Ask the Experts

Ask the Experts

• Star schema vs snowflake schema: Which is better?

  Yahoo’s data and business intelligence architect, Rohit Chatter, answers the latest debate, Star versus Snowflake schema, by breaking down the differences, one aspect at a time  Continue Reading

• Backup deduplication process: Target vs source deduplication

  If you’re thinking about implementing a backup deduplication process, read about the key factors to consider when deciding between target and source deduplication.  Continue Reading

• Securing big data: Architecture tips for building security in

  Expert Matt Pascucci advises a reader on securing big data with tips for building security into enterprise big data architectures.  Continue Reading

• Techniques for preventing a brute force login attack

  A brute force login attack can enable an attacker to log in to an application and steal data. Rob Shapland explains how to prevent brute force attacks.  Continue Reading

• File upload security best practices: Block a malicious file upload

  Do your Web app users upload files to your servers? Find out the dangers of malicious file uploads and learn six steps to stop file-upload attacks.  Continue Reading

• Can Hadoop tools ease the brain pain?

  Hadoop tools vendors stress that they can help you to make your data and reporting issues vanish. Know how true this claim is.  Continue Reading

• EU cookie regulations: Advice for firms in the US and other countries

  Expert Alan Calder responds to a reader’s question: Must companies outside the EU change their websites to comply with EU cookie regulations?  Continue Reading

• Finding Mobile device security training courses for IT admins

  Expert Davey Winder suggests some good security training courses for the IT administrator who must manage their organisation’s mobile devices.  Continue Reading

• Forced browsing: Understanding and halting simple browser attacks

  Forced browsing is when an attacker discovers the URL of a restricted webpage. Expert Rob Shapland explains how to halt this browser attack method.  Continue Reading

• How to prevent Facebook hacking and Twitter hijacking

  Organisations should guard against Facebook hacking and Twitter hijacking. Expert Davey Winder discusses Twitter and Facebook security tools that can help.  Continue Reading

• Pros and cons of touch-gesture recognition authentication

  Touch-gesture recognition is an alternative authentication system for Windows 8 mobile devices. Expert Davey Winder examines the pros and cons.  Continue Reading

• Session fixation protection: How to stop session fixation attacks

  Session fixation attacks rely on poorly managed Web application cookies. Rob Shapland answers a reader’s question on session fixation protection.  Continue Reading

• Open source software security issues: How to review OSS for security

  A reader asks how to judge the security of open source software products. Expert Michael Cobb lists three areas to check.  Continue Reading

• The reasons for missing hard drive space on storage arrays

  If you installed disk and didn’t get the capacity you expected, the missing hard drive space can be a result of operating system calculations, formatting, RAID and use of hot spares.  Continue Reading

• What to consider when moving to a flat network topology

  In this guide, learn what to consider when switching from a three-tier network to a flat network topology model, including virtual cluster switching and network fabrics.  Continue Reading

• Adding an old hard drive to RAID sets on servers

  When adding an old hard drive to RAID sets on servers, it’s important to account for factors such as the number of drive bays in the host. See how to configure the drives to the appropriate RAID format for the workload.  Continue Reading

• KPI formation for CDI efforts

  A KPI can help stay on track when assessing any project. Let’s take a look at what are the top three KPIs for a CDI effort.  Continue Reading

• Data quality improvement questions answered

  Data quality is the key that can open the door to reliable and intelligent reports. Learn how to improve data quality easily and effectively.  Continue Reading

• Open source databases: Top challenges to deal with

  Open source databases offer plenty of benefits. But watch out for these hassles; open source databases can be a two-sided sword.  Continue Reading

• test CW eoc answer

  summary text for test CW eoc answer.  Continue Reading

• Backup vs replication: Comparing reliability

  Learn about the reliability of backup vs replication technologies, the strengths and weaknesses of each type of data protection, and what factors can affect their reliability.  Continue Reading

• BI users: More the merrier? Well, not exactly!

  Having many BI users may help you bag the best possible deal. But meeting the needs of the a few BI power users may be easier. Find out how and why.  Continue Reading

• Decoding BI 3.0

  Is BI 3.0 like the Xbox when the older versions are like Atari? Here’s a lowdown on what BI 3.0 truly stands for.  Continue Reading

• Are data analytics techniques dynamic enough for big data?

  Data analytics techniques are in the limelight. Are they a channel to make sense of big data? Get an answer from Yahoo! expert on data analytics techniques.  Continue Reading

• Fibre Channel over IP: What it is and what it’s used for

  Fibre Channel over IP bundles Fibre Channel frames into IP packets and can be a cost-sensitive solution to link remote fabrics where no dark fibre exists between sites.  Continue Reading

• Data analysis, how to get started

  How and when does an organization get started with data analysis? Should it reach a certain maturity level to implement data analysis?  Continue Reading

• Key steps for a successful SAN migration

  For a successful SAN migration, it’s key to understand your current environment and the future state of the SAN, as well as to carry out a testing phase against each platform and migration strategy.  Continue Reading

• Choosing a RAID level depends on capacity needs and data criticality

  In this Ask the Expert, Steve Pinder talks about which RAID level to choose, depending on the criticality of your data or the capacity required.  Continue Reading

• Planning a NAS migration project

  NAS migration requires careful planning around the needs of your organization. In this Ask the Expert, find out which approach to use for an effective migration.  Continue Reading

• FATA disk vs Fibre Channel for Exchange and SQL workloads

  Learn about the differences between a FATA disk and a Fibre Channel drive, and find out how to determine which drive type is better for Exchange 2007 and SQL.  Continue Reading

• RAID 5 explained: Sharing a 10 MB file among 5 drives

  Find out how RAID 5 handles sharing data shares data in a 10 MB file among five drives, including how striping and parity data figure into the equation.  Continue Reading

• Synchronous vs asynchronous replication: Order of events during data writes

  Learn about the order of events during data writes in synchronous vs asynchronous replication.  Continue Reading

• How to set up a Dell EqualLogic configuration in a VMware environment

  Find out what the key steps are for setting up a Dell EqualLogic configuration for an iSCSI SAN in a VMware virtual server environment.  Continue Reading

• Is SAN maintenance easier with virtualised servers than in a physical server setup?

  Find out how SAN maintenance differs in a virtual server environment compared with a traditional, physical server environment.  Continue Reading

• SAN troubleshooting: What are the key steps and best practices when troubleshooting a SAN?

  Learn which tools you need to perform SAN troubleshooting, which metrics point to a sign of trouble, and why granular and regular data collection is important.  Continue Reading

• How does the RAID 5 calculation work?

  Learn how to determine how much capacity you'll have in a RAID 5 drive configuration.  Continue Reading

• What does the parity bit do in RAID?

  Find out how the use of a parity bit protects RAID groups and how it's used as a method for error detection.  Continue Reading

• RAID 4 vs RAID 5: Which one costs more to implement?

  RAID 4 vs RAID 5: Which one costs more to implement? RAID 4 uses a dedicated parity disk while RAID 5 distributes parity data across all drives in the RAID set.  Continue Reading

• Backup Exec problem with external disk target: Why won't it recognise it?

  Find out how to troubleshoot a problem with Backup Exec not recognising an external disk target.  Continue Reading

• Hitachi replication: How do you do replication for HDS arrays?

  Hitachi replication: Find out how to do replication for HDS arrays, as well as which replication method is best suited for AIX servers.  Continue Reading

• How to ensure secure email exchange with external business partners

  When sensitive documents are frequently travelling back and forth between a company and its business partners, email security becomes very important. In this expert response, Peter Wood gives advice on how to create a secure email exchange.  Continue Reading

• Backup best practices: Is it best to use a dedicated backup server or a shared server that also runs

  Backup servers are responsible for scheduling thousands of backup jobs per day and committing thousands of associated backup details to the database. Here are some best practices for dealing with backup servers.  Continue Reading

• Are there Web service security standards or risk assessment checklists?

  As more organisations integrate business-critical functions with Web services, the security of those services becomes of greater importance. But are there Web service security standards whereby businesses can assess that security? Expert Neil ...  Continue Reading

• Dynamic code analysis vs. static analysis source code testing

  Managing vulnerabilities involves a wide array of security testing, including both dynamic and static source code analysis. Learn how the two differ, as well as how they are performed in this expert response.  Continue Reading

• How to include data governance in an MDM development process

  Learn how to include data policies and data governance in a master data management (MDM) development process even if your company doesn’t want to fund data governance.  Continue Reading

• Business intelligence tools: Choosing the right BI product

  There are loads of business intelligence tools out there on the market today. Our business intelligence expert provides some valuable resources for choosing the right BI product.  Continue Reading

• Should we buy data quality management tools or focus on policies?

  Looking improve your data quality? Data quality management tools might not be the best answer. Find out why.  Continue Reading

• RAID 5 recovery: What is the maximum number of physical drives in a RAID 5 configuration?

  Adding drives to a RAID 5 set increases your ROI and the likelihood of simultaneous drive failures, and lengthens RAID rebuild times. So what should be your physical drive limit?  Continue Reading

• How to meet the PCI DSS compliance deadline on an IT security budget

  Learn how to meet the upcoming PCI DSS compliance deadline while sticking to an IT security budget by leveraging existing security infrastructure in this response from expert Mathieu Gorge.  Continue Reading

• Do all drives in a RAID 10 array need to be the same specification?

  We tell you the one requirement when matching drive specs in a RAID 10 array. But will mixing drives of various performance levels compromise your RAID level?  Continue Reading

• RAID 10 vs RAID 50: What is the best way to configure a storage array with 16 1 TB drives?

  Learn the characteristics of RAID 10 and RAID 50, as well as which RAID level is appropriate for your applications. I/O and protection needs contribute to your RAID choice.  Continue Reading

• PCI PTS: Understanding PCI PIN security requirements

  What is PTS, and how does it relate to PCI DSS? In this expert response, learn about the differences between PCI DSS, PA DSS and PTS, as well as recent updates to PCI PTS requirements.  Continue Reading

• Thin provisioning: Over-allocation, wide striping, space reclamation

  Learn how the three main advantages of thin provisioning -- over-allocation, wide striping and space reclamation -- can help you make the most of your storage.  Continue Reading

• SAN vs. DAS: Which is better in terms of performance and scalability?

  Is SAN or DAS better in terms of performance and scalability? Learn why the server configuration you want to support plays such a big role in your decision.  Continue Reading

• Virtual server backup: image-level backup and file-level backup

  Virtual server backup involves two types of backup: image-level backup and file-level backup. Learn the differences between them, and the limitations of file-level backup.  Continue Reading

• Mobile encryption options for mobile devices: Built-in vs. manual encryption

  There are a few different ways to approach mobile encryption. In this expert response, Peter Wood discusses the pros and cons of different mobile encryption options.  Continue Reading

• Alternatives to buying full-on network access control (NAC) systems

  In this expert response, Peter Wood outlines some alternatives to NAC systems, and explains why, sometimes, NAC systems really are the best choice.  Continue Reading

• Database activity monitoring technology vs. SIEM tools

  In this expert response, Peter Wood explains the difference between database activity monitoring systems and security information and event management (SIEM) tools.  Continue Reading

• Data deduplication or tape archive for reducing data on disk?

  Data deduplication can reduce data stored on disk, but you'll probably need a tape archive for data with long retention requirements.  Continue Reading

• Pwn2Own results: The most secure Internet browser for enterprises

  Which browsers are secure enough for enterprise use, and which should be avoided at all costs? In this expert response, Richard Brain examines the results of the 2010 CanSecWest Pwn2Own competition to give browser advice.  Continue Reading

• Google cloud applications: Secure enough for the enterprise?

  Google cloud applications aren't necessarily known for their security. In this expert response, learn what to watch out for when considering using such apps in the enterprise.  Continue Reading

• Remote data backup service guidelines

  My business needs to back up roughly 2 TB of data a night from its primary storage environment and secondary data centre. Would using a remote data backup service be an effective option?  Continue Reading

• Data deduplication technology considerations for ROBOs

  Data deduplication technology can help remote offices and branch offices (ROBOs) address bandwidth restrictions. Learn the factors to consider before adopting data deduplication technology.  Continue Reading

• Using RAID 1 and RAID 5 in a virtual server environment

  We tell you the pros and cons of using RAID 1 and RAID 5 for your OS and applications in a virtual server environment. Data protection and recovery are factors to consider.  Continue Reading

• Using data deduplication for virtual machine backup

  Deduplication can reduce data volumes during virtual machine backup. But you'll need a VM backup strategy to protect data dedupe indexes and complete your data restoration.  Continue Reading

• Choosing a data deduplication product for your data storage environment

  We tell you the three questions you should answer before choosing a data deduplication product.  Continue Reading

• LUN masking or LUN zoning: Which one is a better fit for a SAN fabric?

  GlassHouse Technologies' Steve Pinder weighs the pros and cons of using LUN masking and LUN zoning in SAN fabrics, switches and HBA configurations.  Continue Reading

• Securing Web applications with Web application firewalls

  Are Web application firewalls the best choice for securing Web applications? In this expert response, find out what other Web application security options are out there.  Continue Reading

• How to prevent Adobe hacks from affecting your organisation

  In this expert response, find out why Adobe has been an enticing target for PDF attacks recently.  Continue Reading

• SAN purchase factors include cloud storage and I/O performance

  We outline the factors to consider when making a SAN purchase, including cloud storage, data migration, I/O performance and maintenance issues.  Continue Reading

• Fibre Channel SAN zoning: Pros and cons of WWN zoning and port zoning

  Learn the difference between World Wide Name zoning (WWN zoning) and port zoning, as well as the pros and cons of each on a Fibre Channel storage-area network (Fibre Channel SAN).  Continue Reading

• What are the key shared storage options available to SMBs/SMEs for document management?

  Learn how an iSCSI SAN and open source products can become effective shared storage options for SMBs/SMEs undertaking a document management project.  Continue Reading

• Getting the most out of the gap analysis process

  In this expert response, Neil O'Connor explains how to get the most out of the gap analysis process in your organization.  Continue Reading

• USB drive security best practices and processes

  There are some best practices to follow when it comes to USB drive security. Learn what they are and how to protect your company from USB security threats.  Continue Reading

• Storage-area network (SAN) fabrics: Mesh versus core-edge topology

  When designing a storage-area network (SAN) fabric, it is important to examine both mesh and core-edge SAN topologies. Learn about the pros and cons of both topologies for designing SAN fabrics and which choice is best suited for small- and ...  Continue Reading

• How to calculate the optimum fan-out ratio on a storage-area network (SAN) array

  Learn how to calculate the optimum fan-out ratio –- number of hosts connected to a port -- for a SAN array hosted in your enterprise data storage infrastructure.  Continue Reading

• What are the main steps when configuring a storage-area network (SAN) switch?

  Learn how to perform a storage-area network (SAN) switch configuration by determining the required port speed and topology, and configuring zones so devices can communicate with each other.  Continue Reading

• Achieving concurrent write access to a storage-area network (SAN) without corruption

  A business has two load-balanced Web servers accessing the same LUN of a storage-area network. Steve Pinder tells them how to achieve concurrent write access without corruption.  Continue Reading

• What are the key steps in designing and purchasing a shared storage subsystem?

   Continue Reading

• What are some best practices for storing backup tapes offsite?

  Shipping tapes offsite? Learn the importance of recovery time objectives and recovery point objectives, inventory lists and migrating media to newer technology.  Continue Reading

• Key steps in purchasing/implementing a shared data storage subsystem

  Learn how to move from legacy direct-attached storage (DAS) and network-attached storage (NAS) boxes to an up-to-date data storage infrastructure.  Continue Reading

• Windows 2003 DNS configuration tips

  Expert Richard Brain reviews the best way to configure your server's DNS.  Continue Reading

• Will physical security integrators work with IT departments?

  Expert Neil O'Connor shares a recent project that demonstrates how IP-enabled physical security may be changing the market.  Continue Reading

• What type of data storage media is best for data with long retention requirements?

  Learn what types of data storage technologies, including SATA, MAID, virtual tape libraries (VTLs) and tape drives, are best suited for data with long retention requirements.  Continue Reading

• How to detect if machines have been infected with Trojans, keyloggers

  New data protection expert Paul Vlissidis explains the difference between keyloggers and Trojans before revealing how to find both on your machines.  Continue Reading

• Can I restore backup copies made from data deduplication for disaster recovery?

  For disaster recovery, you can restore backup copies made from data deduplication. However, it is crucial to protect your deduplication indexes and to restore everything in the right order.  Continue Reading

• How to protect a laptop from spam, viruses

  Q&A: Expert Richard Brain explains how to protect your laptop from malware by preventing it from installing in the first place.  Continue Reading

• Is it enough to analyse log files, or is an IDS necessary?

  The more network data you have to analyse, the better. In this expert response, Peter Wood explains what tools can provide the information you need.  Continue Reading

• How to address a spike in TCP and UDP flows

  Have an unusual spike in TCP and UDP flows? Expert Peter Wood explains how to zero in on the problem.  Continue Reading

• What to look for in a network security audit

  What to look for in a network security audit? That's a short question with a big answer, says expert Peter Wood.  Continue Reading

• What causes slow data backups and how can you make your backup environment more efficient?

  GlassHouse UK consultant Hywel Matthews says slow data backups -- caused by either the size of the backup pipe or the flow of the backup data -- can be addressed with various backup agents, data deduplication products, and more.  Continue Reading

• How to manage logs

  Neil O'Connor reviews when you should be hanging on to your network logs.  Continue Reading

• Information security policy template and tips

  Information governance expert Neil O'Connor reviews the key considerations that must be made before framing an information security policy.  Continue Reading

• Payment card industry compliance: Protect phoned-in credit card data

  Mathieu Gorge explains how to protect credit card data over the phone if you're a call centre trying to meet payment card industry compliance standards.  Continue Reading

• How can I merge SAN fabrics with SAN switches from different vendors?

  The Fabric Shortest Path First (FSFP) routing protocol will help you merge storage-area network (SAN) fabrics with switches from different vendors.  Continue Reading

• What data backup methods are key for a server virtualisation project?

  Server virtualisation can reduce expenditures, but introduce new complexities when it comes to data backup. Here are the points to address when implementing server virtualisation.  Continue Reading

• Is continuous data protection effective enough to be the only full data copy for disaster recovery?

  CDP is effective against physical corruptions because it maintains one or more copies of your data, either locally or remotely, to ensure disaster recovery in the event of physical failure.  Continue Reading

• How to integrate data backup storage environments following a business acquisition

  Before integrating data backup environments, assess your recovery point objectives and recovery time objectives, perform a gap analysis and look at the longevity of each product.  Continue Reading

• Recovering from a two-drive failure in a RAID 10 configuration

  In a RAID 10 configuration with four drives, data can be recovered if two of the drives fail. But recovering the data depends on which drives in the RAID configuration fail.  Continue Reading

• How does data deduplication impact backup?

  Deduplication means less data in backup storage, which means backup targets occupy less space and save on power and cooling. But dedupe at the source has a processing overhead.  Continue Reading