On Fri, 3 Nov 2006 11:04:03 +0100, ropers wrote: >Repeat after me: >"Complexity is the worst enemy of security. Secure systems should be >cut to the bone and made as simple as possible. There is no substitute >for simplicity." (Schneier) > >RAID is wonderful in theory. >But it ain't so easy to escape bad RAID products. It can be difficult >to avoid RAID pitfalls. RAID can be surprisingly hard to get right and >unexpectedly easy to screw up. > >You'll remember Nick when a screwed up RAID setup bites you.
This may not sound relevant ( except to the old wise men) but it is. I am a pilot (or was until I ran out of time to stay current) and there is a parallel relating to the case under discussion. Which would you rather be a passenger in: A single engine aircraft? or A twin engine aircraft? Guess what? Twins have twice as many engine failures as singles. What is worse is that, unless the pilot(s) is/are really current and on top of it, the risk to your neck is worse in a twin with one out than a single with no power. On some days here in the summer there are twins that cannot climb out with one donk shut down and feathered. It's the aviation version of what Bruce Schneier talks about. The maestro who gave me my multi-engine endorsement had, at that time (32 years ago) flown the Pacific solo 54 times in singles and he taught me to figure out when the twin I was flying became a twin. Below that point he wanted me to treat <his> plane as a single and bend it as little as possible. We are both still alive. So I agree with Nick. Unless you need, <really> need, the complexity of RAID <and> you have proven management skills in disaster recovery with the variety you are managing, forget it and do better backups. As far as firewalls are concerned physical size is not an issue. Pick a small form factor mobo that will handle the number of packets per second you need with a good margin and CARP it. No stinkin' RAID needed. CARP (thanks guys!) is like two planes - not one plane with two engines. Besides I don't see any RAID for my Compact Flash on the market. ;-) Two Soekris or Yawarra Eber units is a smaller volume than a slim desktop PC. and the combo does exactly what Nick says. And that was the scenario under discussion. It was not small entertprise servers, where I run Stardom SATA RAID 1 hardware with standby hardware of the same rev. AND do backups on offsite media, of course. But then I'm even older than Nick........... tho' he's a good lad, still soaking up experience. 8-) R/ Simply put: 1> Go find out how MTBF is calculated. 2> Be ready, really ready to handle the one out situation. >From the land "down under": Australia. Do we look <umop apisdn> from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server. Your IP address will also be greytrapped for 24 hours after any attempt. I am continually amazed by the people who run OpenBSD who don't take this advice. I always expected a smarter class. I guess not.
