manualshive.com logo in svg

napp-it ZFS Storage, Руководство пользователя

Загрузите бесплатное руководство пользователя для продукта хранения данных napp-it ZFS, чтобы узнать как использовать функционал и настроить ваше хранилище. Получите доступ к руководству для улучшения производительности и безопасности хранения данных. Скачайте его с manualshive.com.

Поделиться
Скачать
background image

23. Disaster and General Data Security 

 

ZFS is the best available free technology to protect your data. It adresses nearly all problems of conventional 
filesystems and raid technologies with many disks or large capacity. Unlike checksummed backup technologies 
like Snapraid it works in realtime and protects your data from the moment when you click save. It can detect 
every problem due data and metadata checksums in the chain disk-controller-driver > controller  > cabling > 
disk. On access or with a online scrubbing that you should run on a regular base it can repair all bitrot/silent 
data errors or write/read errors on the fly.  ZFS software raid protects against raid problems like bitrot on a 
Raid-1. A conventional system reads from one or the other part of a mirror but cannot detect if a datablock 
contains garbage and if it detects that both parts of a mirror are different, it cannot decide, with one is good 
and which on is bad due the missing data checksums. ZFS detects the faulted part and repairs on the fly.

With Snapshots that are readonly (nobody can modify/ delete them on a share and not even root can modify 
them locally)  you are protected against unwanted file modification or delete. Even malware like those who 
encrypt all your data continously in the background asking for money to decrypt cannot encrypt snapshot data, 
not even when running as admin. This is important as you quite often detect the problem too late when even 
data on backup is encrypted or modified. You need readonly longterm versioning with ZFS snaps to be safe.

With ZFS you can use raid-levels with a unique protection agains disk failures. With Raid-Z2/3 you can use 
vdevs where 2 or 3 disks can fail per vdev without a dataloss. The statistical chance to loose data due disk 
failures is then near zero. ZFS Raid is software raid with CopyOnWrite that protects against raid write hole pro-
blems. On a powerloss during a write on a conventional Raid 1/5/6 it can happen that datamodification is done 
on one half of a mirror but not on the other or that data is modified but metadata not updated or in case of a 
raid 5/6 that a stripeset is written on some disks but not all.  ZFS use Copy on Write what means that an ato-
mic write (ex data modifi metadate update) is done completely or discared ex due a crash.  So different 
states of mirrored disks or partly written raid stripes are not possible on ZFS by design. 

So for daily use, you are protected agains all sorts of problem?
Yes - nearly. Three problems must be adressed outside ZFS, this is data corruption in RAM, a crash or power 
outage and a disaster like a sabotage by an employee, human errors, fire, theft or overvoltage due a flash. 

 

23.1. Data Corruption due RAM problems 

 

This is not a ZFS problem but a problem of any sort of data processing. A bitflip in RAM modifies data. This can 
result in a crash, in a wrong calculation or in modified data during a write or with a checksummed filesystem 
during a read when processing the checksum. While these problems affects all computer systems, ZFS promises 
100% data protection against any sort of problems. Undetected RAM problems/bitflips is quite the only 
problem that ZFS cannot detect nor repair.  The chance of such problems may be acceptable with less RAM like 
a few hundred Megabyte. A modern workstation or storage server use Gigabytes of RAM. In such a cese a bitflip 
is not a theoretical chance but a real problem that happens too often. To adress this problem you must use 
RAM with checksums = ECC Ram, more https://en.wikipedia.org/wiki/ECC_memory

So it is unsafe to use ZFS without ECC? 
In the end yes, its unsafe as ZFS cannot protect against all typical computer problems that can happen on daily 
use without RAM protection. You should simply not buy new systems without ECC, does not matter if its a 
storage server or a workstation when you process sensitive data. The premium is small and data is too valid.

Another question is: Can I use ZFS on my old systems without ECC? 
The answer is more yes than no, especially with RAM in the lower Gigabyte area. If you use any other filesys-
tem, you are affected by the same bitflip problem but there are many other problems where ZFS can help. Write 
errors due RAM problems are the same with every filesystem. ZFS increases the chance of bitflip problems a 
little due processing checksums on read to repair bitrot or silent errors what means a higher RAM usage. You 
can disable checksumming but bitrot on a Multi-TB disk array happens more often than a bitflip on 2-4 GB 
RAM. So again yes, more advantages than disadvantages without ECC when using ZFS instead a checksum less 
filesystem without CopyOnWrite but for sure a NoGo for valuable data.

 

Содержание ZFS Storage

Страница 1: ...napp it ZFS Storage Server User s Guide Setup on OmniOS First steps published 2016 Oct 12 c napp it org Licence CC BY SA see http creativecommons org licenses by sa 2 0...

Страница 2: ...Groups Active Directory 13 NFS server 14 iSCSI FC server 15 Data scrubbing 16 Data snapshots versioning backup 17 Data replikation availability 18 Rollback and Clones 19 Operational settings 20 Applia...

Страница 3: ...le behind them Organizations don t innovate people do As the rise of Linux forced the market price of OS aquisition to zero that open sourcing the Solaris operating system was the right business decis...

Страница 4: ...ctive development with a stable every 6 months long term stable editions minimal OS just enough for a fully functional ZFS server for best stability free but with a commercial support option Just enou...

Страница 5: ...the GUI in production systems prefer Solaris Alternatively you can use the text edition of OpenIndiana or Solaris or OmniOS a minimalistic and very stable OpenSource distribution for storage and othe...

Страница 6: ...2 3 Storage Management via napp it on OmniOS OpenIndiana or Oracle Solaris ZFS Filesystems and disk details...

Страница 7: ...s for HA solutions based on Multipath IO prefer Sata disks with multiple HBAs without expander prefer 24 7 enterprise disks Rules for high capacity storage prefer raid Z2 vdevs with 6 or 10 disks or Z...

Страница 8: ...3 1 ZFS Configurations...

Страница 9: ...to add images with different mainboards disk sizes and napp it Step 3 Boot your server from the CloneZilla USB stick to restore napp it Select your keyboard type device image mode and a the source of...

Страница 10: ...2 select device image mode 3 select local_dev USB drive 4 Clonezilla is now ready to read the napp it image If the image is on an USB 3 stick or disk insert the stick now wait 5s press enter and selec...

Страница 11: ...ot working do a manual network setup see 5 2 2 Image is not compatible with your SSD use the ones that were used to create the image 3 Image is incompatible with your hardware do a manual setup and cr...

Страница 12: ...root Unix and SMB no password press enter twice passwd root 6 enable SSH root access via napp it menu Services SSH 7 Login via Putty to copy paste commands with a mouse right click 8 set TLS for encry...

Страница 13: ...setup a different OS version or a different ditribution ex OpenIndiana or Oracle Solaris or if the default cloning method of a preconfigured image fails Use a 32 GB or larger Sata SSD disk or Sata DOM...

Страница 14: ...te addr T dhcp e1000g0 dhcp add nameserver echo nameserver 8 8 8 8 etc resolv conf use DNS name resolution copy over DNS template cp etc nsswitch dns etc nsswitch conf install napp it online default f...

Страница 15: ...et O www napp it org nappit perl reboot or set current bootenvironment as default reboot set a root password this password is valid for Unix shell logins and SMB connects passwd root optional check cu...

Страница 16: ...laris 11 Express http archive is snZaS The archive is page refers to the old Solaris Express 11 page If you click on a description you are forwarded to the current Solaris 11 page If you click on Down...

Страница 17: ...t a remote console keyboard and the ability to mount ISOs like a lokal CD DVD drive IPMI window Java applet with a virtual keyboard and a console preview that can be displayed full size You can enable...

Страница 18: ...UI in menu Services SSH allow root As this can be a security problem you should disable remote root afterwards with menu Services SSH deny root Tips You can copy paste CLI commands with a right mouse...

Страница 19: ...LAN check modify Unix permissions and ownership To use WinSCP you must enable SSH on OmniOS This is the case per default but per default only allows that regular users can login not root An option is...

Страница 20: ...is menu set in production environments As Solaris is an enterprise OS you can use it for other services or applications as well example a Webserver or Databese Server You can use these services withou...

Страница 21: ...features that are needed to manage a ZFS storage appliance Napp it free is not crippleware or a product that is limited in essential features It is sufficient for many cases It is a stable state of na...

Страница 22: ...gn goal of ZFS Similar to oldstyle partitions you create ZFS filesystems on your pool but unlike old partitions you do not set a size of a filesystem as it can grow dynamically up to the poolsize If y...

Страница 23: ...have different ZFS properties can be replicated and has its own snapshots it is common to use as many filesystems as you like up to thousands example one filesystem per user create a ZFS pool with men...

Страница 24: ...the row of a filesystem example tank userdata to the entry under the column RES or RFRES enable sync write for a filesystem click in the row of a filesystem example tank userdata to the entry under th...

Страница 25: ...server on any X system can act as AD server a lot of sharing options nested shares shares independent from ZFS filesystems permissions are based on Unix UID GID Posix ACL this is a plus if you work ma...

Страница 26: ...et sharesmb off SMB permissions In contrast to other Unix services Solarish CIFS uses Windows alike NFS4 ACL with permission inheritance not traditional Unix permissions like 755 or Posix ACLs https e...

Страница 27: ...these users to all files even when there was no explicit permission set for admins as root has always full access ID mapping is available in menu Users napp it ACL extension Attention Do not map local...

Страница 28: ...sions with the usr bin chmod command per Windows or per napp it ACL extension Modifying ACL via CLI command is really stupid Especially with napp it free you can use Windows beside Home editions to mo...

Страница 29: ...data You can set share level ACL via napp it ACL extension or remotely via Windows server management You must connect a share server management as a user that is a member of the SMB admin group exampl...

Страница 30: ...t affects the mode The default mode for the aclinherit is passthrough napp it only aclmode Modifies ACL behavior when a file is initially created or controls how an ACL is modified during a chmod oper...

Страница 31: ...behaves different This is the reason why the Solaris CIFS server come with an own SMB group management that works independently from Unix groups If you need groups to restrict SMB access you must do...

Страница 32: ...ot restrict ownership when creating folders folder tank data allow everyone readx read and execute no inherit this folder only allow everyone create_folder_set inherit to folders and subfolders allow...

Страница 33: ...Server can be either a member of a workgroup use local user or a domain can use either local or domain user If you switch from domain to workgroup mode remove all mappings with idmap remove a If you j...

Страница 34: ...s this approach was replaced by COMSTAR a enterprise framework to manage iSCSI and FC environments When should you use iSCSI FC when you need a non ZFS filesystem like ext4 HFS NTFS or VMFS ex ESXi en...

Страница 35: ...pointers are not updated old data keeps valid and verified 3 If anything goes wrong this will be detected by checksums on next read and auto repaired self healing That does not mean that you cannot h...

Страница 36: ...ata no autorepair This may be different in future with ReFS but currently this is not a comparable option to ZFS ZFS snapshots ZFS snapshots are far better than the former solutions ZFS is a CopyOnWri...

Страница 37: ...Replikation If you need realtim sync with the exact same datastate at any time you can use a mirror between appliances You need two or more storage nodes independent ZFS storage servers that offer a Z...

Страница 38: ...s the snapshot from which it was created Creating a clone is nearly instantaneous and initially consumes no additional disk space In additi on you can snapshot a clone Clones can only be created from...

Страница 39: ...job Jobs backup create backup job tp backup basic OS and napp it settings to a pool Restore all user SMB groups idmappings and other napp it settings then via User Restore ACL extension Set autoscrub...

Страница 40: ...orts to a secure environment either based on a network adapter link or based on your networks Restrict access to file services Fileserveices like NFS3 do not offer authentication Access can be only li...

Страница 41: ...ks about 100MB s came up many years ago this was sufficient as storage capacity was quite low and performance of an average internal disk and network performance was quite similar Now storage is in th...

Страница 42: ...h faster than the e1000 vnic with the base vmxnet3 tuning The other tuning aspects are main ly relevant for external access or if you use a 10G nic in pass through mode for fastest external access Rem...

Страница 43: ...u need a switch with enough 10G ports This introduces two problems One is that 10G switches with more than two ports are quite expensive Then they are quite loud and only an option in a serverroom In...

Страница 44: ...nd assign disks to the map You can then printout a screenshot of a map an place it on the server as a reference If a disk fails the map allows to identify the slot of the failed disk Example demo maps...

Страница 45: ...Example Map Chenbro 50 x 3 5 Bay...

Страница 46: ...metadate update is done completely or discared ex due a crash So different states of mirrored disks or partly written raid stripes are not possible on ZFS by design So for daily use you are protected...

Страница 47: ...or overwriting un less you do not block with a snap A write action on ZFS that affects filestructure or Raid consistency is done ompletely or discared completely on a crash Result The CopyOnWrite mech...

Страница 48: ...e that contains all committed data what means that it only need to be able to store about 10s of writes Even with a single 10G connection about 8GB is enough This is why one of the fastest Slog device...

Страница 49: ...on the backup system From time to time replace the backup pool with a second one and keep the disks on a safe location outside Level 3 Professional use Care additionally about two backups on different...

Страница 50: ...e is updated only from time to time or to fix severe bugs After the eval period functionality is automatically reduced to the free features napp it Pro extends the functionality of napp it Free It is...

Страница 51: ...filesystem used IDmappings via Web UI Menu user Restore all napp it user smbgroup and idmapping settings from backup job data Menu user restore settings Without the extension you can control file per...

Страница 52: ...a common DNS server or manual host entries How replication works On initial run it creates a source snap jobid nr_1 and transfers the complete ZFS dataset over a netcat highspeed connection When the...

Страница 53: ...bers with Extensions Appliance group delete members and rebuild the group Replication requires that the napp it webserver is running on port 81 on source and target machine The replication itself is d...

Страница 54: ...anually With napp it Pro and the ACL extension you can easily restore all user group and napp it settings in menu User Restore Settings If you do not have a backup of the job and group settings first...

Страница 55: ...SID as an extended ZFS attribute Solarish SMB this is really troublefree Even in a Windows AD environment you only need to import a pool takeover the ip of the former server and your clients can acce...

Страница 56: ...d switch NFS SMB services over a common virtual HA ip You can extend this with two dedicated Storageheads for the Initiator part that creates the Z RAID Pool on LUNs from up to 6 Storagenodes for a ne...

Страница 57: ...is menu shows the state of the network Z RAID and allows to change the state of heads Master Slave and nodes You can do a manual failover between heads or a role switch from this menu more see Z RAID...

Страница 58: ...is the current default professional HA solution RSF 1 RSF 1 brings advanced HA High Availability features to ZFS providing a more resilient and robust storage offering tolerant to system failures Act...

Страница 59: ...ferent location on the drive Transaction Problems Disks are preferring RAM cached writes as this offers a much better write performance Database applications cannot tolerate this File or dataset locki...

Страница 60: ...che some seconds of last writes may get lost on a crash Older file systems may have corruption prob lems even without a cache because data may be written to disk but meta data might not have been upda...

Страница 61: ...ity of RAM errors increase with RAM size With several Gigabyte of RAM ECC is mandatory for a storage server Backup is used to restore a certain data version after a disk or array crash There are diffe...

Страница 62: ...ill be freed in order to be overwritten unless it is protected by a snapshot Checksums They are needed on order to detect and repair errors When using redundant data like in a RAID all data will be re...

Страница 63: ...pdf SMB 10G Tunings on OSX Windows http napp it org doc downloads performance_smb2 pdf Advanced user http www napp it org doc downloads advanced_user pdf Tuning http napp it org manuals tuning_en html...

Отзывы:

Нет отзывов

Похожие инструкции для ZFS Storage

D-Link DES-7200 User Manual preview
DES-7200
Бренд: D-Link Страницы: 100
D-Link DES-3226L Manual preview
DES-3226L
Бренд: D-Link Страницы: 134
D-Link DES-3010F Command Line Interface Manual preview
DES-3010F
Бренд: D-Link Страницы: 187
D-Link DES-3010F Manual preview
DES-3010F
Бренд: D-Link Страницы: 225
D-Link DES-1048G Manual preview
DES-1048G
Бренд: D-Link Страницы: 31
D-Link DES-1050G User Manual preview
DES-1050G
Бренд: D-Link Страницы: 35
D-Link DES-1016D - Switch Quick Install Manual preview
DES-1016D - Switch
Бренд: D-Link Страницы: 19
D-Link COVR-2202 User Manual preview
COVR-2202
Бренд: D-Link Страницы: 107
D-Link AirPlusXtremeG DI-624 Troubleshooting preview
AirPlusXtremeG DI-624
Бренд: D-Link Страницы: 5
D-Link DGS-1210-28P Getting Started Manual preview
DGS-1210-28P
Бренд: D-Link Страницы: 48
IBM DJNA-351010 Quick Installation Manual preview
DJNA-351010
Бренд: IBM Страницы: 2
U.S. Products maxg Quick Installation Manual preview
maxg
Бренд: U.S. Products Страницы: 80
BinTec BIANCA/BRI Getting Started preview
BIANCA/BRI
Бренд: BinTec Страницы: 34
SHOWTEC LED Operator 4 Manual preview
LED Operator 4
Бренд: SHOWTEC Страницы: 15
IBM DDS Generation 6 USB User Manual preview
DDS Generation 6 USB
Бренд: IBM Страницы: 11
IBM IBM 2212-40H Installation And Initial Configuration Manual preview
IBM 2212-40H
Бренд: IBM Страницы: 90
IBM System x3550 M3 Installation And User Manual preview
System x3550 M3
Бренд: IBM Страницы: 160
IBM System x3650 M4 Type 7915 Installation And User Manual preview
System x3650 M4 Type 7915
Бренд: IBM Страницы: 192

Бренды по названию

Популярные бренды

Загрузить еще бренды