RE: RAID 5 drive replacement schedule

["Murda Mcloud" <murdamcloud () bigpond com>]

All the usual mechanisms are in place-backups and hot swappable in all our
servers etc.

What I was interested in was finding out whether there had been any work
done to study what the chances of older drives failing was-ie as you get
past a certain age-are drives more likely to fail. Anecdotally, I have had
the same experience with drives-some fail OOB some just keep spinning.

I'm not trying to incur more cost but was wondering whether people ever
replace drives in this manner. I thought of the analogy of my mountain bike
and how I don't wait for my brakes to fail before I replace them. There are
two for a certain kind of redundancy. RAID is obviously different to this
though and I would not rely on it solely-hence backups.


Now, as I work in a small company, security and 'normal' IT go hand in hand
and the boundaries are much fuzzier for me than they are for Adriel. One
informs the other. As someone said, money is the choke point and that's the
reality.





> > -----Original Message-----
> > From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> > On Behalf Of Petter Bruland
> > Sent: Saturday, June 21, 2008 5:29 AM
> > To: Adriel Desautels; Rivest, Philippe
> > Cc: Murda Mcloud; security-basics () securityfocus com
> > Subject: RE: RAID 5 drive replacement schedule
> >
> > Security or not...
> >
> > Does your array support a hot-spare or stand-by disk? Then that would be
> > the best way to go. Once a drive fails, it will alert based on
> > syslog/eventlog/3rd party app etc that a drive is bad, and rebuild the
> > bad drive's data on the hot-spare/stand-by disk.
> >
> >
> > If that isn't an option, and you are expecting a failure any day, I'd
> > just keep an eye on the array health and make sure you have one or two
> > spare drives on hand.
> >
> > ** I've never done this, but I believe you can slowly replace all drives,
> > and then have a working full RAID-5 disk set as a backup?  I have had bad
> > luck with older drives that used to be 24/7, then taken offline and back
> > online.
> >
> > Those are my 2 cents.... And in today's exchange rate, that's not much.
> >
> > -Petter
> >
> >
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> > On Behalf Of Adriel Desautels
> > Sent: Friday, June 20, 2008 11:00 AM
> > To: Rivest, Philippe
> > Cc: Murda Mcloud; security-basics () securityfocus com
> > Subject: Re: RAID 5 drive replacement schedule
> >
> > Philippe,
> >     I disagree with you and I think that the definition of security
> > that you provided is partial, but thats just my opinion. Availability is
> > a vague term that can, but does not always have a role in security.
> > Determining what the proper schedule is for a drive replacement policy is
> > something that can be done by IT without the security team. Deciding how
> > to dispose of the drives on the other hand is security.
> >
> >
> > Regards,
> >     Adriel T. Desautels
> >     Chief Technology Officer
> >     Netragard, LLC.
> >     Office : 617-934-0269
> >     Mobile : 617-633-3821
> >     http://www.linkedin.com/pub/1/118/a45
> >
> >     Join the Netragard, LLC. Linked In Group:
> >     http://www.linkedin.com/e/gis/48683/0B98E1705142
> >
> > ---------------------------------------------------------------
> > Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
> > Penetration Testing, Vulnerability Assessments, Website Security
> >
> > Netragard Whitepaper Downloads:
> > -------------------------------
> > Choosing the right provider : http://tinyurl.com/2ahk3j Three Things you
> > must know  : http://tinyurl.com/26pjsn
> >
> >
> > Rivest, Philippe wrote:
> > > Adriel & Murda
> > >
> > > It is a security issue the way you store your data. In regards to the
> > > raid technologies, raid 5 improves the availability of the data by
> > > making sure that a single drive failed will not impact the availability
> > of the data.
> > > Remember that security is
> > > 1- Confidentiality
> > > 2- Availability
> > > 3- Integrity
> > >
> > > The main goal of a Raid 5 is to help #2. You are referring to the
> > > disposal of the HD which is the issue of confidentiality and that is
> > > not what Murda was aiming at. If it is, go for encryption, degaussing,
> > > destruction and just plain format (if the data is not confidential).
> > >
> > > As I explained to him offline, the MTTF and MTBF is about the same for
> > > 2 HD bought/constructed at about the same time. How ever, those are
> > > not absolute numbers that state that, if one drive fails the other one
> > is about to go too.
> > > It's more an estimated value against which you should have some
> > > confidence/hope, your drive should not fail before X hours (it could
> > > go before but the average is X).
> > >
> > > In a raid 5, Drive A, B and C are online and working (they are the
> > > same drive bought at the same time). Drive A fails, you should NOT
> > > change drive B & C unless they are failing also. If you do, the cost
> > > of your raid 5 will be greater then what it should be (the replacing
> > > of the parts are going to cost a lot). Change drive A and hope drives B
> > & C will last longer.
> > > The only issue is that 2 drives fail at the same time, which is very
> > > improbable. And if it does, you should be going for your back ups.
> > >
> > >
> > > I do hope this clarified the questions and that I wasn't to unclear
> > > with my details!
> > >
> > > Merci / Thanks
> > > Philippe Rivest, CEH
> > > Vérificateur interne en sécurité de l'information
> > > Courriel: Privest () transforce ca
> > > Téléphone: (514) 331-4417
> > > www.transforce.ca
> > >
> > >
> > > -----Message d'origine-----
> > > De : listbounce () securityfocus com
> > > [mailto:listbounce () securityfocus com] De la part de Adriel Desautels
> > > Envoyé : 20 juin 2008 11:27 À : Murda Mcloud Cc :
> > > security-basics () securityfocus com Objet : Re: RAID 5 drive replacement
> > > schedule
> > >
> > > Murda,
> > >    The real answer to your question is that it is very, very
> > improbable
> > > that all of the drives in the array will fail at the same time. Most
> > > drives are good for a certain period of years, after which point you
> > > are getting "extra time".
> > >
> > >    That is not a security issue though. That is an IT related issue.
> > The
> > > security issue comes into play when you dispose of your drives. Do you
> > > shred them, just throw them in the dumpster, how do you dispose of
> > them?
> > > Regards,
> > >    Adriel T. Desautels
> > >    Chief Technology Officer
> > >    Netragard, LLC.
> > >    Office : 617-934-0269
> > >    Mobile : 617-633-3821
> > >    http://www.linkedin.com/pub/1/118/a45
> > >
> > >    Join the Netragard, LLC. Linked In Group:
> > >    http://www.linkedin.com/e/gis/48683/0B98E1705142
> > >
> > > ---------------------------------------------------------------
> > > Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
> > > Penetration Testing, Vulnerability Assessments, Website Security
> > >
> > > Netragard Whitepaper Downloads:
> > > -------------------------------
> > > Choosing the right provider : http://tinyurl.com/2ahk3j Three Things
> > > you must know  : http://tinyurl.com/26pjsn
> > >
> > >
> > > Murda Mcloud wrote:
> > > > In my mind, this a security related question as it has to do with
> > > > ensuring availability.
> > > >
> > > > Does anyone have links towards any whitepapers etc that suggest
> > > > replacement of disks in a RAID 5 array as part of a maintenance cycle?
> > > >
> > > > If all the drives in an array are the same age and one fails; does
> > > > this
> > > mean
> > > > the others are more likely to fail. I'd imagine so as they have had
> > > > the
> > > same
> > > > amount of usage.