In a RAID-5 array, is it ever okay to place one failed drive online? Will it corrupt other drives since the failed...
one could potentially write corrupted data to the others?
The answer to your question depends very much on which type of RAID-5 hardware or software you are using and whether you have pre-configured it to support the "hot swap" of a failed drive.
A hot swap is the replacement of a hard drive, while the computer system using it remains in operation, or as you state in your question, online. With hot swapping, the RAID controller makes the drive appear to the computer's bus or I/O controller as still being there, despite being removed and replaced with another drive. The illusion is usually implemented using hardware, and it's unlikely that you can perform a hot swap of a failed disk if you are using a software-based RAID controller.
You will have to check your vendor's help manual, and if you are still not sure, then call them. Hot swapping is a sensitive, complex process, one that could ruin the rest of your RAID disks if you are not careful. Hot swap disks must be removed and inserted with caution, and they should be protected against static or physical shock throughout the entire process.
A RAID-5 volume, or storage unit, has a calculated value that can be used to reconstruct data after a failure. RAID-5 provides good fault tolerance, but it is not a cheap storage option. You need to buy an extra drive, because space is taken up storing parity data. If you use three 10 GB disks to create a RAID-5 volume, for example, the volume will only have a 20 GB capacity, as the remaining 10 GB are used for parity, which will allow the reconstruction of data.
Write performance is also reduced by the parity calculation, requiring three times more memory than a read operation. RAID-5 tends to be used where data integrity and data input/output speeds are important and are primarily read-oriented. So file, application, database and Web servers generally benefit from using RAID-5. RAID-1 is a better choice for systems running accounting or financial applications, which may require high availability due to greater write speeds.
If your particular setup allows, I would recommend setting up spare drives in your RAID-5 configuration. Spare drives are pre-installed disks that do not take part in the RAID set until one of the active drives fail. When a drive failure is detected, that drive is marked as bad, and reconstruction is immediately started on the first available spare drive without interrupting service. By rebuilding the array onto the empty drive, all redundancy is preserved, and the system can still operate despite the faulty drive.
Finally you need to treat your failed drive with the same care that you would any other data drive. This should involve destroying it according to your security policy. Depending on how files have been distributed across the drives in your RAID array, a low-level disk reader could be able to read all or some segments of your files.
- Learn more about what should be done with a RAID-5 array's failed drives.
- Michael Cobb explains how to enforce a data destruction policy.
Dig Deeper on Data security strategies and governance
Related Q&A from Michael Cobb
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and ... Continue Reading
By performing ongoing risk assessments, organizations can keep their SSH vulnerabilities at a minimum and ensure their remote access foundation is ... Continue Reading