SOLVED RAIDZ1 not safe?

[stratacast1]

I have been doing research and and I think I'm entirely set on using FreeNAS for a small business I'm working for. My initial plan was to use RAIDZ1, but after looking at the warning displayed on the Hardware Recommendations page, I have been second guessing my choice of RAID. Is RAIDZ1 truly unsafe as a business option? My other thought was to mirror 2 disks instead of 3 for RAIDZ1 if it is not wise to use. They say the URE is about 12TB, but I will only have 3 1TB drives. Is this fear unreasonable with the small amounts of storage? My primary need is data integrity and the best uptime I can get

 

[depasseg]

3 1TB should be relatively ok for RAIDZ1. Usually the issue is with larger and higher quantity drives. Usually what will happen is that after a failure, the rest of the drives will be stressed during the resilver process and the likelihood of a second failure is greater.

 

[HoneyBadger]

The performance of a degraded RAIDZ volume is also much worse than a degraded mirror.

I imagine budget is tight since it's a small business. If you can get away with 1TB of usable space, you could do a 3-way mirror of the drives and then be able to lose two of them without downtime. If you need 2TB usable, the lowest budget option might be to pick up a fourth 1TB drive and make a 4-drive RAIDZ2 (as opposed to buying multiple larger and therefore more expensive drives)

But as this is a business - what are the rest of the system specs you plan on using with FreeNAS?

 

[stratacast1]

I'll give you the full build lineup. I actually plan to do quite a few tasks with this so please be critical with my choices! I want to do a Nextcloud jail, backula, wordpress website and Maybe emails. I know this is primarily a NAS operating system, but from doing some reading I think it should be okay doing something like this with FreeNAS.

Here is the hardware I have looked at:

Supermicro ITX with a C2558 or C2758 SoC processor. With what I want to do, which would you recommend?
16GB ECC RAM
550W 80+ gold power supply
OS installed on a 16GB Sandisk Extreme flash drive
Cooler Master Elite 130 case. I know there's better options but I couldn't find a 3 drive case for around this price
Then I plan on Western Digital Red hard drives, and the amount of drives I am still uncertain of. Trying to keep the price under $800 and closer to $700. Currently with the C2558 Supermicro board and the rest of my parts I have the cost at $726 with 2 2TB hard drives for a single mirror. I predict 2TB will be what we want for storage

 

[philhu]

I would double the memory. FreeNAS like > 16g, wordpress needs 2-4gb. Memory is cheap. Also, use ECC REG memory.

If you must use a flash drive, please buy 2 32gb drives, and read how to mirror the boot device. Flash drives have a habit of 'just dying'. I moved mine from 2 flash drives to 2 64gb SSD drives, mirrored. Faster and much more reliable. 64GB SSD are cheap now since Windows doesnt fit on 64gb any more. I got the 64gb ssd units for $31/each.

 

[HoneyBadger]

I want to do a Nextcloud jail, backula, wordpress website and Maybe emails. I know this is primarily a NAS operating system, but from doing some reading I think it should be okay doing something like this with FreeNAS.

NextCloud and Bacula are probably fine, but I'd keep Wordpress and email off the FreeNAS box personally. Email could consume a lot of resources and Wordpress gets exploited pretty much constantly. With your budget I would definitely stay with the C2558 over the C2758 as I don't think you'll need the extra horsepower, and put the money towards drives or more RAM.

I would double the memory. FreeNAS like > 16g, wordpress needs 2-4gb. Memory is cheap. Also, use ECC REG memory.

Avoton can't use registered, OP needs unbuffered DIMMs. Agree on 32GB of RAM though, specifically as 2x16GB and not 4x8GB.

 

[stratacast1]

NextCloud and Bacula are probably fine, but I'd keep Wordpress and email off the FreeNAS box personally. Email could consume a lot of resources and Wordpress gets exploited pretty much constantly. With your budget I would definitely stay with the C2558 over the C2758 as I don't think you'll need the extra horsepower, and put the money towards drives or more RAM.



Avoton can't use registered, OP needs unbuffered DIMMs. Agree on 32GB of RAM though, specifically as 2x16GB and not 4x8GB.

Thank you both philhu and HoneyBadger. I will look at that hardware config. I'm not too worried about wordpress though. Yeah it can be exploited but I'm not too sure how worried I am about that if I keep it regularly updated. It seems a lot of the exploits I see are because admins are using old versions of Wordpress and that's what gets hit. I'm open to alternative ideas for website software though. Would 32GBRAM honestly be necessary for Nextcloud and Bacula though? I have Nextcloud and Wordpress running just fine on my Pi 3. And back to RAID, would just mirroring 2 drives be fine? Or would it be best to look at RAID-Z1? Looking at the hardware recommendations page, I feel like the warning pretty much defeats the purpose of RAID-Z1:

Generally speaking, if you are using a RAIDZ1 pool and you have a single disk failure you can expect to be forced to destroy, recreate, and restore the pool from backup.

 

[Nick2253]

I feel like the warning pretty much defeats the purpose of RAID-Z1

The real way to look at RAIDZ1 is that it protects you from bitrot/UREs, but not from drive failure. Obviously, that's more of a statistical argument than a hard-and-fast rule, since RAIDZ1 would protect you from drive failure only if you had zero bitrot/UREs during rebuild. However, it's a pretty good rule of thumb to treat RAIDZ1 protection from data damage only.

I'm not too worried about wordpress though. Yeah it can be exploited but I'm not too sure how worried I am about that if I keep it regularly updated. It seems a lot of the exploits I see are because admins are using old versions of Wordpress and that's what gets hit. I'm open to alternative ideas for website software though.

If you host a website or email in your organization's network, you really should put it in a DMZ of some kind. No matter how good you are as an admin, and how quickly you update Wordpress, zero-day threats are a fact of life, and it will only be a matter of time before your website is exploited. If your website is on a DMZ, then your data (and your network at large) will still be protected. If you mix it in with everything else, then your risks are much greater that serious (e.g. ransomwear) damage could be done.

Same thing also applies to Nextcloud. Or, a better way to use Nextcloud might be to set up a VPN, so you're not directly sharing it with the outside world.

Would 32GBRAM honestly be necessary for Nextcloud and Bacula though?

It's really more a function of your use case. ZFS loves RAM, and if you have multiple simultaneous users, you'll benefit from the additional memory. Nextcloud probably won't be that memory intensive on its own (though, depending on how many files you share, its database could get pretty sizeable, pretty quickly), though Bacula could indirectly need more memory because of the additional strain on the array. I would personally consider 16GB to be a bare minimum for just file sharing in any enterprise (even small business) environment, and with the additional load of the jails, I would jump to 32GB.

At the very least, if you really don't want to spend the money now, you could always see what your performance is with 16GB, and then get another 16GB if and when you need it.

 

[stratacast1]

The real way to look at RAIDZ1 is that it protects you from bitrot/UREs, but not from drive failure.

I understand that, but the impression I get from what is said in the documents is if I do experience a single disk failure, I will have to restore the entire pool from a backup, which I think is no longer seen as data protection because it also says I have to destroy the pool before I restore.

If you host a website or email in your organization's network, you really should put it in a DMZ of some kind

Yes without a doubt, that hasn't eluded my mind, and you're also right there are 0-days and I figure that's a risk with running any sort of Internet-facing software, not just Wordpress. My impression with FreeNAS jails though is even if I do get hit by a 0-day exploit, it will only affect the jail so if I do get hit with, say, ransomware, it should only be contained within my jail correct? That way I could just delete the jail and restore it from a backup.

Or, a better way to use Nextcloud might be to set up a VPN, so you're not directly sharing it with the outside world.

I really like that idea, I will have to look into that more as an option. Most of the employees will be primarily on mobile devices so I'm not sure what difficulties that will bring up. If that can't work though I know Nextcloud has brute force protection, and I could mandate app passwords/2FA

ZFS loves RAM

I have been convinced ;) I will take everyone's recommendation on this and make the server use 32GB instead of 16GB

 

[danb35]

I understand that, but the impression I get from what is said in the documents is if I do experience a single disk failure, I will have to restore the entire pool from a backup,

No, that isn't correct. Yes, with larger drive sizes, the risk of a read error during a rebuild is greater than with smaller drives. There's even a small possibility that you'll suffer a complete failure of a second drive while you're rebuilding the array. But that's a small possibility, not a near-certainty. Certainly RAIDZ2 is safer, and nearly universally recommended here for good reason, but RAIDZ1 is still considerably better than nothing.

 

[rs225]

raidz1 is fine as long as you have scrubs set to run on any kind of schedule, and get a notice if the scrub finds anything.

All other knocks against raidz1 are from people who don't understand the difference between RAID and raidz.

Further, all the crisis talk related to RAID breaking in 2009 is b*l*s*i*: It is 2016, and there is next to ZERO empirical evidence that the dire predictions have unfolded: There would be read/checksum error on EVERY scrub if those guys were right. They aren't right, they are wrong.

If you want to lose your data, don't keep a backup: I guarantee you the universe will find a way to oblige you, no matter how many mirrors, parities, or whiznibbits you attach to your single copy of the data.

Edit to add: It is true that if a simple 2-way mirror would suit your use, it is better than raidz, and has higher performance.

Why I think using more disks for backup is more important than going to raidz2:
Raidz1 w/scrubs eliminates (conservatively) 99% of your risk from either drive failure or bad blocks. This means no matter how much you increase 'redundancy' you are going to get at best a 1% reduction in your risk. Meanwhile, if you had instead directed that increased capacity toward backup, you will have reduced your exposure to other risks, which are still at 100%: Fire. Theft. Your own mistakes. Software bugs. Lightning/Electric. Water. Crypto ransomware. Hardware failure that ZFS can't correct(CPU, etc).

Acting like raidz1 is 'not recomend - to dangerouce!' and raidz2 is ':)' encourages people to ignore those other risks, and to forego backups.

 

[stratacast1]

Thanks a bunch for the information guys! I got the hardware side set up neatly. Doing 2 SSDs and they are being mirrored and I am also mirroring my ZFS pool off of 2 hard drives. I foresee expanding this in the next 2 years to more storage, so this fits the bill for now. The machine went together well.