• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Best HDD Solution for File Server

R

Raystream

Limp Gawd
Joined
Jun 27, 2005
Messages
135
I just bought two Maxtor 300gb 16mb SATA drives the other day for my file server. I was leaning towards a mirroring solution, but I am up in the air as to what is the best solution.

You can see my proposed network layout here -> http://i9.photobucket.com/albums/a91/raystream/Home_Network_Proposed.jpg
(One thing to Note: the servers have been consolidated quite a bit.)

Anyway the File Server will contain very important and confidential data. Can't state much other then government related.

Raystream
 
Really no other option with the hardware you currently have. Level 1 will give you redundancy to protect from a single drive failure. You could buy another drive and controller and do a level 5 if you dont want to loose as much space but there is more expense going that route. Also, just because you are running a raid it will not eliminate the need for backups (I do see a backup fileserver in your diagram).

So will the proposed raid be in the pdc?
 
That's one wired house!

RAID1 will work fine for you. Just make sure to have that backup server running well.
 
dirtydr said:
Really no other option with the hardware you currently have. Level 1 will give you redundancy to protect from a single drive failure. You could buy another drive and controller and do a level 5 if you dont want to loose as much space but there is more expense going that route. Also, just because you are running a raid it will not eliminate the need for backups (I do see a backup fileserver in your diagram).

So will the proposed raid be in the pdc?
Click to expand...
Actually yes, the PDC will host as the Domain Controller/File Server/Exchange Server/AV Server. The backup server is just in the planning stage right now. Not sure if I could go the tape backup route because we will be backing up at least 100GB.

Raystream
 
I'd suggest against tape anyway. tape sucks imo. the cartridges are expensive, have a fairly limited life cycle, and are slower than molasses when trying to restore. fixed disk backup is the way to go as far as im concerned... just grab another 300 gig drive and use windows backup.

easy and cheap solution that would get rid of a machine assuming your backup fileserver is not going to be doing double duty as a backup domain controller. if it is, you may want to look into building a standalone storage box.
 
dirtydr said:
I'd suggest against tape anyway. tape sucks imo. the cartridges are expensive, have a fairly limited life cycle, and are slower than molasses when trying to restore. fixed disk backup is the way to go as far as im concerned... just grab another 300 gig drive and use windows backup.

easy and cheap solution that would get rid of a machine assuming your backup fileserver is not going to be doing double duty as a backup domain controller. if it is, you may want to look into building a standalone storage box.
Click to expand...

Ditching the tape drive is worst idea I have ever heard, especially if it is a government job.
 
Shark said:
Ditching the tape drive is worst idea I have ever heard, especially if it is a government job.
Click to expand...

For the cost of a lower end drive and weeks rotation of tapes you could get a hdd to swap every day with money left over. And you would not have to keep feeding the beast a fresh set of tapes every year.

Need to get back up and running in a timely manner after a failure? Not going to get that from tape. Want to backup the system in a timely manner? Thats a negative with tape. Push the time on a rotation and end up with worthless backups that are of course discovered while trying to recover. Forget to clean the head or swap the tape and end up with a failed job. No big deal its only yesterdays data just recover to the previous day.

Too many negatives with small scale tape backup especially with ata drives being as cheap as they are these days imho. If the investment has already been made that is one thing but I dont see the value of a tape backup, to a savvy user, below the enterprise level anymore. Maybe I'm missing something.
 
As a professional solution:
RAID 1+0 (not 0+1!) yes, i know, 4 drives cost more...the title was not cheap solution...

same amount of net disk you will have, for backup
and tape from the backup disk every day
fast restore in case of immediate need and this way you make sure to have a copy even if someone is discovering a logical corruption after a week....
tapes are not expensive...LTO1 cartridge will cost 20-30 USD with the capacity of 100/200 GB
yeah..the drive is costly but something for something....
 
btw
you have to plan carefully what roatation/retention policy have to be in place to lower the no of tapes and ensure restorable period of time requirement met....
 
dirtydr said:
For the cost of a lower end drive and weeks rotation of tapes you could get a hdd to swap every day with money left over. And you would not have to keep feeding the beast a fresh set of tapes every year.

Need to get back up and running in a timely manner after a failure? Not going to get that from tape. Want to backup the system in a timely manner? Thats a negative with tape. Push the time on a rotation and end up with worthless backups that are of course discovered while trying to recover. Forget to clean the head or swap the tape and end up with a failed job. No big deal its only yesterdays data just recover to the previous day.

Too many negatives with small scale tape backup especially with ata drives being as cheap as they are these days imho. If the investment has already been made that is one thing but I dont see the value of a tape backup, to a savvy user, below the enterprise level anymore. Maybe I'm missing something.
Click to expand...

You are missing it, and yet you answered it. Where you said "below the enterprise level".

He stated this a governement thing, so consider that "enterprise".
 
By enterprise I meant anything requiring the capacity of an autoloader or tape library.

So what are the advantages of using tape to backup 100GB as opposed to say swapping a disk every night or copying an image to another disk / array / series of arrays? What is 1 specific situation where tape will protect data, classified or not, "better"?

Not being sarcastic here, I'd really like to hear specifically why tape is a better backup system in the op's enviornment. :)
 
I remember having dreamed of something like that once.

I also vote for tapes.

And, even knowing price is not an issue, why not fusing media server with the dataserver? you could even use it to control your tape robot,
and, what about a NAS for storage, and a cluster for the 2 most important servers? maybe domain and data, since domain wont be very busy, not at all actually, And you would gain security.
 
Raystream said:
Anyway the File Server will contain very important and confidential data. Can't state much other then government related.
Click to expand...

dump one of those boxes and either convert it to an IDS w\ SNORT then monitor it 24\7
or remove that data from internet access and the local LAN altogether on a standalone very tightly secured box
(perferably OpenBSD or some other hardened OS) with only intermittent net access if necessary
 
dirtydr said:
Not being sarcastic here, I'd really like to hear specifically why tape is a better backup system in the op's enviornment. :)
Click to expand...

Let a hd drop from your hand to the floor,
 
dirtydr said:
By enterprise I meant anything requiring the capacity of an autoloader or tape library.

So what are the advantages of using tape to backup 100GB as opposed to say swapping a disk every night or copying an image to another disk / array / series of arrays? What is 1 specific situation where tape will protect data, classified or not, "better"?

Not being sarcastic here, I'd really like to hear specifically why tape is a better backup system in the op's enviornment. :)
Click to expand...

Lets see, for myself at work I have ~ 170GB of data that I back up every night. I have two weeks of rotation plus 5 weeks of weekly (friday) and a year of monthly backups. (plus quarterly permanent backups)

This means I can recover data from a varitety of points in time, if you overwrite the data every night it is not a backup, it is just a slower RAID.

So for me 170x8 (two weeks of daily) + 170x5 (five weeks of fridays) + 170x12 (a year of monthly) and for now we will ignore the permanent backups.

This is a total of 4.2 terrabytes of space needed to properly backup 170GB of data. Not counting the permanent backups for archival needs. I do not see any other cost effective way to do this than tape. (in my case AIT-3)

Now if this is government work, he will probably need to meet HIPA standards, so he might need even better data retention standards than that.

==>Lazn
 
Quite an impressive and diligent backup routine.

Lazn_Work said:
if you overwrite the data every night it is not a backup
Click to expand...

I do understand and practice the concept of snapshots though not as vigorously as you do. My hang up is basically that a new ait-3 goes for somewhere around $1500 and assuming a $40 buy in per tape there is $1000 for the set you have in service.

That same $2500 'blown' on 300GB drives @ $120 each will get about 6TB at 1:1, 12TB at 2:1 (before formatting obviously). This does not address the archival copies which I have overlooked and you can create at any time for $40 or any additional government stipulations on data storage/availability. If said quarterly archives or other similar procedures are mandatory then I guess there is really no other choice. Unless you could fit 4 on a single drive that costs less than four tapes...

I have had enough bad experience in the past its quite possible that has tainted my opinion of tape. :)
 
dirtydr said:
Quite an impressive and diligent backup routine.



I do understand and practice the concept of snapshots though not as vigorously as you do. My hang up is basically that a new ait-3 goes for somewhere around $1500 and assuming a $40 buy in per tape there is $1000 for the set you have in service.

That same $2500 'blown' on 300GB drives @ $120 each will get about 6TB at 1:1, 12TB at 2:1 (before formatting obviously). This does not address the archival copies which I have overlooked and you can create at any time for $40 or any additional government stipulations on data storage/availability. If said quarterly archives or other similar procedures are mandatory then I guess there is really no other choice. Unless you could fit 4 on a single drive that costs less than four tapes...

I have had enough bad experience in the past its quite possible that has tainted my opinion of tape. :)
Click to expand...

$120 each for internal drives, but you want off site storage (I take mine to one of our other offices and put it in a data rated fireproof safe every day - monthlys and quarterlys go to a permanent data rated safe at the main office) so if you use hard drives, you will need external enclosures for them.

Yes tapes fail, I have a retirement schedule for the tapes based on age or their soft error count (AIT tapes have a smart chip in them to track all kinds of neat stuff).

But really a hard drive that you move around is far more delicate / prone to failure than a tape.

Really to do it right, you would have a nearline array to back up to, and then use tape to back that up. In addion you might think of using a journaling file system so that you don't have to go to backup if a file gets deleted by accident or virus.

==>Lazn
 
Raystream said:
I just bought two Maxtor 300gb 16mb SATA drives the other day for my file server. I was leaning towards a mirroring solution, but I am up in the air as to what is the best solution.
Click to expand...

Without knowing anything about the application, it's impossible to responsibly recommend a solution. You might find the two Maxtors work fine. Or, you might find they suck; it will depend on the access patterns this file server will see.

Are all those clients copying small files to the server once in a while? Very large files all the time? Opening files remotely and pounding on them where they sit? Multiple clients hitting the same file? Users reading different and large files compeltely? And so on.

Do you have to archive any of this data? Inside, or outside your backup procedure? Are you subject to Sarbanes-Oxley?

If you think carefully about the application, then you should be leading yourself to some numbers that you can use to determine what will be a good setup: data rate, seek time, throughput, and so on.

By the way, why do you have a backup file server, but no backup domain controller?
 
mikeblas said:
By the way, why do you have a backup file server, but no backup domain controller?
Click to expand...

Good catch Mike, He definately should have another domain controller on the network, preferably not the Exchange server (as they really should not be on the same box).

==>Lazn
 
mikeblas said:
Without knowing anything about the application, it's impossible to responsibly recommend a solution. You might find the two Maxtors work fine. Or, you might find they suck; it will depend on the access patterns this file server will see.

Are all those clients copying small files to the server once in a while? Very large files all the time? Opening files remotely and pounding on them where they sit? Multiple clients hitting the same file? Users reading different and large files compeltely? And so on.

Do you have to archive any of this data? Inside, or outside your backup procedure? Are you subject to Sarbanes-Oxley?

If you think carefully about the application, then you should be leading yourself to some numbers that you can use to determine what will be a good setup: data rate, seek time, throughput, and so on.

By the way, why do you have a backup file server, but no backup domain controller?
Click to expand...
Woa... woa... hold on folks. This is a Home Network. Ya know, some people like to do work at home even after they get home from work. :cool:

So a Tape Backup solution would be out of the question. I would say that between 5%-10% of data would need any bit of protection. But putting that aside... we just need some type of recovery which is why I asked here.

Now as for the Domain Controller. The AV software on the server will be pushing Updates to the clients as soon as they come in. Most likely everyone will be transferring/adding files at least once a day. I doubt anyone would be hitting the sale file at the same time other then those rare occurences.

It will have Exchange on it once I can get the time to set it up. The reason for it is that it will be acting on the Intranet level. We don't have a high enough upload rate from our ISP to put it into a DMZ zone. And with that... everyone will be connecting to the exchange server a lot every day.

As for the Media Server... that is going to be hooked up to 6-8 Xboxs. There is no way in this jolly green earth that I can possibly consolidate it into the Domain Controller. With the way people are at my house that Media Server will constantly be sending data to at least 2 Xboxs at any given time. Plus recording TV Shows out the wazoo!! On top of that it is going to need at least 500GB+ for everything I have planned for it. :p

I will post an updated picture of my homes "proposed" network layout tommorow afternoon/evening.

Thanks for everyones suggestions thus far. They have been pretty interesting.

Raystream
 
Raystream said:
Woa... woa... hold on folks. This is a Home Network. Ya know, some people like to do work at home even after they get home from work. :cool:
Click to expand...

I'm confused, then; what's all this about?

Raystream said:
Anyway the File Server will contain very important and confidential data. Can't state much other then government related.
Click to expand...

So what's your actual question? There isn't one in your original post.
 
Raystream said:
AV software
Click to expand...

The Six Dumbest Ideas In Computer Security

#2) Enumerating Badness
Back in the early days of computer security, there were only a relatively small number of well-known security holes. That had a lot to do with the widespread adoption of "Default Permit" because, when there were only 15 well-known ways to hack into a network, it was possible to individually examine and think about those 15 attack vectors and block them. So security practitioners got into the habit of "Enumerating Badness" - listing all the bad things that we know about. Once you list all the badness, then you can put things in place to detect it, or block it.

Why is "Enumerating Badness" a dumb idea? It's a dumb idea because sometime around 1992 the amount of Badness in the Internet began to vastly outweigh the amount of Goodness. For every harmless, legitimate, application, there are dozens or hundreds of pieces of malware, worm tests, exploits, or viral code. Examine a typical antivirus package and you'll see it knows about 75,000+ viruses that might infect your machine. Compare that to the legitimate 30 or so apps that I've installed on my machine, and you can see it's rather dumb to try to track 75,000 pieces of Badness when even a simpleton could track 30 pieces of Goodness. In fact, if I were to simply track the 30 pieces of Goodness on my machine, and allow nothing else to run, I would have simultaneously solved the following problems:

* Spyware
* Viruses
* Remote Control Trojans
* Exploits that involve executing pre-installed code that you don't use regularly

Thanks to all the marketing hype around disclosing and announcing vulnerabilities, there are (according to some industry analysts) between 200 and 700 new pieces of Badness hitting the Internet every month. Not only is "Enumerating Badness" a dumb idea, it's gotten dumber during the few minutes of your time you've bequeathed me by reading this article.

Now, your typical IT executive, when I discuss this concept with him or her, will stand up and say something like, "That sounds great, but our enterprise network is really complicated. Knowing about all the different apps that we rely on would be impossible! What you're saying sounds reasonable until you think about it and realize how absurd it is!" To which I respond, "How can you call yourself a 'Chief Technology Officer' if you have no idea what your technology is doing?" A CTO isn't going to know detail about every application on the network, but if you haven't got a vague idea what's going on it's impossible to do capacity planning, disaster planning, security planning, or virtually any of the things in a CTO's charter.

In 1994 I wrote a firewall product that needed some system log analysis routines that would alert the administrator in case some kind of unexpected condition was detected. The first version used "Enumerating Badness" (I've been dumb, too) but the second version used what I termed "Artificial Ignorance" - a process whereby you throw away the log entries you know aren't interesting. If there's anything left after you've thrown away the stuff you know isn't interesting, then the leftovers must be interesting. This approach worked amazingly well, and detected a number of very interesting operational conditions and errors that it simply never would have occurred to me to look for.

"Enumerating Badness" is the idea behind a huge number of security products and systems, from anti-virus to intrusion detection, intrusion prevention, application security, and "deep packet inspection" firewalls. What these programs and devices do is outsource your process of knowing what's good. Instead of you taking the time to list the 30 or so legitimate things you need to do, it's easier to pay $29.95/year to someone else who will try to maintain an exhaustive list of all the evil in the world. Except, unfortunately, your badness expert will get $29.95/year for the antivirus list, another $29.95/year for the spyware list, and you'll buy a $19.95 "personal firewall" that has application control for network applications. By the time you're done paying other people to enumerate all the malware your system could come in contact with, you'll more than double the cost of your "inexpensive" desktop operating system.

One clear symptom that you have a case of "Enumerating Badness" is that you've got a system or software that needs signature updates on a regular basis, or a system that lets past a new worm that it hasn't seen before. The cure for "Enumerating Badness" is, of course, "Enumerating Goodness." Amazingly, there is virtually no support in operating systems for such software-level controls. I've tried using Windows XP Pro's Program Execution Control but it's oriented toward "Enumerating Badness" and is, itself a dumb implementation of a dumb idea.

In a sense, "Enumerating Badness" is a special dumb-case of "Default Permit" - our #1 dumb computer security idea. But it's so prevalent that it's in a class by itself.
Click to expand...

aps like the full version of Processguard and extentions like noscript for firefox and a good rule based firewall all alow you to enumerate goodness ;)

the drawback being your then the one that allows badness
which is why you still need an AV scanner to give you an idea if the file youve just downloaded is what it appears to be before you allow it to install or something else blocking a javascript from doing something its not supposed to

then there are direct exploits of the OS or an aplication
the only cure is hope a patch is released and you hear about it before your a victim
(or that its not a zero day)

you can also cut down your attack profile (like standing sideways in a pistol duel)
dont use Instant Messaging? dont worry about that whole class of infections \ exploits

but if the level of data is truely so confidential
it needs to be on a hardened system and monitored if its in anyway connected to a LAN or the internet

as you add boxes and users its not a proportional threat increase but often exponential
which is why defending networks is so hard compared to simply securing a single box.
 
Raystream said:
Woa... woa... hold on folks. This is a Home Network. Ya know, some people like to do work at home even after they get home from work. :cool:
So a Tape Backup solution would be out of the question.
Click to expand...
My DLT autoloader.. at home.. disagrees :D
RAID1 + Shadown Copies + Tape makes for no files ever lost, typically.
 
Ice Czar said:
The Six Dumbest Ideas In Computer Security



aps like the full version of Processguard and extentions like noscript for firefox and a good rule based firewall all alow you to enumerate goodness ;)

the drawback being your then the one that allows badness
which is why you still need an AV scanner to give you an idea if the file youve just downloaded is what it appears to be before you allow it to install or something else blocking a javascript from doing something its not supposed to

then there are direct exploits of the OS or an aplication
the only cure is hope a patch is released and you hear about it before your a victim
(or that its not a zero day)

you can also cut down your attack profile (like standing sideways in a pistol duel)
dont use Instant Messaging? dont worry about that whole class of infections \ exploits

but if the level of data is truely so confidential
it needs to be on a hardened system and monitored if its in anyway connected to a LAN or the internet

as you add boxes and users its not a proportional threat increase but often exponential
which is why defending networks is so hard compared to simply securing a single box.
Click to expand...
Umm... wOa! I guess flower power is back with "Enumerating Goodness"! :p After reading your statements I remembered that I originally planned to have the Backup System harden and for the most part seperated from the rest of the network. It would make the most sense also. So I guess I will set things up with any thing important to go on the Backup System.

I was thinking of using Avast Server with their ADNM Management Console for Push updates.

I'm confused, then; what's all this about?

So what's your actual question? There isn't one in your original post.
Click to expand...
My Question was actual in the Thread Title. ;) But basically its about storing important data while at home working. And what is the best solution so that in case of a problem anything important done at home that is more updated then at work is protected and saved.

So I am guessing since I will be moving things over to the Backup System that I should do a Raid + Tape back-up still? My only problem with that is that there will not always be someone at home to do tape rotations... so I have to find some type of automated system.

Thanks,
Raystream
 
You must log in or register to reply here.
Back
Top