Storage Uni's Server & Network Project! [Update 05-06-14 - Cisco Meraki Installed]

Thanks for clearing that up

Any thoughts on going for the bigger RAID card (12 port) and using it for both arrays? The Raid 5 array and the smaller 4TB Raid 0 array? Or would it be easier and better to just use the motherboards onboard SATA controller for that second array and leave the dedicated controller to handle the main array?

 

Depends how paranoid you are about data loss. Or more accurately, how much you'd lose if you lost everything.

If you absolutely can't lose the data on it, then you should buy two of everything and run two servers, with a nightly RSYNC so its never more than a day out of date. Gigabit switching (or if you have a spare gigabit NIC in the two servers, a crossover cable and a private subnet) would be sensible for this activity.

You might consider the two servers to be in different physical locations in the building, so in the case of theft of your primary, your secondary would be hidden somewhere and not easily spotted.

If, however, its to backup just a selected portion of critical data, then the onboard RAID would do it; that allows you to lose the array card and for the array data to also be somehow lost from the drives themselves). In this case, I'd suggest a simple mirror via your onboard RAID would do it, or if you're not worried about redundancy on your backup (which would be a bit illogical given you're going to the lengths of having a backup), you could just do a JBOD volume.

 

I think what I'll eventually do is have another backup system somewhere else in the house (in my closet upstairs where this server used to live would be as good a place as I can think of - CAT6 cable and faceplate + power already installed) and have the 4TB array on the motherboards controller. Then absolutely essential data would be backed up to the 4TB array every day, and everything would be backed up to the NAS/secondary backup every couple of days.

I really can't lost the data on it... yeah, it's got films and tv series on it but it also has important business documents, accounts and files as well as the entire family photo album with over 40 years (some older) of family photos and history.

Another question I overlooked and forgot about in the OP - security. Would it be good practice to put this server (and my whole network) behind a firewall, either software based or hardware based? I'm already re-doing the whole network in the workshop and have re-done it in the house. I'm wondering if a firewall is necessary. I run a Cisco/Linksys Gigabit router with DD-WRT firmware.

 

The 4TB backup array, if you can't afford to lose anything on it, dont make it raid 0 !!!

Raid 0 is striped, meaning the data gets divided between all disks, if one fails, you lose it all.

I'd probably use Raid 5 on both arrays for redundancy sake, but there are a couple of things to at least bare in mind before you use raid 5
If the controller card goes down, you'll need a like for like replacement.
If your hot spare or replacement drive isn't re-built and joined to the array before a second drive fails, the array will fail.


Simplest for the most paranoid is Raid 1, it mirrors data on two drives, and worst case scenario if the controller goes down or a drive fails, you can "split" the array and use one of the disks as a good hard drive stand alone, as all the controller has been doing is writing the data as is to both drives then reading it from either.

Performance wise what i use on the servers at work is Raid 10, which is basically two raid 1 arrays with a raid 0 array sitting on top of it.
it means you get the performance of Raid 0 with the redundancy of Raid 1.
it does mean that i need an even number of disks and half are mirrors but its a fair trade off for what i need.

 

I would definitely recommend a BIG RAID5 for your main storage including the films, and a smaller RAID1/10 or even 5 for the secondary backup of your critical stuff only, probably with a daily rotate so you've got a few days worth of back data to work around corrupted/virus infected/accidentally deleted files.

Using Windows and mapped drives, the Microsoft SyncToy2.0 can be used to set incremental repos named "Monday", "Tuesday" etc through "Sunday" and you can then set this to be run via scheduled tasks, one for each day launching "synctoy.exe Monday" or whatever the exact syntax will be.

With regards to your business data, you should check into what legal requirements you're supposed to adhere to for data retention as well.

Now you're safely in my territory - I'm a certified Cisco engineer for a living (we use VMware so directly attached storage and ISCSI are things I know a bit more than average about, although not as much as some round here).

Excepting a flaw in the software of the device, or a backdoor in DD-WRT that no-one knows about, the very nature of IPv4 and NAT means that public addresses cannot traverse RFC1918 address space, so no-one can break into your network quite literally as they couldn't route to your hosts if they did.

The vulnerability is generally in weak software/security on exposed services.

So, if you've got ANY port forwarding to allow inbound traffic, those devices should be on a seperate subnet, and vlan, from anything else on your network, with a hardware firewall controlling their access back to you AKA a full-fledged DMZ. Best practice would also assume if you have a domain controller, that your devices on the DMZ do not connect to it, or they connect to their own domain.

I'm more than happy to elaborate on this if it would help.

 

I really would appreciate it if you could elaborate on this if you wouldn't mind! Just to clarify, my home and workshop network are now one and the same. Previously, they were seperate, but it was pointless having it set up that way so I've connected them now. In the house I have an o2 home BB router serving the DD-WRT loaded Cisco/Linksys router, which then feeds a 24 port Dell switch for the house and another 24 port Cisco Catalyst switch in the workshop. Of the available 24 ports on the switch for the house, 16 are used and there are a total of 9 devices connected at all times, with the others as spares in rooms that don't have a PC/HTPC etc. In the workshop, there are a total of 14 ports of the available 24 used and four devices connected (and running) at all times - these are the servers and folding rigs.

Customers machines are regularly connected to the network in the workshop to backup data to my other file server (JBOD, total 3.5TB), install software updates and check connectivity/NIC drivers. A lot of the time, these machines are virus and spyware infected when they come in, which is why I am concerned about the security and integrity of data on the whole network, not just the server. Is there anything I can be doing or anything that I could install which makes connecting a virus-infected computer to a network in order to update antivirus software and remove the virus safer for my data?

 

Is that the Dell switch I sold you a while ago? What model was it? It may have a "managed mode" button on it - can you check? What model is your Cisco switch please?

Can you draw up a basic basic diagram in paint showing how your switches, routers (note if they have wifi as well please) hang together, with a bubble off to the internet at the appropriate point, and also indicate where your "new" file server will go switch wise, and where your workstop JBOD sits?

I think I understand your layout but it'll be easier this way!!

To answer in brief, yes there's several bits I can recommend to secure your network, although it will depend on the above diagram and how seperated you want to go!

 

It may be the switch you sold me, I'm really not sure I'll have a look and see, but it definately doesn't have a managed mode button, it's an unmanaged switch. I'll get the model numbers of everything and draw you up a diagram

Yeah I know what RAID 0 is... and I think you misunderstand what I intend to use that drive for. It'll be an internal backup of the main array, which will also be backed up to another NAS in a seperate location. So there are two backups of the Main array, one 4TB RAID 0 in the same server and another RAID 5 in a NAS elsewhere. I intend on using RAID 0 for the primary backup array because it is cheaper, and I already own two of the disks that will make up that array. I don't want to blow £100s more on a RAID 10 array to get 4TB of backup space when I will already have a second RAID 5 array elsewhere. I think I should be pretty well covered with two R5 arrays at 6TB each and a 4 or 6 TB R0 array.

 

Cool stuff, I'll subscribe to the thread so I'll know when you post the diagram. I think the one I sold you was a 2724 in which case its not managed. As that's in your house, that's cool. The Cisco in your workshop however will more than likely support some VLANs, so I can suggest clever stuff if it does.

 

*LARGE BUMP*

I know I never uploaded it, but I did draw this out for you at the time and will dig it up when I get home later and post it. I haven't done much more on this project since last posting - it went on the back burner so I could get other stuff with the workshop and house sorted out, but I'm back to needing a better network and storage setup again, my temporary "chewing gum, duct tape and twine" solution all but at it's very limit and not looking like it'll hold out for much longer. Still running out of storage space, still not getting everything backed up properly, and still getting frankly dire network transfer speeds.

My latest question for this thread is with regard to the Gigabyte H55N-USB3 Mini-ITX motherboard, and it's compatibility with the Highpoint RocketRAID 3530LF - would it be possible to put the storage controller card into the 16x PCI-E slot on that motherboard and still use the on-board VGA? More than ever, I want the server to be as green as possible, and I may have the chance of getting a Gigabyte H55N-USB3 board. If I keep the core parts of the server (which lives in a modified Antec Three Hundred) as small as possible, I'll be able to fit more drives into it, although I'm only toying with the idea of the mini-ITX board at the moment, because I have two or three other full ATX ones here which would do the job, it's just that they're S775 so wouldn't support as "green" a CPU like the 73W underclockable i3 540.

[edit]

I should also note that due to a friend installing one for a client recently and loving it, and telling me how good it actually is, I'm also pretty dead set on having my external backup as a 5 bay Drobo NAS. It may be damned expensive and I may not be able to buy it right away as well as upgrading the server storage, but I think in the grand scheme of things it'll be money well spent.More th

 

Provided the CPU has a built in GPU (so all i3's?) you can use the onboard video, then you're free to add in any card into the PCI-E slot.

Trouble with the LGA775 ATX setups you have is, like you said, they're not very 'green'. With a decent case the ITX could run rings around the 775 based systems.

 

Yeah, but the ITX board will fit in the Three Hundred and leave plenty of space for other things. The Three Hundred currently supports 11 drives, 6 at the front behind the intakes and another 5 in the vertical hotswap backplane installed in the 3x 5.25" bays. I just want it to suck as little power as possible from the wall because it's on 24/7,365. It hasn't been off once since I built it into the Three Hundred - restarted a couple of times, but never off.

 

Even if you were to OC the CPU, it'd still be running on less power, simply because there's less CPU than say the 775 systems, smaller fab process (32nm?) compared to the 45/65nm process, so less power used there.

[stupidscience]Plus, because it's actually a smaller board, it takes up less space in the world, easing overcrowding, and reduces air pressure because it's not taking up excess space...[/science]

 

Haha, I tend to agree - on both counts! Done deal I'd say - I already have a spare 4 GB OCZ dual channel DDR3 kit here which I could use with it, all I'd need would be a 530/540 CPU and I'd be set

 

Sadly I don't have one of those...

 

Nope, but I know several places who could sort me out with one very easily

 

Well I did subscribe

Feel free to prod via PM about the networking side of stuff if I can help.

I also have some tasty managed gigabit Dell 5324 switches hanging around, which you can do etherchannel aggregation with to increase your bandwidth, if you need a bit more of a boost.

They are rated at 65w peak on their PSUs which isn't too bad green-wise, as Cisco quote 60w peak on a 2960G.

 

Now you're tempting me It is about time I ditched the 10/100 switches though... there's no doubt they are what's hindering my transfer speeds. Could the VLAN be achieved with those Dell's? I still need to "cordon off" the workshop from the rest of the network when I'm connecting potentially virus ridden customer PCs to it.

 

I think you would be fine with keeping the 775 system and putting in the E7400(It's free aftreall).
The TDP is 65Watts, so you won't get much lower.

as welll as overclocking like a champ they also Underclock rather well as well
They take around 1.25 volts at stock and could easily be underclocked to 1.18 volts without a clock drop. If you are prepared to use a lower FSB you could get it even lower I say.

 

I'd have to go and check, but I'm pretty sure that E7400 is long gone now murray I just like the idea of having a 32nm i3 in there anyway, it seems a little more future proof. I have to start moving away from 775 boards in my own machines some time! Two of my dedi folding machines, my office PC and a temporarily thrown together gaming machine for my occasional game of CS:S are all running on S775 C2D's and C2Q's (The quads are in the folders. Obviously! 's
where it counts! )