Raids
Download
1 / 39

Raids - PowerPoint PPT Presentation


  • 904 Views
  • Updated On :

Raids. 13 Examples on how to Image Them. Overview. Intel Based Hardware Raid Dead Live Software Raid Unix Based Raid. Warning. Since each RAID is different, these are generic steps. There is no ONE command which will work every time on every system.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Raids' - medwin


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Raids l.jpg

Raids

13 Examples on how to Image Them


Overview l.jpg
Overview

  • Intel Based Hardware Raid

    • Dead

    • Live

  • Software Raid

  • Unix Based Raid


Warning l.jpg
Warning

  • Since each RAID is different, these are generic steps. There is no ONE command which will work every time on every system.

  • You should test and verify these steps BEFORE attempting them “in real life”


Intel based hardware raid l.jpg
Intel Based Hardware Raid

  • Common Makes

    • Gateway

    • Dell

    • Compaq

  • The physical RAID card controls the drives, not the OS.


Dead intel based hardware raid l.jpg
Dead Intel Based Hardware Raid

  • How to #1

    • Insert firewire card

    • Attach preformatted FAT32 HDD to Firewire

    • Boot from floppy

    • Send image to firewire hdd

    • Recommended not to compress


Dead intel based hardware raid7 l.jpg
Dead Intel Based Hardware Raid

  • How to #2

    • Insert promise card

    • Attach preformatted FAT32 HDD to card

    • Boot from floppy

    • Send image to your hdd

    • Recommended not to compress


Live intel based hardware raid l.jpg
Live Intel Based Hardware Raid

  • How to #3 (Windows) (Live)

    • Attach external (USB, Firewire) preformatted NTFS drive with Encase program folder on the drive.

    • On the system you want to image, navigate to your drive.

    • Launch <your tool here>, get the image and send it to your hdd.


Live intel based hardware raid9 l.jpg
Live Intel Based Hardware Raid

  • How to #4 (Windows) (Live)

    • On the same network segment

    • Open up a share (NTFS) big enough to handle the image with Encase program folder on the drive.

    • On the system you want to image, map the network drive.

    • Launch <your tool here>, get the image and send it to your hdd.


Live intel based hardware raid10 l.jpg
Live Intel Based Hardware Raid

  • How to #5 (Windows) (Live)

    • Use the Encase Enterprise Edition


Linux software raid l.jpg
Linux Software RAID

  • How to #6 (Linux) (Live)

    • On the same network segment

    • Open up a share (NFS) big enough to handle the image on another Linux Box.

    • On the system you want to image, mount the network drive.

    • DD the image to your hdd.


Linux software raid12 l.jpg
Linux Software RAID

  • How to #7 (Linux) (Live)

    • If the server has a tape drive

    • DD the raid to the tape drive


Linux software raid13 l.jpg
Linux Software RAID

  • How to #8 (Linux) (Live)

    • Use the Encase Enterprise Edition


Linux software raid14 l.jpg
Linux Software RAID

  • How to #9 (Linux) (Dead) Option A

  • Remove the RAID and place them

  • 1) I created a /etc/raidtab file which contained the following:

    • raiddev /dev/md0

    • raid-level 0

    • nr-raid-disks 2

    • nr-spare-disks 0

    • chunk-size 4

    • persistent-superblock 1

    • device /dev/sda1

    • raid-disk 0

    • device /dev/sdb1

    • raid-disk 1

  • NOTE: I knew the RAID level from the system's owner and

  • I learned the partitions on the devices from the fdisk -l command


Linux software raid15 l.jpg
Linux Software RAID

  • Create the raid by the command

    • mkraid /dev/md0

  • Creat a mount point for it

    • mkdir /mnt/raid

  • Mount the raid as read-only

    • mount /dev/md0 /mnt/raid –r

  • View the contents of the raid

    • ls -l /mnt/raid

  • dd the /dev/md0 to tape or flat file

    • dd if=/dev/md0 of=<your destination>

  • Finally add the dd to your favorite examination software.


Linux software raid16 l.jpg
Linux Software RAID

  • How to #9 (Linux) (Dead) Option B

    • Place Raid drives and your large dump drive into same box

    • Boot from Redhat linux install CD, choose recovery

    • Mount the RAID as Read-only

    • Format your dump drive and mount it

    • DD the raid to the your drive


Windows software raid l.jpg
Windows Software RAID

  • How to #10 (Windows) (Live)

    • On the same network segment

    • Open up a share (NTFS) big enough to handle the image with Encase program folder on the drive.

    • On the system you want to image, map the network drive.

    • Launch <your tool here>, get the image and send it to your hdd.


Windows software raid18 l.jpg
Windows Software RAID

  • How to #11 (Windows) (Dead)

    • Image each of the drives and use your favorite tool to put them back together


Windows software raid19 l.jpg
Windows Software RAID

  • How to #12 (Windows) (Live)

    • Use the Encase Enterprise Edition


Slide20 l.jpg

Non-Intel Based Hardware Raid

  • Common Makes

    • SUN

    • SGI

    • HP

  • Not i386, so no booting from a DOS disk


Unix raid l.jpg
Unix Raid

  • How to #13 (Unix) (Live)

    • On the same network segment

    • Open up a share (NFS) big enough to handle the image on a linux box.

    • On the system you want to image, mount the network drive.

    • DD the image to your hdd.


Part 1 setting up nfs l.jpg
PART 1: SETTING UP NFS

  • Change the IP of your RedHat box to be in the same range as the SUN server. For this example, the SUN server was assigned the IP 10.0.0.10 and the RedHat box was assigned the IP 10.0.0.11.

  • On my computer, the share I wanted to use was /share.

  • Then I had to modify the permissions on the /share folderchmod 777 /share


Part 1 setting up nfs23 l.jpg
PART 1: SETTING UP NFS

  • Use the NFS server manager to allow read-write access to the share, the IP of the SUN server and the share path


Part 1 setting up nfs24 l.jpg
PART 1: SETTING UP NFS

  • NOTE: Before booting up a SUN Server, ensure all the network cables are plugged into a hub. Otherwise you will get a cable error message which will fill up your log files.

  • Now to verify it is working, open up a terminal and type showmount –e and hit enter. This will show the share and the IP which can connect to it.


Part 2 connecting to your server l.jpg
PART 2: CONNECTING TO YOUR SERVER

  • Plug your RedHat box into the same hub as the SUN server (or crossover cable)

  • If not already running, boot up the SUN box and log in as root

  • On the SUN box, check the /mnt directory to see if anything is mounted there. Generally there will be nothing mounted. If something is mounted, you can unmount it, and use the /mnt as your mount point for this exercise.

  • Mount the NFS sharemount -F nfs 10.0.0.11:/share /mnt


Part 3 creating the image l.jpg
PART 3: CREATING THE IMAGE

  • You need to list the drives on the SUN in order to know what device needs to be imaged.

  • Three different methods, depending on the version of the OS.


Part 3 creating the image27 l.jpg
PART 3: CREATING THE IMAGE

  • df –h command

  • dd if=/dev/vx/dsk/rootvol of=/mnt/<IP address>-root.dd bs=512 &


Part 3 creating the image28 l.jpg
PART 3: CREATING THE IMAGE

  • The mount command

  • dd if=/dev/dsk/c1t0d0s0 of=/mnt/<IP address>-root.dd bs=512 &


Part 3 creating the image29 l.jpg
PART 3: CREATING THE IMAGE

  • df –k command

  • dd if=/dev/dsk/c1t0d0s2 of=/mnt/<IP address>dd bs=512 &


Part 3 creating the image30 l.jpg
PART 3: CREATING THE IMAGE

  • The command line is dd if=/what you want to image of=/where you want the image to be stored bs=512 (bs is block size).

  • Note: the s2 portion of the above command tells the computer to image the entire physical drive. This is good for single drive systems and it may be good for RAIDs…depending on your case.


Part 3 creating the image31 l.jpg
PART 3: CREATING THE IMAGE

  • Each system will be different and each case will be different.

  • Do you need to image each slice?

  • Do you only need certain files or folders? This is something that you will need to figure out before you start.


Part 3 creating the image32 l.jpg
PART 3: CREATING THE IMAGE

  • The “bs=512” portion of the command specifies the byte sector. 512 is a good standard for importing into Encase.

  • The “&” portion of the command tells the computer to run the process in the background. This is good idea, so that you can run several (recommend only running two at the same time) dd’s at the same time.

  • Recommend you name the output the IP address of the server_slice.dd. So an image of sun computer with the IP 10.0.0.10 root slice (partition) would be named 10.0.0.10_root.dd


Part 4 hashing the image l.jpg
PART 4: HASHING THE IMAGE

  • On the RedHat computer you can run the command from the directory where the dd images are stored:

  • md5sum *.dd >> IP.Add.re.ss_md5sum.txt


Part 5 getting the images off the redhat box l.jpg
PART 5: GETTING THE IMAGES OFF THE REDHAT BOX

  • There are several methods to get the files off, the easiest method is for you to put the RedHat box onto your network and use SSH to connect and copy off the dd files. You can download a copy of SSH from www.ssh.com.


Part 5 getting the images off the redhat box35 l.jpg
PART 5: GETTING THE IMAGES OFF THE REDHAT BOX

  • The other methods are:

  • Use Samba, this works like opening a windows share.

  • You can copy the files to tape

  • You can FTP them off.

  • Etc


Part 6 warning l.jpg
PART 6: WARNING

  • You should practice these commands before doing it “live”.

  • If you are going to place your RedHat computer on a network, you should know how to secure your computer to prevent it from getting hacked.

  • This “how-to” was written as a general outline of the necessary steps, you cannot hold me responsible if something doesn’t work.


Unix raid37 l.jpg
Unix Raid

  • How to #13 (Unix) (Live)

    • If the server has a tape drive

    • DD the raid to the tape drive


Other information l.jpg
Other Information

  • It has been noted that some RAIDs do not work with Encase V4 due to a memory issue. Replace the V4 version with V3 and it should work.


Questions l.jpg
Questions?


ad