DISASTER RECOVERY 
JOURNAL

P. O. Box 510110
St. Louis, MO 63151
(314) 894-0276 
Fax: (314) 894-7474
Internet www.drj.com 
E-mail drj@drj.com

EXECUTIVE PUBLISHER
Richard L. Arnold, CBCP
richard@drj.com

EDITOR-IN-CHIEF
Jon Seals
jon@drj.com

SENIOR EDITOR
Janette Ballman
janette@drj.com

ASSOCIATE EDITOR
Ed Pearce, CBCP
ed@drj.com

ASSISTANT EDITOR
Pamela Clifton
pamelaclifton@hotmail.com

COPY EDITORS
Jim Hammill, CBCP
Richard Sandhofer
richards@drj.com

ADVERTISING 
Robert Arnold
bob@drj.com

_____________

Corporate

President/CEO
Richard L. Arnold, CBCP
richard@drj.com

Vice President 
Robert Arnold
bob@drj.com

CONFERENCE COORDINATOR
Patti Fitzgerald, CBCP
patti@drj.com

CONFERENCE REGISTRAR
Merce Knese
mercedes@drj.com

CIRCULATION
Laura Baugh
laurab@drj.com

EXECUTIVE COUNCIL
Mike Croy, Forsythe
Jeff Dato, MBCP, KPMG
John Jackson, IBM
Edward S. Devlin, E.S. Devlin & Associates
James Hammill, CBCP, JMH Consulting Inc.
Pat McAnally, SunGard Availability Services
Brian Turley, Strohl Systems
Belinda Wilson, Hewlett-Packard


INTERNATIONAL
CONTACTS
England: Thom Hetherington
Business Continuity
Phone: 0161-237-1007
thomh@tempus.demon.co.uk
Japan: Shinji Hosotsubo
Crisis Management and Preparedness Organization
Phone: 03-3519-6270
fax: 03-3519-6255
hosotsubo@cmpo.org
Brazil: José Carlos Ferreira
Disaster Recovery Mercosul
Phone and fax: 011-3666-9506
jocaff@uol.com.br

Click Here for a Printable Version

SATA RAID: Enterprise-Class Data Protection and Recovery for Everyone

By STEVE MCINTOSH, CISSP

The greatest worry of system administrators in IT departments used to be server and system downtime and the possibility of losing data. Storage system threats such as viruses, malicious users, and disk crashes were certainly high on this list. In recent years, however, system administrators in the well-funded Fortune 500 IT departments have worried less since they were able to afford RAID products. RAID, or redundant arrays of independent disks, provides additional data integrity and an I/O throughput boost for SCSI storage systems. This includes enterprise-class RAID functionality such as “n-way mirroring” (RAID1n), online raid-level migration (ORLM) and array “hiding” that has typically been priced beyond the reach of individual workstation and PC users as well as many IT departments in small- to medium-sized businesses (SMBs).
One notable benefit of these RAID features is fast and easy backup/recovery of local data arrays since they provide the ability to use the direct-attached storage system to maintain an easily restored and secure backup of data. This local RAID backup and restoration complements (but does not replace) a company’s back-up procedures as it offers distinct benefits not available with other back-up and restoration products.
For example, there is no need for special back-up hardware since the backup is performed locally within the storage system. Also, data can be restored quickly and easily since the system administrator does not have to worry about precisely how to restore the data array from an external backup device that resides somewhere out in the network or even at a remote facility.
Wouldn’t it be wonderful if even individual workstation and PC users could have such protection for their data, especially in light of the recent blizzard of fast-moving viruses and e-mail worms?
For example, the Witty Worm is a recent plague and has spread like wildfire, overwriting random sectors on the hard disk, preventing normal operation of PCs and eventually causing PCs to crash. At the peak of the Witty outbreak, according to an article in eWeek magazine, as many as 300,000 Witty-related packets per hour were recorded by some security services. Another example is the recent MyDoom virus. This virus, which is another speed demon that broke all previous speed-of-infection records, can also destroy data on the hard drive.
Well, there is great news because, similar to the high-end, 3D graphic functionality of the early 90s, premium RAID functionality is rapidly finding its way to the mass market. As RAID products with enterprise-class features converge with affordable interconnect and disk technologies such as SATA (serial advanced technology attachment), the RAID features utilized by the big IT departments are suddenly within the reach of SMB IT staffs and even becoming available to individual workstation and PC users. This means that many new opportunities suddenly emerge for RAID’s ability to create secure local backups of data that are protected from the likes of viruses, malicious users (or non-malicious but very active toddlers), and disk crashes.
For example, RAID functionality can be used to support a software engineer with sensitive product development data on his or her workstation, or a CPA with clients’ tax forms on a home office PC, or a medical practice administrator with patient data on the office server that should be secured according to stringent HIPAA regulations.

Basic Requirements for RAID
The possibilities for deploying RAID technology abound. Wherever important data is being stored, there is likely an opportunity for RAID. So how does one start adding RAID functionality to a SMB or personal computing environment? The first items required are storage components that support SATA and enclosures that support these components. The good news is that SATA equipment is a good deal more affordable than the SCSI gear on which RAID traditionally operated. Items required include:

• A high-performance, highly functional SATA RAID controller;
• A minimum of three SATA disks;
• Enclosures that allow the configuration for at least four SATA drives and provide adequate power and cooling; and
• A SATA hot-swap drive enclosure.
• good place to start getting guidance on these products is from a local computer reseller who should be able to provide adequate configurations for SATA-based RAID equipment.

Configuring RAID to Prepare for Disaster Recovery
To help understand how to utilize RAID for disaster recovery, let’s first review some RAID basics. RAID allows the creation of a data array that appears as a single volume or disk to the user but, under the covers, the data actually resides on multiple disks to enhance data integrity or I/O performance. There are different types of RAID arrays. With a RAID1 or mirrored array, data integrity is enhanced since the same data is written to two physical disks. If one disk fails, the data is still on the other disk. “N-way mirroring” or RAID1n is an enhancement of RAID1 that creates more than one mirror of existing data.
Mirroring is a basic RAID feature that is now available with some operating systems such as Linux and Windows. However, to create a secure local backup with RAID, the enterprise-class functionality mentioned earlier must be deployed, including:

• RAID1n – Create more than one copy of a mirror;
• Mirror splitting – Split a mirror off from one array into its own, new array;
• Array hiding – Hide an array backup from users and from the operating system, making it visible only to the system administrator; and
• Online RAID level migration (ORLM) – Transform an array from one type to another without interruption to I/O processing.

1. Create a 3-way RAID1n array
The first step in creating a secure local backup is to make a 3-way RAID1n array that essentially creates three copies of your data.

Figure 1. A 3-way RAID1n array

Once the array is created, the data is protected from a disk crash or failure, but not from malicious users or viruses since all mirrors are still visible and accessible to users and the operating system.

2. Split the mirror and hide an array
The most functional SATA RAID controllers support mirror splitting and array hiding. These features treat one of the array mirrors as a data backup that can be separated from the active array and then hidden from users and the operating system. Once the mirror has been split and hidden, its data is no longer susceptible to viruses or malicious users since they cannot corrupt or delete what they cannot see.

Figure 2: A split mirror and hidden array

At this point, there is an active RAID1 array plus a hidden backup of the data which is now protected from both disk crashes and from ill-behaved software and users.

Disaster Recovery
Now, imagine that a catastrophe occurs: the anti-virus software does not recognize a new, fast-spreading virus and it infects the system, overwriting critical data in the active RAID1 array.

3. Unhide the hidden array and re-create the RAID1 mirror
Having removed the virus, the damaged array is deleted. Then, using ORLM, the hidden array is transformed to a visible RAID1 array. At this point, the new array is split and re-hidden, and the system is back up and running as before.

Figure 3: Disaster recovery

The real benefit of using local RAID is that systems can now recover quickly and easily from a serious disk or data catastrophe without any special backup hardware purchases.
However, there is a need to be diligent about periodically creating and hiding an updated mirror because it contains the data at the point when the split occurs, and any modification made to a visible, active array subsequent to each split is not reflected in the hidden array.

Final Notes
There are a couple of notes worth mentioning before closing. First, RAID is not a replacement for anti-virus software; it complements it. Anti-virus products do an excellent job of screening known viruses. However, should a new, unknown virus evade the AV screen and corrupt data, recovery is possible with a hidden array solution. Second, RAID complements rather than replaces any backup procedures that an organization may already have in place. For example, a hidden, local array is protected from software or user threats, but not from fires or floods. Thus, a remote backup procedure is still required for business-critical data.
So, what are the “take-aways” from all this?

• Data is important and critical to most companies and businesses, yet the threats are flourishing faster than disaster prevention products can respond to.
• The RAID features that brought peace-of-mind to Fortune 500 companies are no longer beyond the budgets of SMBs and consumers.
• By using the right RAID in the right way, all of us can begin to sleep better at night like system admins who have long enjoyed the benefits of RAID.

©Copyright 2004 Systems Support Inc. All rights reserved. Reproduction in whole or in part in any form or medium without the express written permission of System Support Inc. is prohibited.