axis payroll Year End Updates are now available »

axis diplomat 2014 Software White Papers

1. Data Security Best Practice

 Printer Friendly Version

The document below is not the latest version. To see the latest version, please click here.

1.1 Introduction

For the majority of our customers, axis diplomat lies at the heart of their business and any “down-time” during working hours or loss of data is a business critical issue. This document discusses some of the causes of data loss or downtime which are outside of the control of axisfirst.

The causes for these incidents include

  • Inadequate backup frequency.
  • Insufficient backup copies (e.g. using the same single backup media every day).
  • Failing to check backup logs (and finding out too late that errors have been occurring).
  • Using backup software which is either not up to the job, badly installed or incorrectly configured.
  • Infection and attack by virus software.
  • Bugs in third party products.
 

1.2 axis diplomat Data Security Developments

1.2.1 Multiple & Automatic Checkpoints

axis diplomat automatically attempts to take a checkpoint whenever data has been entered. In the event of a system failure a checkpoint represents a “clean” point to which the system can be recovered. Where the system is not at a clean point (for example because another operator is in the middle of filing a batch of data), and a checkpoint cannot be taken, the system simply continues. The next time an operator completes an update, the system will try again, and so on. Manual checkpoints can also be taken by a user to mark a known point to which the user may wish to recover to.

axis diplomat holds many checkpoints (typically hundreds), allowing the user to select the point to which to recover (usually, but not necessarily, the most recent).
 

1.2.2 Secure Systems

Most server-based operating system environments (such as Microsoft Windows Server) provide the ability to restrict access to files on disk according to the current logged-in user.

axis diplomat utilises the security access rights assigned to Windows user accounts and groups to restrict access to the axis diplomat files (both programs and data). This can signigicantly limit the damage that virus software can do to your axis diplomat system in the event of an infection since the virus will not be able to access key axis diplomat files.
 

1.2.3 axis diplomat Backup Facilities

axis diplomat has built-in backup facilities which offer the following features:

  • Multiple backups can be stored on your hard disk. Specific backups (such as month end backups for example) can be flagged as being retained indefinitely on the hard disk, other backups are cleared automatically after a user defined retention period (typically 7 days).
  • Backups are compressed. Compression technology means that the disk space required for an axis diplomat backup is minimised.
  • Backups can also be archived to another storage destination, this allows you to utilise removable media (such as external disk drives or memory sticks) or other storage on your network (e.g. another Windows server or NAS).
  • Backups can be automated. You can schedule a backup to happen automatically at a given time. For example, you could schedule an automatic backup to happen at 23:00 Monday to Saturday.
  • Backups can include all the parameter and miscellaneous files associated with your axis diplomat system, not just the transactional database. This means that your system can be rebuilt precisely as it was before with just the backup file and the most recent axis diplomat release software.
  • The backup facilities work in conjunction with the axis diplomat SoS service (Safe off-site Storage) to automatically backup your axis diplomat system to our web servers providing further peace of mind that your day’s data is protected and providing an important element in your business’ disaster recovery plan.
  • Backups can be transmitted via the internet to axisfirst ad-hoc. This allows our support team to investigate any support query “off-line” without affecting the operation of your live system.
  • From axis diplomat 2014, backups utilise Windows VSS to snapshot the axis diplomat data meaning that backups can be taken whilst axis diplomat is in use.
    Even prior to axis diplomat 2014, a two-phase backup process reduced the time during which users could not access the system. During the first phase, the data is copied and, as soon as that has been done, users are allowed to continue updating the system. The backup function is then able to compress the copied data without time constraints (by being able to spend more time on the compression phase, the resultant backup file can be as small as possible). This achieves the best of both worlds where, as far as the users on the system are concerned, the backup happens very quickly but also the backup file is extremely compact.
  • “Waiting for Supervisor Mode” operation waits for other operators to exit the system whilst preventing new users signing on until the first backup phase has been completed.
 

1.2.4 Safe Off-site Storage (“SOS”)

SOS is a subscription-based service whereby the axis diplomat backup function can automatically transfer the backup to axisfirst’s secure servers. The three most recent backups are retained on those servers. Software running on those servers monitors arrivals of backups from each subscriber and raises an alert if backups are not received, or are incomplete. Storing your most recent axis diplomat backups off-site provides you with the best security of that data since, even if your building or network is destroyed by fire or flood, the data is safe. 
 

1.3 Data Security Best Practice

1.3.1 Data Protection

The Data Protection facilities within axis diplomat (sometimes referred to as “checkpointing”) should be your first line of defence against data protection. Using the standard facilities for multiple and automatic checkpoints, data loss as a result of a system crash can usually be minimised to a few minutes.
 

1.3.2 Removable media backups

No data protection facilities should be considered as a replacement for backups to removable media which can be rotated off-site. We recomend that all systems are backed up to removable media on a daily basis (normally automated overnight) and you should have a defined procedure for media rotations. These backups are your main defence against system loss – if, for example, your server suffers a catastrophic hardware failure, is stolen or otherwise lost, these backups are the first port of call.

Your backup software should include the following facilities:

  • Disaster Recovery (DR) – without Disaster Recovery (or “bare metal” disaster recovery) in order to restore a backup, it is necessary to rebuild a complete server first, then install the backup software to read the backup – this could, in extreme cases, involve several days of work for a systems technician, before being able to restore!
  • Open File Backups – on Windows systems, and servers in particular, many of the Windows system files are open all of the time and, without a mechanism for backing up those open files, you cannot restore a complete system, only the parts of the system that were not open at the time (and an incomplete backup can be as bad as no backup at all!).

A typical media rotation scheme for tape is as follows:

Starting with twenty tapes, rotate each tape on a daily basis so that you have a Monday tape that is used once every four weeks, a Tuesday tape, and so on. At the end of each month, take out the tape for the last day of the month and archive as a month end tape and replace that tape with a new one. This helps ensure that you have, not only the backups for the last four working weeks but also an archive of backups from each month end. Furthermore, by introducing a new tape into the cycle at each month end, you are avoiding making backups onto the same tape over and over again – data cartridges have a finite life span, and you may not find a problem until you try to restore the tape.

You should always perform a full system backup, and not an incremental backup. Incremental backups only backup the data that has changed since the previous backup and so piecing a system back together can require multiple tapes, which is problematic at best.You should also ensure that every backup includes a verify operation. This is when the software reads back the contents of the backup and compares with the files that have been backed up to ensure that the backup is complete and correct.

Avoiding incremental backups, and including a verification pass, will increase the time taken for a backup and, for this reason, we recommend that backups are scheduled for overnight execution, when the time taken is largely irrelevant.

You should also endeavour to store your backups off-site. Ensure that tapes are brought back in before they are next required in the rotation. When not off-site, tapes should be stored in a secure location, such as a fireproof safe.
 

1.3.3 axis diplomat Backups

You should schedule an axis diplomat backup overnight prior to the removable media backup – the removable media backup then includes the axis diplomat backup file in addition to all of the files associated with the axis diplomat system – this makes it much easier to restore a system since you can reload that one backup file in the event of a failure.

axis diplomat backups can be archived to removable media such as external disk drives, memory sticks or NAS.
 

1.3.4 Secure Systems

If you are running your axis diplomat system on a server that supports security (e.g. Microsoft Windows Server) you should install axis diplomat using the secure option within SETUP to help protect your system from malicious attack by viruses, hackers, etc. and accidental damage by users inadvertently trying to delete the wrong file.
 

1.3.5 Safe Off-site Storage (“SOS”)

Provided that you have a suitable Internet connection, the SOS service provides the best mechanism for securing your axis diplomat data off-site. Your backups are stored off-site immediately because they are uploaded automatically via the Internet; with normal off-site regimes, the tape may not go offsite until the end of the following day – if your server is subject to a disaster overnight, it makes no difference whether the backup succeeded or failed since it inevitably suffered the same fate as the server!
 

1.4 Conclusion

Whilst there may, on the surface, seem a thin line between Data Security Best Practice and paranoia, you should consider your procedures carefully. Data is virtually uninsurable and a significant loss of data often results in a business failure. Consider, for example, the scenario of fire destroying your offices. Your insurance company will (hopefully) replace the building and your IT systems but, with any paper records destroyed, the data held in the axis diplomat system is the only place you will find a record of who owes you money, who you need to fulfil orders for and, indeed, who your customers and suppliers are!

 Printer Friendly Version

Call Back
This site uses cookies. By continuing to access this site you are accepting the use of cookies by this site.
Read more about cookies...
OK

Cookies are small text files stored on your device when you access most websites on the internet.

This Website uses cookies in order to make the Website easier to use, to support the provision of information and functionality to you, as well as to provide us with information about how the Website is used so that we can make sure it is as up to date, relevant and error free as far as we can. Further information about the types of cookies that are used on this Website is set out in the box below.

By using this Website you agree to our use of cookies. You can choose to restrict or block cookies set on the Website through your browser settings at any time. For more information about how to do this, and about cookies in general, you can visit www.allaboutcookies.org. Please note that certain cookies may be set as soon as you visit the Website, but you can remove them using your browser settings.

However, please be aware that restricting or blocking cookies set on the Website may impact the functionality or performance of the Website, or prevent you from using certain services provided through the Website. It will also affect our ability to update the Website to cater for user preferences and improve performance.

We don’t sell the information collected by cookies, nor do we disclose the information to third parties, except where required by law (for example to law enforcement agencies).

We may sometimes embed content from 3rd party websites such as YouTube. As a result, when you visit a page containing such content, you may be presented with cookies from these websites. We do not control the dissemination of these cookies and you should check the relevant third party's website for more information.

Cookies We Use

Cookie Description
CookieConfirm The presence of this cookie is used to remember the fact that you have confirmed that you are happy to accept cookies
ASPSESSIONIDxxxxxxxx This is a Session Cookie (session cookies are temporary and are erased when you close your browser). It identifies you from one page to the next and is used, for example, to keep track of your logged-in status.
UserID, account, password These cookies are used to remember your login credentials for when you next visit our website. They are only created if you choose the “Remember Me” option on the login page.
_utma, _utmb, _utmc, _utmz These are cookies created by Google Analytics and are used to provide us information on which web pages are the most popular, and the most popular search terms used by visitors arriving at our site.