RAID-1 as back-up

Karl Denninger karl at denninger.net
Fri Jun 3 22:50:17 GMT 2005 

On Fri, Jun 03, 2005 at 06:36:34PM -0400, Alec Berryman wrote:
> Hans F. Nordhaug on 2005-06-04 00:26:20 +0200:
> 
> > I would like to use RAID-1 as a back-up solution. If one of the disk
> > breaks I would like my server to continue to run from the other
> > disk.
> 
> Just as fair warning, you should not rely on RAID as a 'backup' like
> you would rely on writing to removable media and storing off-site.  If
> someone cracks your computer and you want to go back to known good
> snapshot, you're out of luck; if you accidently overwrite something,
> RAID won't help you.

That depends.

You can use a third volume in a RAID1 system to image to nightly under
automatic control and detach it when finished.

Done with care this disk will NOT be used at boot (it might actually boot
the kernel, BUT it is not considered one of the providers in gmirror if you
"remove" it, so it will not come back into the configuration on a restart)

If a hacker scribbles on your disks, this one can still be booted manually
with a bit of effort (couple of commands from single user mode.)  It will
not come up clean but if care is taken (e.g. flushing any open DBMS
processes that are active at the time of the detach) you can insure that
critical areas on the system are intact, even though a FSCK will be required.

You can also (since the disk is detached) physically remove it from the
machine (assuming hardware support for such a thing) and physically take the
disk somewhere and shove it in an offsite location.

The beauty of this over a tape backup is that it is MUCH faster (I can copy
about 300GB this way in under five hours), is a true image copy and the
resulting media is directly bootable (no restore required)

It can also be mounted separately if necessary with the system running (if 
set up correctly) so you can incrementally copy a file that has been removed 
by accident, for example, back onto the working volumes.

Another option is to DUMP to a disk.  Using the snapshop features this is
even safer in terms of data integrity but you lose the online nature of
the backup (it has to be restored if there is a problem; you can't just 
boot the volume.)  It also allows incremental backups if you desire to 
use them.

As with all backup strategies (absent write-once media in SOME cases) if the 
media is PHYSICALLY connected to the machine and it is hacked it is possible 
for a hacker to scribble on THAT as well.  This is no more likely, however,
than it is for a tape cartridge system (e.g. tape library, etc) that is
likewise available while the machine is running.

Backup up to a disk drive is becoming much more attractive in terms of total
cost, especially when one includes in the picture the time required to
restore.  The high-capacity tape makers are no longer necessarily the 
option of choice for this necessary function.

--
-- 
Karl Denninger (karl at denninger.net) Internet Consultant & Kids Rights Activist
http://www.denninger.net	My home on the net - links to everything I do!
http://scubaforum.org		Your UNCENSORED place to talk about DIVING!
http://www.spamcuda.net		SPAM FREE mailboxes - FREE FOR A LIMITED TIME!
http://genesis3.blogspot.com	Musings Of A Sentient Mind

More information about the freebsd-stable mailing list