Raids - PowerPoint PPT Presentation

About This Presentation

Title:

Raids

Description:

Open up a share (NFS) big enough to handle the image on another Linux Box. ... Boot from Redhat linux install CD, choose recovery. Mount the RAID as Read-only ... – PowerPoint PPT presentation

Number of Views:407

Avg rating:3.0/5.0

Slides: 40

Provided by: SADavid

Category:

more less

Transcript and Presenter's Notes

Title: Raids

1
Raids

13 Examples on how to Image Them

2
(No Transcript)
3
Overview

Intel Based Hardware Raid
Dead
Live
Software Raid
Unix Based Raid

4
Warning

Since each RAID is different, these are generic
steps. There is no ONE command which will work
every time on every system.
You should test and verify these steps BEFORE
attempting them in real life

5
Intel Based Hardware Raid

Common Makes
Gateway
Dell
Compaq
The physical RAID card controls the drives, not
the OS.

6
Dead Intel Based Hardware Raid

How to 1
Insert firewire card
Attach preformatted FAT32 HDD to Firewire
Boot from floppy
Send image to firewire hdd
Recommended not to compress

7
Dead Intel Based Hardware Raid

How to 2
Insert promise card
Attach preformatted FAT32 HDD to card
Boot from floppy
Send image to your hdd
Recommended not to compress

8
Live Intel Based Hardware Raid

How to 3 (Windows) (Live)
Attach external (USB, Firewire) preformatted NTFS
drive with Encase program folder on the drive.
On the system you want to image, navigate to your
drive.
Launch , get the image and send
it to your hdd.

9
Live Intel Based Hardware Raid

How to 4 (Windows) (Live)
On the same network segment
Open up a share (NTFS) big enough to handle the
image with Encase program folder on the drive.
On the system you want to image, map the network
drive.
Launch , get the image and send
it to your hdd.

10
Live Intel Based Hardware Raid

How to 5 (Windows) (Live)
Use the Encase Enterprise Edition

11
Linux Software RAID

How to 6 (Linux) (Live)
On the same network segment
Open up a share (NFS) big enough to handle the
image on another Linux Box.
On the system you want to image, mount the
network drive.
DD the image to your hdd.

12
Linux Software RAID

How to 7 (Linux) (Live)
If the server has a tape drive
DD the raid to the tape drive

13
Linux Software RAID

How to 8 (Linux) (Live)
Use the Encase Enterprise Edition

14
Linux Software RAID

How to 9 (Linux) (Dead) Option A
Remove the RAID and place them
1) I created a /etc/raidtab file which contained
the following
raiddev /dev/md0
raid-level 0
nr-raid-disks 2
nr-spare-disks 0
chunk-size 4
persistent-superblock 1
device /dev/sda1
raid-disk 0
device /dev/sdb1
raid-disk 1
NOTE I knew the RAID level from the system's
owner and

15
Linux Software RAID

Create the raid by the command
mkraid /dev/md0
Creat a mount point for it
mkdir /mnt/raid
Mount the raid as read-only
mount /dev/md0 /mnt/raid r
View the contents of the raid
ls -l /mnt/raid
dd the /dev/md0 to tape or flat file
dd if/dev/md0 of
Finally add the dd to your favorite examination
software.

16
Linux Software RAID

How to 9 (Linux) (Dead) Option B
Place Raid drives and your large dump drive into
same box
Boot from Redhat linux install CD, choose
recovery
Mount the RAID as Read-only
Format your dump drive and mount it
DD the raid to the your drive

17
Windows Software RAID

How to 10 (Windows) (Live)
On the same network segment
Open up a share (NTFS) big enough to handle the
image with Encase program folder on the drive.
On the system you want to image, map the network
drive.
Launch , get the image and send
it to your hdd.

18
Windows Software RAID

How to 11 (Windows) (Dead)
Image each of the drives and use your favorite
tool to put them back together

19
Windows Software RAID

How to 12 (Windows) (Live)
Use the Encase Enterprise Edition

20
Non-Intel Based Hardware Raid
Common Makes SUN SGI HP Not i386, so no bootin
g from a DOS disk

21
Unix Raid

How to 13 (Unix) (Live)
On the same network segment
Open up a share (NFS) big enough to handle the
image on a linux box.
On the system you want to image, mount the
network drive.
DD the image to your hdd.

22
PART 1 SETTING UP NFS

Change the IP of your RedHat box to be in the
same range as the SUN server. For this example,
the SUN server was assigned the IP 10.0.0.10 and
the RedHat box was assigned the IP 10.0.0.11.
On my computer, the share I wanted to use was
/share.
Then I had to modify the permissions on the
/share folderchmod 777 /share

23
PART 1 SETTING UP NFS

Use the NFS server manager to allow read-write
access to the share, the IP of the SUN server and
the share path

24
PART 1 SETTING UP NFS

NOTE Before booting up a SUN Server, ensure all
the network cables are plugged into a hub.
Otherwise you will get a cable error message
which will fill up your log files.
Now to verify it is working, open up a terminal
and type showmount e and hit enter. This will
show the share and the IP which can connect to it.

25
PART 2 CONNECTING TO YOUR SERVER

Plug your RedHat box into the same hub as the SUN
server (or crossover cable)
If not already running, boot up the SUN box and
log in as root
On the SUN box, check the /mnt directory to see
if anything is mounted there. Generally there
will be nothing mounted. If something is
mounted, you can unmount it, and use the /mnt as
your mount point for this exercise.
Mount the NFS sharemount -F nfs 10.0.0.11/share
/mnt

26
PART 3 CREATING THE IMAGE

You need to list the drives on the SUN in order
to know what device needs to be imaged.
Three different methods, depending on the version
of the OS.

27
PART 3 CREATING THE IMAGE

df h command
dd if/dev/vx/dsk/rootvol of/mnt/address-root.dd bs512

28
PART 3 CREATING THE IMAGE

The mount command
dd if/dev/dsk/c1t0d0s0 of/mnt/address-root.dd bs512

29
PART 3 CREATING THE IMAGE

df k command
dd if/dev/dsk/c1t0d0s2 of/mnt/dd
bs512

30
PART 3 CREATING THE IMAGE

The command line is dd if/what you want to image
of/where you want the image to be stored bs512
(bs is block size).
Note the s2 portion of the above command tells
the computer to image the entire physical drive.
This is good for single drive systems and it may
be good for RAIDsdepending on your case.

31
PART 3 CREATING THE IMAGE

Each system will be different and each case will
be different.
Do you need to image each slice?
Do you only need certain files or folders? This
is something that you will need to figure out
before you start.

32
PART 3 CREATING THE IMAGE

The bs512 portion of the command specifies the
byte sector. 512 is a good standard for
importing into Encase.
The portion of the command tells the computer
to run the process in the background. This is
good idea, so that you can run several (recommend
only running two at the same time) dds at the
same time.
Recommend you name the output the IP address of
the server_slice.dd. So an image of sun computer
with the IP 10.0.0.10 root slice (partition)
would be named 10.0.0.10_root.dd

33
PART 4 HASHING THE IMAGE

On the RedHat computer you can run the command
from the directory where the dd images are
stored
md5sum .dd IP.Add.re.ss_md5sum.txt

34
PART 5 GETTING THE IMAGES OFF THE REDHAT BOX

There are several methods to get the files off,
the easiest method is for you to put the RedHat
box onto your network and use SSH to connect and
copy off the dd files. You can download a copy
of SSH from www.ssh.com.

35
PART 5 GETTING THE IMAGES OFF THE REDHAT BOX

The other methods are
Use Samba, this works like opening a windows
share.
You can copy the files to tape
You can FTP them off.
Etc

36
PART 6 WARNING

You should practice these commands before doing
it live.
If you are going to place your RedHat computer on
a network, you should know how to secure your
computer to prevent it from getting hacked.
This how-to was written as a general outline of
the necessary steps, you cannot hold me
responsible if something doesnt work.

37
Unix Raid