Wednesday, November 5, 2014

CrashPlan Pro, or how a good idea from IT has gone bad...

My work laptop has a program installed on it called CrashPlan Pro.  This piece of software backs up files "the cloud".  My company's IT department has it locked down so I really have no control over what is copies up to the Cloud.  On a good day, it is a bandwidth pig.  So here are some stories with my tangles with it.

Over the weekend my kids were complaining that our Internet was really slow.  Web pages were slow to come up and the family was not happy.  I ran some traceroutes to some IPs and yes, they were really, really bad.  I was wondering what was going on, but I really didn't do much about it.

A few days later I was on a conference call.  I have an Avaya IP phone at my house.  While on the conference call people were complaining to me that I was breaking up really bad and they couldn't understand me.  I hopped into my home router and looked at the bandwidth usage and my upload was pegged...  "What is going on????  Has someone hacked into my network and stealing my data??"  My kids were in the other room watching Studio C on the BYU TV channel and I went and abruptly unplugged the Roku from its power source.  Oh, the weeping and wailing and gnashing of teeth!!  I checked my router.  Nothing.  Dang it!  What was going on?  What device was consuming all my bandwidth?  I looked at the statistics from my router and the uploads had been going on all weekend long!  What?!?  I saw the CrashPlan icon in the system tray and I checked and it was in the process of updating.   Hah!  I found you, you little network wrecker!  I selected to set it to "Sleep" and my network utilization went to zero!  Whew!  Problem solved.  I've had a problem with this lovely little program previously, but this time it caught me off guard.

This app has burned me more than once and I was sick of it.  Being that I know my way around a protocol analyzer, aka Wireshark, I fired it up on my laptop and I proceeded to figure out how this application behaves.  It resolves DNS for three key hosts and then it tries to connect to each one of them.  I have a DD-WRT based router and I added the following firewall rules:

iptables -I FORWARD -d 199.xxx.xxx.47 -j DROP
iptables -I FORWARD -d 50.xxx.xxx.246 -j DROP
iptables -I FORWARD -d 216.xxx.xxx.55 -j DROP

I put those rules in and my WAN utilization when back to zero.  So now I don't have to worry about putting CrashPlan to sleep while I'm working from home.  Score!

Now, here is the funniest part of the story.  This week I've been working in the office.  I've noticed that the number of files to be backed up by CrashPlan is steadily growing.  Hmmm...  Why is that?  Why isn't CrashPlan backing up files when I'm on the corporate network?  I don't mind killing my work connection (they're the ones that installed this fine piece of software onto my laptop) because this is corporate and if they want to backup my laptop, then I'll let this piece of software kill my work's bandwidth.  I fire up wireshark again and start sniffing the wire...  I look for massive uploads and it isn't happening.  Why?  I found out that someone is killing CrashPlan on the local network!  I guess all the backups are killing our Internet connection so someone in IT has blocked access to the same CrashPlan IPs that I'm blocking!  Oh, the irony.  So here is this piece of software that is supposed to be making a backup of my so very important data and I've killed it at home and my own local IT guy is killing it too.  Which leads me to ask, why am I running this to begin with if IT is blocking it?

My local user is in the workstation's administrator's group so CrashPlan will be removed from my workstation in the next week.  If IT asks me why I removed it, I will simply state the facts above.  It is killing my home bandwidth.  It is killing my local office's bandwidth and it is being blocked.  Therefore, it will never do its job.  If it isn't doing its job, then why run it?  If there were some means to limit the amount of bandwidth that it uses, or if there was some sort of location awareness on the product, or if IT would give me some control over what data I can backup, then I wouldn't mind keeping the app.  But I have no control and therefore it is useless.

Have a nice day!