Over the years I have built a lot of servers. Mostly for small businesses, using under 25 workstations.
The reason for Raid1 is still valid. Data security in the event of drive failure. Everyone remembers the "20/40GB Fujitsu Suicide Drives", right? And with Seagate's 3TB drives coming under fire, can we expect the same from them?
I have always been insistent on Raid1 as being a mandatory feature of a server. Recently, however, I have been taking a different path.
The last couple of systems that I set up use a different approach. Instead of using Raid1 on the server, I have used rsync instead.
This was done by co-locating a second machine, in another part of the network, to rsync the server data. The result is virtually the same. An image of the server storage drive, but in a different physical location. The last one I did put the servers on different floors, separated by two concrete firewalls.
Further to that, the synced drive is not shared on the network. In a Raid1 system, an attack on one drive is an attack on both. In the synced system, only the original storage drive is attacked. The sync drive is safe, until it's next scheduled rsync.
This feature can be further protected by employing a relatively cheap hot swap bay, and multiple drives. 3 drives, swapped once a day, provide a removable backup. At worst, only 48 hours old, in the event of a major failure. (Think total loss due to fire, theft, vandalism, encryption trojan, &c.)
The client has effectively become their own "Cloud Storage."
The rsync unit, it's self, does not have to be anything spectacular. A recycled P4 or Core2 will do the job.
Comments, observations, or suggestions on improvement, anyone?