cause the potential for data loss.”

Eric A.: Now, in addition to that desktop backup, we’re also seeing, because of a lot of the remote work that’s going on and just the progression to, not just working from home but working from anywhere really. People are using more online sharing tools, collaboration tools, things like OneDrive. Aren’t those effectively being backed up in the cloud? Why would we need to back up the desktops in addition to having that information in the cloud?

Eric H.: Well, Eric, you’re right. In some ways, yes, those are backup solutions, or at least they’re another form of data protection. But there’s other reasons you back up besides data protection, sometimes it’s compliance, sometimes it’s archive. So while they are better than nothing, they’re still file based. And they’re more like version control, or they’re more like replication of production data, not point-in-time backup copies of data. Although some of them do offer versioning and other ways to roll back. What you really should think about though is, what’s going to happen if you have local corruption? Is that going to get propagated up to those offline copies? Or if you have unwanted changes, the user makes a change to a shared document, you lose all aspect of source control chain of custody because all these users have access to this, and it’s accessible from just about anywhere. So it’s a great tool to have, but I wouldn’t put all my eggs in one basket there. They’re subject to user deletion, user error, user omission. There’s a host of other limitations that are out there, and they sync and share applications.

Eric A.: That’s great. That really helps to differentiate why you need an additional backup for that desktop. All right, so what should an organization do to meet that problem or solve that problem?

Eric H.: Well, there’s a couple problems there. Obviously it’s the disregard for the desktops, but there’s the problem around the online sharing tools as well. Obviously you can back up those online tools if they’re synchronized to your local machine, to your desktop or your endpoint. But there’s a whole set of applications that they’re designed for cloud-to-cloud backup to provide another protected copy of that online shared data, and give it the archive quality and the retention that you need for that type of data. So if we talk about at a holistic level of, how do you tackle this problem? You’re going to start by leveraging automation, which we’ve already learned about, to do the standardization of backup deployment. To get it out across all of those end points. Then you’re going to leverage things like data production profiles to set common selections, common exclusions across your different OS’s and device types.

Eric H.: So that way you can obscure the platform differences and the application differences and the hardware differences. You’re going to want to maintain multiple backup copies on different kinds of media at different locations. Like I said, all of your eggs are not in one basket. And that could be a combination of cloud backup in conjunction with local backup to give you greater redundancy and faster recovery. Finally, you’ll schedule those endpoints during the day when the systems are online, or most likely to be online. So that we’ve got better coverage and less chance of the machine being turned off or in a offline or a sleep state. Better yet, think about scheduling those backup store in multiple times per day, because the at-night or the backup window concept, it’s so outdated. Finally, leverage your backup monitoring either in your backup application, so you can do by exception managing, exception management. That way you’re going to see just the errors that pop up and not have to look across dozens or hundreds of devices. Or link it with your RMM and your PSA platforms so you can get centralized monitoring and alerting.

Eric A.: All right, great. Now, is there anything else to consider when it comes to backup, or maybe I should say data protection, when it comes to desktops and workstations?

Eric H.: Well, yeah, protect frequently, but don’t try to protect everything and don’t try to retain everything forever. You really do need to establish some guidelines on what data can be excluded, and then how long you must keep the data that you do protect. Otherwise, it’s going to become very expensive to store all of these copies of data that may not be needed for recovery. Those video files, those music files, those temporary files, the cookies, temporary internet caches, things like that. If it has zero recovery value, why would you protect it in the first place? And of course, it’s going to be problematic to get it off site as well, because it’s going to be overwhelming for the limited bandwidth that you may have in your organization.

Eric A.: All right, great. Thank you, Eric. That was really important information, because we don’t typically think of backing up those workstations a lot. And it’s really important, especially as we distribute out and do more of the work from anywhere type of structure, that we make sure we’re protecting that data. All right, the last thing we have here is we have a rapid fire round of final questions for these nerds. So first up is Marc-Andre. If there’s one thing you should automate when managing desktops at scale, what is it?

Marc-Andre: It would have to be the maintenance for me. So little things that will make a big difference in the environment on a day-to-day basis. Disabling settings that the user doesn’t need, enabling little security flag that you can make the environment better, making sure that your management account is there. Little things like that as you run periodically or make sure your environment stays somewhat standard for you.

Eric A.: All right. Gill, if there’s one thing to make sure you’re monitoring for security on all those desktops, what would it be?

Gill: Yeah. Well surprisingly, yes, of course you need to be alerted when there’s an infection, or something along those lines. But none of that really matters if you don’t have full coverage of whatever security solution that you have installed and operating. To me the most important thing to make sure you’re doing, is that you’re monitoring that the security you have in place is installed, up to date, and functioning properly. That’s where you start with a good security program.

Eric A.: All right. And last, but certainly not least, Eric Harless. When it comes to backup, why should we be concerned about backing up data on the workstation?

Eric H.: Well, that endpoint’s your primary conduit of access, it’s going to be the target of attack from bad actors. So if you think about it, that’s where the largest majority of data, or business data at least, is going to be created or modified. So if you don’t protect it frequently, then when it’s lost, when it’s damaged, when it’s corrupted, you’ve got a significant recipe for data loss. It’s going to impact revenue, impact your business as a whole, maybe even lead to business failure. You’re kidding yourself if you think that the user’s always going to put the data on the server or on the network drive where it’s supposed to be. You’re just leaving yourself open to attack.

Eric A.: Great. Awesome. Thank you guys. That is all the time we have for today. I want to thank my fellow Head Nerds, Marc, Gill, and Eric, for joining me today. And thank you, our audience, for listening. For SolarWinds TechPod, I’m Eric Anthony. Have a great day, and we will see you on the next one.