On Fri, 4 Mar 2005 10:38:35 -0500
"Gosalia, Veeral" <veeral.gosalia (at) fticonsulting (dot) com [email concealed]> wrote:
>
> What are everyone thoughts/approaches on acquiring large raid arrays?
I assume you do not need a current system status (i.e. the running
system, memory dump, etc)? Else you'd probably need to do imaging via
network which usually is much slower than direct disk2disk imaging.
See http://www.wyae.de/docs/ for network imaging examples off a unix
system.
> For example how do folks approach imaging a 1 Terabyte raid array
> consisting of SCSI drives.
Do you need a pathological image (i.e. with all empty and slack space)
or just the files?
For a pathological image you need to copy that bit by bit. For a
file-only image you could use rsync, tar or similar - which will be a
lot faster of course as you won't need to copy all the empty space.
Current maximum transfer rates of controllers can reach ~150 MByte/s, or
7 seconds per GB or 2 hours per TB. Current single harddiscs are
somewehre between 30-60Mbyte/s, thus you will need a decent RAID
controller and about 4-8 discs for it.
Standard PCI bus is limited to roughly 1 Gbit/s (the fast/wide version,
64@66 to max. 4Gbit/s) - thus you'll be limited to max. 120 Mbit/s, or
10 seconds per GB, 3 hours per TB. Theoretical maximum, that is...
> I am somewhat reluctant of imaging each
> drive separatly given the risk of damaging the raid. I generally
> prefer inserting in a PCI IDE card and imaging in Encase DOS, but that
> process takes almost 10 mins a GB to capture.
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
On Fri, 4 Mar 2005 10:38:35 -0500
"Gosalia, Veeral" <veeral.gosalia (at) fticonsulting (dot) com [email concealed]> wrote:
>
> What are everyone thoughts/approaches on acquiring large raid arrays?
I assume you do not need a current system status (i.e. the running
system, memory dump, etc)? Else you'd probably need to do imaging via
network which usually is much slower than direct disk2disk imaging.
See http://www.wyae.de/docs/ for network imaging examples off a unix
system.
> For example how do folks approach imaging a 1 Terabyte raid array
> consisting of SCSI drives.
Do you need a pathological image (i.e. with all empty and slack space)
or just the files?
For a pathological image you need to copy that bit by bit. For a
file-only image you could use rsync, tar or similar - which will be a
lot faster of course as you won't need to copy all the empty space.
Current maximum transfer rates of controllers can reach ~150 MByte/s, or
7 seconds per GB or 2 hours per TB. Current single harddiscs are
somewehre between 30-60Mbyte/s, thus you will need a decent RAID
controller and about 4-8 discs for it.
Standard PCI bus is limited to roughly 1 Gbit/s (the fast/wide version,
64@66 to max. 4Gbit/s) - thus you'll be limited to max. 120 Mbit/s, or
10 seconds per GB, 3 hours per TB. Theoretical maximum, that is...
> I am somewhat reluctant of imaging each
> drive separatly given the risk of damaging the raid. I generally
> prefer inserting in a PCI IDE card and imaging in Encase DOS, but that
> process takes almost 10 mins a GB to capture.
Use Knoppix and DD from one to the other RAID.
Bye
Volker
--
Volker Tanger http://www.wyae.de/volker.tanger/
--------------------------------------------------
volker.tanger (at) wyae (dot) de [email concealed] PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
[ reply ]