Backup policy

Discussions around the setup, operation, replacement, and disposal of clerk computers, not to include using MLS
aclawson
Senior Member
Posts: 712
Joined: Fri Jan 19, 2007 6:28 pm
Location: Commerce Twp, MI

Backup policy

Postby aclawson » Wed Jan 19, 2011 5:26 am

Is there any policy that prohibits wards from using the stake clerk machine as an offsite backup repository? The rule as I understand it is that you can't store data on external servers, but since all of the units have a broadband connection is there any reason why we couldn't set up a VPN and copy the data to the stake? It would be encrypted in transit, couldn't be intercepted and if a machine crashes or gets stolen data recovery is painless. If a building is destroyed by fire or storm then setting up at an alternate site would be painless as well. No USB drives to take offsite and lose, or forget to take offsite.

Is there an explicit policy against this or is it something that the stake president can authorize?

User avatar
aebrown
Community Administrator
Posts: 14693
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Wed Jan 19, 2011 5:48 am

aclawson wrote:Is there any policy that prohibits wards from using the stake clerk machine as an offsite backup repository? The rule as I understand it is that you can't store data on external servers, but since all of the units have a broadband connection is there any reason why we couldn't set up a VPN and copy the data to the stake? It would be encrypted in transit, couldn't be intercepted and if a machine crashes or gets stolen data recovery is painless. If a building is destroyed by fire or storm then setting up at an alternate site would be painless as well. No USB drives to take offsite and lose, or forget to take offsite.

Is there an explicit policy against this or is it something that the stake president can authorize?


I don't know of any specific policies against this. But I would note:

  • From what you wrote, I didn't see any provision for dealing with the data for the wards that meet in the stake center. If the stake center burns down, you've lost your backup and your backup of the backup.
  • Section 13.3.3 of Handbook 1 says that the STS is supposed to make sure that backup files are stored away from the building. You're not meeting that provision for the stake center.
Questions that can benefit the larger community should be asked in a public forum, not a private message.

aclawson
Senior Member
Posts: 712
Joined: Fri Jan 19, 2007 6:28 pm
Location: Commerce Twp, MI

Stake center backup

Postby aclawson » Wed Jan 19, 2011 6:15 am

If the policy allows it then obviously the stake data could be backed up to one (or more) of the ward machines.

russellhltn
Community Administrator
Posts: 20781
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Wed Jan 19, 2011 10:48 am

aclawson wrote:any reason why we couldn't set up a VPN and copy the data to the stake?


Assuming that you have church firewalls (as required by policy), I think you'll find that you are on a VPN with unique private IPs in the 10.x.x.x domain. However, I'm not sure as the network allows meetinghouses to talk to each other. If not, I'm not sure how you would get another connection without going though a third party or tampering with the existing system.

It should also be noted that CHQ makes a monthly off-site backup, automatically. IIRC, this was set up after the policy for computers came out. I find it interesting that Handbook 1 outlines requirements when the STS doesn't have access to that manual. I guess I need to talk someone.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

User avatar
aebrown
Community Administrator
Posts: 14693
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Wed Jan 19, 2011 10:54 am

RussellHltn wrote:It should also be noted that CHQ makes a monthly off-site backup, automatically. IIRC, this was set up after the policy for computers came out.


No, monthly backups have been done by CHQ for several years now, and the current policy is dated 18 August 2009. However, the computer policy only mentions "regular backups"; it's the current Handbook (dated November 2010) that talks about offsite backups (but the 2006 edition said the same thing).

RussellHltn wrote:I find it interesting that Handbook 1 outlines requirements when the STS doesn't have access to that manual. I guess I need to talk someone.


Assistant stake clerks should have access to the file copy of Handbook 1 that is given to the stake clerk.
Questions that can benefit the larger community should be asked in a public forum, not a private message.

russellhltn
Community Administrator
Posts: 20781
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Wed Jan 19, 2011 10:56 am

aebrown wrote:Assistant stake clerks should have access to the file copy of Handbook 1 that is given to the stake clerk.


I've seen that as a gray area in the past. Is there a reference for that? (I have a feeling about to step into Catch-22) ;)
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

User avatar
aebrown
Community Administrator
Posts: 14693
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Wed Jan 19, 2011 11:09 am

RussellHltn wrote:I've seen that as a gray area in the past. Is there a reference for that? (I have a feeling about to step into Catch-22) ;)


I know that the stake clerk's copy of Handbook 1 is specifically referred to as a "file copy" (unlike the copies for everyone else). Perhaps our stake has been reading too much into that, but that is made available to all the assistant stake clerks for reference. I'm having a hard time understanding why else it would be described differently.
Questions that can benefit the larger community should be asked in a public forum, not a private message.

aclawson
Senior Member
Posts: 712
Joined: Fri Jan 19, 2007 6:28 pm
Location: Commerce Twp, MI

Postby aclawson » Wed Jan 19, 2011 11:15 am

RussellHltn wrote:Assuming that you have church firewalls (as required by policy), I think you'll find that you are on a VPN with unique private IPs in the 10.x.x.x domain. However, I'm not sure as the network allows meetinghouses to talk to each other.


I've asked global services if the meetinghouses could talk to one another and they didn't know offhand. They said they'd look into it and with that my question vanished into the system.

RussellHltn wrote:If not, I'm not sure how you would get another connection without going though a third party or tampering with the existing system.


As I understand it the prohibition is against storing data on third party servers, not against transit across third party networks - but since all internet communications involve transit across third party networks the policy can't reasonably be concluded to prevent that.

The specific setup I have in mind is using the free version of Hamachi from logmein.com :

"The free version of LogMeIn Hamachi² can be used 100% free for non-commercial use and is limited to 16 computers.

Non-commercial use is defined as individuals using the product for personal use, such as a gaming or family network, and non-profit institutions (as defined by the IRS as a 501c corporation or similarly situated international non-profits)."

I don't know if any stakes have more than 16 units but for most (all?) it should work perfectly well. The hamachi client negotiates the connections through the firewalls. Joining a node to the VPN requires authentication and approval in addition to the logins at reboot. All communications are encrypted point to point, each machine is assigned an IP address in the 5.x.x.x range and the VPNs work through existing firewalls as does all other software. As far as I have been able to determine the stake president can authorize these plans.

RussellHltn wrote:It should also be noted that CHQ makes a monthly off-site backup, automatically. IIRC, this was set up after the policy for computers came out.


But that is only for the MLS data, correct? All of the wards I know have other files that they would want to be backed up - records of sacrament meeting speaking assignments or maps and driving routes for example. In addition to the MLS data (which should be backed up offsite weekly) there is also the My Documents folder that needs to be considered.

RussellHltn wrote:I find it interesting that Handbook 1 outlines requirements when the STS doesn't have access to that manual. I guess I need to talk someone.


I noted that as well, but figured that I'll just look it up in the file copy in the clerk's office for now.

harddrive
Member
Posts: 445
Joined: Thu Jan 03, 2008 7:52 pm

Postby harddrive » Thu Jan 20, 2011 6:59 am

aclawson wrote:I've asked global services if the meetinghouses could talk to one another and they didn't know offhand. They said they'd look into it and with that my question vanished into the system.



I will do some checking this weekend to see if I can ping the firewalls at one of my other units in the stake. I just need to know the IP address. I will let you all know.

User avatar
Mikerowaved
Community Moderators
Posts: 3133
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Postby Mikerowaved » Thu Jan 20, 2011 1:41 pm

harddrive wrote:I just need to know the IP address.

The 10.x.x.x IP address is usually printed on a label stuck to the Cisco firewall.
So we can better help you, please edit your Profile to include your general location.


Return to “Clerk Computers”

Who is online

Users browsing this forum: No registered users and 1 guest