RAID initial ISO SO install

410 views
Skip to first unread message

Chris V

unread,
Aug 29, 2017, 6:13:57 PM8/29/17
to security-onion
Hey all, I am getting ready to work on my SO enterprise deployment. 1 master VM, 3 sensor appliances. I have the hardware now.

Sensors:
I was curious on the first initial setup regarding raid. It seems most people keep it simple with a configuration of 2 logical drives, 1 for root / and 1 for NSM. I am planning on RAID 10. My question is once I boot up the ISO and install SO, my guess is I have to either choose LVM or proceed with the "New Disk" instructions on the wiki in order to move the NSM to it? I am assuming SO will only install on the first logical drive 1. This will leave logical drive 2 for NSM.

https://github.com/Security-Onion-Solutions/security-onion/wiki/NewDisk

What would be the best method/approach to proceed? I would like to have some security/redundancy for the / OS partition, but the best read and write speeds for the NSM with the ability to rebuild the NSM portion if anything ever fails. Should I just keep it a flat 1 logical drive with raid 10 for the sensors?

Hardware:
PowerEdge R530 Server
2x Intel Xeon E5-2630 v4 2.2GHz,25M Cache,8.0 GT/s
QPI,Turbo,HT,10C/20T (85W) Max Mem 2133MHz
4x 32GB RDIMM, 2400MT/s, Dual Rank, x4 Data Width
6x 8TB 7.2K RPM SATA 6Gbps 512e 3.5in Hot-plug Hard Drive
RAID 10 for H330/H730/H730P (4-8 HDDs or SSDs in pairs)
PERC H730 Integrated RAID Controller, 1GB Cache
On-Board LOM 1GBE (Dual Port for Towers, QuadPort for Racks)
iDRAC8

Thanks in advance!

Wes

unread,
Aug 30, 2017, 6:59:55 AM8/30/17
to security-onion

Chris,

LVM simply makes partition resizing easier for a drive if you need to do so later on. You can simply have your root/nsm drive/raid array configured separate of one another, then after installing the ISO, simply perform the instructions for "New Disk" that you referenced above. Then you can run setup to finish configuring Security Onion.

Thanks,
Wes

Chris V

unread,
Aug 30, 2017, 2:32:06 PM8/30/17
to security-onion

Thanks WES, I just realized RAID10 is killing my capacity because of the mirror. Looks like I am just going to stick with raid 5.

I am still tinkering with the idea if I should just do a flat logical volume and store the root and NSM on it.

curious to know what would be the best practice.....

Chris V

unread,
Sep 1, 2017, 1:18:28 PM9/1/17
to security-onion

Ok so minor update.

As far as design, I only have 6x 8TB drives. I cannot really separate 2 8TB drives for a RAID simply for the OS. That is cutting into the NSM space.

So I am stuck with 6x 8TB drives configured in a RAID 5 array. My question now is,

1. Should I install everything (/ and /nsm) on a flat RAID 5 array?
2. or Should I create logical volumes (/ and /nsm) at least to have that separation and does it even make sense since both logical volumes will be stored on the same RAID 5 array?

-Chris

Wes

unread,
Sep 1, 2017, 1:32:37 PM9/1/17
to security-onion

Chris,

If you do not want to separate out the drives physically, then I think logical volumes would be the next best thing. If you use LVM, you could resize volumes as needed.

Thanks,
Wes

Chris V

unread,
Sep 1, 2017, 1:41:43 PM9/1/17
to security-onion

Awesome! Thanks Wes! I actually created two "virtual disks" within the RAID 5. Should I just make it a FLAT RAID 5 , then chop it up with LVM?

Wes

unread,
Sep 1, 2017, 3:47:47 PM9/1/17
to security-onion
> Awesome! Thanks Wes! I actually created two "virtual disks" within the RAID 5. Should I just make it a FLAT RQD 5 , then chop it up with LVM?

I think the virtual disks would be fine.

Thanks,
Wes

Reply all
Reply to author
Forward
0 new messages