Diving Deep into OPSEC: Let's Guard Our Data

[mraleph]

RAID may be used for security via⁠ virtual disk encryption but its purpose is regarding performance, fault tolerance and redundancy thru multiple⁤ drives and schemes - beside other specifics.

Whilst RAID 1 offers only mirroring - thus⁣ achieving primary purpose - if performance is not requirement, RAID 5/6 is far more fault⁢ tolerant due to its distributed parity mechanism. If performance is a requirement, RAID 50/60 can︀ be used which adds additional drives for performance reasons. In both cases, hot spare drives︁ are advised, so in case of fault, the RAID array can be promptly recreated.

RAID 10 is quite basic and not quite fault tolerant so should not be used for︂ any even remotely sensitive storage. RAID 0 - stripping - is a fool's friend.

Ofc, hardware RAID modules should be preferred wherever possible as RAID O/S implementation may lead to︃ serious data loss.

 

[aniglo22]

Forgot to mention : Tox

 

[cckuhqilfownnfctux]

well this is controversial 😀
of course‍ there are memes like this floating around

but in my experience hardware RAID controllers bring more pain in⁢ the a*s than stability or comfort hence I always stick to the software RAID.

 

[mraleph]

Considering that HW RAID modules are reserved for either servers or desktop workstations, majority⁤ of end users will use mainboard integrated or O/S level RAID.

HW RAID implementations wise,⁣ it depends on module and drive vendor, so your statement is quite correct. The least⁢ problems in production we had is with DELL PERC series and DELL drives.

But, RAID︀ firmware is essentially stripped down Linux - whatever the implementation, the significant difference between them︁ is only about type and size of cache memory - like in DELL BOSS module.︂

Whether ZFS, LVM or mdadm, an O/S level RAID will utilize - and thus not︃ been limited to controller's resources - system resources - which can degrade system performances in︄ the end.

So, for desktop workstation and server use case, HW RAID would be the︅ optimal solution.

End users should know that by using any RAID implementation - apart from︆ RAID 0 and its variants - there are no performance benefits. It's about resilience and︇ continuity. Also, RAID does not substitute backup.

 

[cckuhqilfownnfctux]

and I've had Dell branded controllers not accept⁠ Dell branded drives "because f**k you thats why", and that's the largest problem with the⁤ hardware RAID: you get vendor-locked and are bound to one particular manufacturer and have to⁣ buy branded drives for 5x-10x of the unbranded drives price + have to choose the⁢ exact models as they might not be accepted by the card even if the drives︀ have the same brand written on the sticker.
but still I had less problems with︁ Dell branded controllers than with HP, probably because HP uses their own hardware whle Dell︂ just rebrands common LSI RAID cards which are much better tested because they have much︃ more customers (Dell, Supermicro, Fujitsu, Lenovo, Intel, ...) than HP alone.
it's not Linux but some kind︅ of a real time operating system, at least on LSI/Dell cards.
and the most significant︆ difference between them is their embedded list of "allowed" drive models 😀
while ZFS is resourse intensive it does have its benefits, one need︊ to fully understand whether to use ZFS or not.
LVM or mdadm impact on system︋ performance is negligible, unless we are talking about very old hardware.
100%

 

[mraleph]

Five years ago, we decided to cease further use of︆ HPE server machines and its hardware ecosystem for exactly the same reason you wrote in︇ first paragraph ns2

I assume that it's a matter of faith. For me, HPE is an︈ utter bad boy and DELL is a decent crook 😉 Supermicro, Fujitsu and Lenovo is like︉ another 3 major monotheistic religions 🙄 I'm an atheist.

When PERC is booted, you actually see︊ a string referring to Linux kernel version.

Any software RAID solution not being 0 and︋ 1, will have performance impact.

 

[Clank]

I would never trust a company based⁠ in the US in regards to privacy.

 

[mraleph]

Why? Due to CALEA or FISA court orders? The analogue may‍ be applied locally or internationally in almost any country of the world - particularly thru⁠ international legal assistance in criminal matters.

 

[cckuhqilfownnfctux]

interesting, does that apply only to the newest 16 gen server‍ model you've mentioned recently?
I don't remember seeing anything about Linux in older Dell servers⁠ (up to 14 gen) with PERC 330 or 730. I'll have a look at it⁤ some time, all of my PERC cards are in HBA mode currently.