Wouldn’t it be wonderful if even individual workstation and PC users could have such protection for their data, especially in light of the recent blizzard of fast-moving viruses and e-mail worms?
For example, the Witty Worm is a recent plague and has spread like wildfire, overwriting random sectors on the hard disk, preventing normal operation of PCs and eventually causing PCs to crash. At the peak of the Witty outbreak, according to an article in eWeek magazine, as many as 300,000 Witty-related packets per hour were recorded by some security services. Another example is the recent MyDoom virus. This virus, which is another speed demon that broke all previous speed-of-infection records, can also destroy data on the hard drive.
Well, there is great news because, similar to the high-end, 3D graphic functionality of the early 90s, premium RAID functionality is rapidly finding its way to the mass market. As RAID products with enterprise-class features converge with affordable interconnect and disk technologies such as SATA (serial advanced technology attachment), the RAID features utilized by the big IT departments are suddenly within the reach of SMB IT staffs and even becoming available to individual workstation and PC users. This means that many new opportunities suddenly emerge for RAID’s ability to create secure local backups of data that are protected from the likes of viruses, malicious users (or non-malicious but very active toddlers), and disk crashes.
For example, RAID functionality can be used to support a software engineer with sensitive product development data on his or her workstation, or a CPA with clients’ tax forms on a home office PC, or a medical practice administrator with patient data on the office server that should be secured according to stringent HIPAA regulations.
Basic Requirements for RAID
The possibilities for deploying RAID technology abound. Wherever important data is being stored, there is likely an opportunity for RAID. So how does one start adding RAID functionality to a SMB or personal computing environment? The first items required are storage components that support SATA and enclosures that support these components. The good news is that SATA equipment is a good deal more affordable than the SCSI gear on which RAID traditionally operated. Items required include:
A high-performance, highly functional SATA RAID controller;
A minimum of three SATA disks;
Enclosures that allow the configuration for at least four SATA drives and provide adequate power and cooling; and
A SATA hot-swap drive enclosure.
good place to start getting guidance on these products is from a local computer reseller who should be able to provide adequate configurations for SATA-based RAID equipment.
Configuring RAID to Prepare for Disaster Recovery
To help understand how to utilize RAID for disaster recovery, let’s first review some RAID basics. RAID allows the creation of a data array that appears as a single volume or disk to the user but, under the covers, the data actually resides on multiple disks to enhance data integrity or I/O performance. There are different types of RAID arrays. With a RAID1 or mirrored array, data integrity is enhanced since the same data is written to two physical disks. If one disk fails, the data is still on the other disk. “N-way mirroring” or RAID1n is an enhancement of RAID1 that creates more than one mirror of existing data.
Mirroring is a basic RAID feature that is now available with some operating systems such as Linux and Windows. However, to create a secure local backup with RAID, the enterprise-class functionality mentioned earlier must be deployed, including:
RAID1n – Create more than one copy of a mirror;
Mirror splitting – Split a mirror off from one array into its own, new array;
Array hiding – Hide an array backup from users and from the operating system, making it visible only to the system administrator; and
Online RAID level migration (ORLM) – Transform an array from one type to another without interruption to I/O processing.
1. Create a 3-way RAID1n array
The first step in creating a secure local backup is to make a 3-way RAID1n array that essentially creates three copies of your data.
Figure 1. A 3-way RAID1n array
Once the array is created, the data is protected from a disk crash or failure, but not from malicious users or viruses since all mirrors are still visible and accessible to users and the operating system.
2. Split the mirror and hide an array
The most functional SATA RAID controllers support mirror splitting and array hiding. These features treat one of the array mirrors as a data backup that can be separated from the active array and then hidden from users and the operating system. Once the mirror has been split and hidden, its data is no longer susceptible to viruses or malicious users since they cannot corrupt or delete what they cannot see.
Figure 2: A split mirror and hidden array
At this point, there is an active RAID1 array plus a hidden backup of the data which is now protected from both disk crashes and from ill-behaved software and users.
Now, imagine that a catastrophe occurs: the anti-virus software does not recognize a new, fast-spreading virus and it infects the system, overwriting critical data in the active RAID1 array.
3. Unhide the hidden array and re-create the RAID1 mirror
Having removed the virus, the damaged array is deleted. Then, using ORLM, the hidden array is transformed to a visible RAID1 array. At this point, the new array is split and re-hidden, and the system is back up and running as before.
Figure 3: Disaster recovery
The real benefit of using local RAID is that systems can now recover quickly and easily from a serious disk or data catastrophe without any special backup hardware purchases.
However, there is a need to be diligent about periodically creating and hiding an updated mirror because it contains the data at the point when the split occurs, and any modification made to a visible, active array subsequent to each split is not reflected in the hidden array.
There are a couple of notes worth mentioning before closing. First, RAID is not a replacement for anti-virus software; it complements it. Anti-virus products do an excellent job of screening known viruses. However, should a new, unknown virus evade the AV screen and corrupt data, recovery is possible with a hidden array solution. Second, RAID complements rather than replaces any backup procedures that an organization may already have in place. For example, a hidden, local array is protected from software or user threats, but not from fires or floods. Thus, a remote backup procedure is still required for business-critical data.
So, what are the “take-aways” from all this?
Data is important and critical to most companies and businesses, yet the threats are flourishing faster than disaster prevention products can respond to.
The RAID features that brought peace-of-mind to Fortune 500 companies are no longer beyond the budgets of SMBs and consumers.
By using the right RAID in the right way, all of us can begin to sleep better at night like system admins who have long enjoyed the benefits of RAID.
Steve McIntosh, MBA, CISSP, is a product marketing manager for Broadcom Corporation. He also has more than 10 years in security software product management and customer support at nCipher, CertCo, and Digital Equipment Corporation (now HP).