Where to find "best practice" for any given IT scenario

scottalanmiller

Trying to eyeball the math, at 3.3TB of usable data, that RAID 5 array would fail way over 50% of the time with consumer class drives (like Red Pro.) So enterprise drives (like RE) which are 10x more reliable in regards to URE we would expect rebuilt risk from URE alone to be 5% or higher.

That is a one in twenty chance that the RAID 5 array would lose all of its data. This does not take into account secondary drive failure risk which is pretty big as well.

I would not put a one in twenty or maybe one in ten chance of failure on the same playing field as "so reliable no study can measure it completely." RAID 10 failures at 80,000 array years was only the known healthy rate, all that is know is that it is more reliable than that. Zero failures at 80,000 array years!

Carnival Boy

OK, RAID 5 isn't best practice. That's a relatively easy one. Give me some more examples where the term "best practice" might apply. I'm not convinced the term is that meaningful.

I'm having an extension built on my house at the moment, and I hear the term used quite a bit by my builders. There's building regulations that are legally required and there's ones that are best practice. For example, a shaver point should be located at least 30cm from the sink. That's not a legal requirement, but it's best practice. Smoke detectors should be mains powered not battery powered. Again, that's best practice rather than a legal requirement. These practices are pretty formal though - either by the manufacturer, or by the building regulators. I don't see much equivalence in the IT industry (sadly, as it would be super useful).

scottalanmiller

Best Practice: If data is valuable enough to be stored, it should be backed up.

scottalanmiller

@Carnival-Boy said:

OK, RAID 5 isn't best practice. That's a relatively easy one.

Actually it is a hard one, while it is a well documented best practice among storage experts, the industry as a whole lacks that expertise and pushes it heavily.

Carnival Boy

It's an easy one for anyone who hangs around the same forums you do

scottalanmiller

Another best practice: virtualize every workload (unless it is impossible to do so)

dafyre

@scottalanmiller said:

Another best practice: virtualize every workload (unless it is impossible to do so)

What are some workloads it would be impossible to virtualize? With the exception of real-time, ulta-low latency requirements, I cannot think of anything.

scottalanmiller

@dafyre said:

What are some workloads it would be impossible to virtualize? With the exception of real-time, ulta-low latency requirements, I cannot think of anything.

Those and ones with very specific hardware requirements either technically or politically. That's about it. It is rare enough that it is effective to just say "never".

Carnival Boy

Workloads that you can't get working virtualised for whatever reason. I couldn't get Hamachi to work virtualised. Googling suggested a common problem with Hamachi not liking the VMware network drivers or something.

I've virtualised our firewall. I wonder if there's an argument that says I shouldn't because it means I have a hypervisor on a public facing host. Maybe? I dunno, could that be a security risk? It's not something I'm going to lose any sleep over.

scottalanmiller

@Carnival-Boy said:

I've virtualised our firewall. I wonder if there's an argument that says I shouldn't because it means I have a hypervisor on a public facing host. Maybe? I dunno, could that be a security risk? It's not something I'm going to lose any sleep over.

You can virtualize that without exposing the hypervisor in any way.

Carnival Boy

That's what I figured. I suppose I was wondering about accidentally exposing the hypervisor through human error.

scottalanmiller

@Carnival-Boy said:

That's what I figured. I suppose I was wondering about accidentally exposing the hypervisor through human error.

Always a risk, but pretty easily addresses as long as people are aware.

dafyre

@Carnival-Boy said:

Workloads that you can't get working virtualised for whatever reason. I couldn't get Hamachi to work virtualised. Googling suggested a common problem with Hamachi not liking the VMware network drivers or something.

I've virtualised our firewall. I wonder if there's an argument that says I shouldn't because it means I have a hypervisor on a public facing host. Maybe? I dunno, could that be a security risk? It's not something I'm going to lose any sleep over.

How do you virtualize the Firewall without exposing the underlying hypervisor? By making sure that there is not an IP address assigned to the actual host on the interface that connects to the WAN?

scottalanmiller

@dafyre said:

@Carnival-Boy said:

Workloads that you can't get working virtualised for whatever reason. I couldn't get Hamachi to work virtualised. Googling suggested a common problem with Hamachi not liking the VMware network drivers or something.

I've virtualised our firewall. I wonder if there's an argument that says I shouldn't because it means I have a hypervisor on a public facing host. Maybe? I dunno, could that be a security risk? It's not something I'm going to lose any sleep over.

How do you virtualize the Firewall without exposing the underlying hypervisor? By making sure that there is not an IP address assigned to the actual host on the interface that connects to the WAN?

Have the hypervisor exposed on a different physical adapter that is not on the WAN network side.