Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

RAID is not a backup
SECURITY SHELF

RAID is not a backup 

Redundant Array of Independent Disks, more commonly referred to by the acronym RAID, is an approach to data storage virtualization that combines multiple physical disk drives into one or more logical storage volumes. Depending on the chosen RAID scheme, it could increase overall capacity, performance, and reliability. Or not.

RAID 0 provides increased capacity and performance by striping data across multiple drives with no redundancy. Since the failure of any one drive will result in data loss, RAID 0 statistically decreases reliability.

RAID 1, also known as mirroring, simply writes data identically to two drives. Depending on the controller, read performance may be increased because data can be read from either drive. Write performance is essentially equal to that of the slowest drive in the set. While less efficient than more sophisticated RAID configurations, a major advantage of RAID 1 is that in the event the controller or one drive fails, the surviving drive can often be directly connected to any computer capable of reading the file system.

RAID 2, 3, and 4 are not used by modern systems. In summary, they are schemes to distribute data across three or more physical drives.

RAID 5 consists of block-level striping with distributed parity and requires a minimum of three physical drives. This scheme improves performance, can achieve larger logical volumes, and is designed to survive the failure of any one physical disk. While popular for small business applications, its principal weakness is a second drive failure prior to replacing the first failed drive, or while the RAID array is under increased stress during rebuild, will result in total data loss. On the surface, this second failure may appear unlikely. But in practice, it does occur. Three drives from the same manufacturer, installed at the same time, and running in identical environmental conditions have been known to result in two closely-timed hardware failures.

RAID 6 addresses the weaknesses of RAID 5 by using block-level striping with double distributed parity, increasing fault tolerance to two failed drives. The cost is an additional drive; RAID 6 requires a minimum for four drives. However, by using drives from multiple manufacturers and replacing them on a scheduled basis, RAID 6 provides a high level of availability and is recommended for many business-critical applications.

Hybrid RAID approaches are another option. Most notably, RAID 1+0 (known as RAID 10) combines mirroring and striping to provide high performance and redudancy. Provided that no mirror loses all of its drives, the RAID 10 array can sustain multiple drive losses. This high performance makes it useful for applications such as databases that require high IO rates. Other hybrid approaches, such as RAID 5+1 and RAID 6+1 require additional drives and are used in much larger arrays.

Storage vendors offer proprietary and standard RAID schemes, including lower-cost products intended for home and small business applications. For example, Synology Hybrid RAID is an automated RAID management system that maximizes the use of different drive sizes, unlike RAID 5 and 6 arrays that limit use to that of the smallest drive. These proprietary RAID schemes may be the right decision for small businesses, allowing them to upgrade storage capacity and rotate drives without manually reconfiguring their array.

Other sophisticated RAID features, including hot standby spares, dual power supplies, and even internal battery backup increase reliability. Many Network Attached Storage (NAS) vendors make it easy to schedule data replication between two separate devices. Small businesses should consider purchasing two small NAS appliances with replication as part of their data survival strategy. However, no matter what reliability features are present, it is essential to remember that several common scenarios result in data loss in spite of the most advanced RAID array.

Rack-mount servers often use RAID 1, 5, or 6 to allow continued operation during a drive failure. However, a hardware failure in the RAID controller can result in corruption of all drives. Lower-end systems often implement RAID in the BIOS or operating system, leaving data vulnerable to multiple failure scenarios.

RAID provides no protection whatsoever against accidental or malicious data modification or destruction by applications, users, and malware. In non-business critical systems, RAID-related reduction in availability risk may be overshadowed by a false sense of security.

Business backup system requirements vary due to differing business needs and compliance requirements. In general, backup processes should align with disaster recovery plans, taking into account the Recovery Point Objective (RPO), which determines the maximum acceptable amount of data loss measured in time. For example, a 24-hour RPO may be satisfied with daily backups, while a 15 minute RPO obviously requires a much more real-time backup strategy.

Small businesses and sole proprietors with modest backup requirements should consider the time-honoured 3-2-1 backup rule: Have at least three copies of your data, store the copies on two different media, and keep one backup copy off-site. Inexpensive NAS hardware makes on-site data copies easier than ever, and cloud-based backup services such as Backblaze make the off-site component simple, automatic, and inexpensive.

And remember, RAID is not a backup.

Have a security question you’d like answered in a future column? Eric would love to hear from you.

Related posts