on Mon, Apr 22, 2002, hanasaki (hanasaki@hanaden.com) wrote:
> Hi Karsten,
>
> Since you are so far beyound my experience in this, could you point
> out a few of the good, and not so good, vendors and products for both
> the Raid and the Drives?
>
> How do you feel about IDE(and which IDE standard? 100?133?some new one
> I forget the name of:( ?) vs SCSI Raid (and which flavor of SCSI)?
>
> I can afford to be down for a day or two to rebuild an Array. The
> data is relatively static and read only. Thus I will probably use a
> couple of CDRW's on cron jobs. Better suggestions are welcome. Will
> I run into a problem with ~150gig of Raid5 + 4 CDRW's?
I don't think my experience is all that great. I've largely used single
fixed drives until recently. I've had a nightmarish several months with
several 3Ware cards breaking in delightfully unique ways, coupled with
completely asinine support: we were denied a product _downgrade_ to a
card known to work with our hardware, even though the price delta (which
we weren't asking for) was several hundred dollars. We've spent far
more time in configuration, overtime, downtime, and lost revenue hours,
than the cost of the hardware. This for a small web services provider
hosting several hundred domains.
My personal strong preference is for SCSI disks. That would translate
to SCSI arrays.
IDE products offer a promise of similar performance at roughly half the
cost of SCSI. When they work. My experience has been that the products
_don't_ work.
I'll also share an observation (this was going to be reported to
BugTraq, but, well, you heard it here first). 3Ware's 3DM web-based
monitoring tool provides the opportuninity for any arbitrary party to
monitor, and reconfigure, your RAID array over an unsecured Web
interface. The documentation mentions only that this interface is
available to "localhost port 1080". What's not blindingly evident is
that _any_ host capable of reaching port 1080 on a system running 3dm
can access it. The utility's security options are slim and uneven at
best. There's a password option (disabled by default), and no apparent
security, SSL, or other features.
Vendors shouldn't try to implement their own webservers.
Fix: disable 3dm, or filter all non-localhost access.
I notified the vendor of this issue well over a month ago. They
acknowledged that sites should block access to the web service, but fail
to document this fact or procedures for doing so.
I'm sorry. What was the question?
;-)
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
ARM Computer: Customer Service Hell On Earth
http://lists.svlug.org/pipermail/svlug/2001-November/038616.html
Attachment:
pgpY3gtD_th09.pgp
Description: PGP signature