IBM FlashSystem

IBM FlashSystem

Find answers and share expertise on IBM FlashSystem

 View Only

Fleet cars and skin cells

By Tony Pearson posted Mon March 05, 2007 07:38 PM

  

Originally posted by: TonyPearson


Well, this week I am in Maryland, just outside of Washington DC. It's a bit cold here.

Robin Harris over at StorageMojo put out this Open Letter to Seagate, Hitachi GST, EMC, HP, NetApp, IBM and Sun about the results of two academic papers, one from Google, and another from Carnegie Mellon University (CMU). The papers imply that the disk drive module (DDM) manufacturers have perhaps misrepresented their reliability estimates, and asks major vendors to respond. So far, NetAppand EMC have responded.

I will not bother to re-iterate or repeat what others have said already, but make just a few points. Robin, you are free to consider this "my" official response if you like to post it on your blog, or point to mine, whatever is easier for you. Given that IBM no longer manufacturers the DDMs we use inside our disk systems, there may not be any reason for a more formal response.

Coke and Pepsi buy sugar, Nutrasweet and Splenda from the same sources

Somehow, this doesn't surprise anyone. Coke and Pepsi don't own their own sugar cane fields, and even their bottlers are separate companies. Their job is to assemble the components using super-secret recipes to make something that tastes good.

IBM, EMC and NetApp don't make DDMs that are mentioned in either academic study. Different IBM storage systems uses one or more of the following DDM suppliers:

  • Seagate (including Maxstor they acquired)
  • Hitachi Global Storage Technologies, HGST (former IBM division sold off to Hitachi)
  • Fujitsu

In the past, corporations like IBM was very "vertically-integrated", making every component of every system delivered.IBM was the first to bring disk systems to market, and led the major enhancements that exist in nearly all disk drives manufactured today. Today, however, our value-add is to take standard components, and use our super-secret recipe to make something that provides unique value to the marketplace. Not surprisingly, EMC, HP, Sun and NetApp also don't make their own DDMs. Hitachi is perhaps the last major disk systems vendor that also has a DDM manufacturing division.

So, my point is that disk systems are the next layer up. Everyone knows that individual components fail. Unlike CPUs or Memory, disks actually have moving parts, so you would expect them to fail more often compared to just "chips".

If you don't feel the MTBF or AFR estimates posted by these suppliers are valid, go after them, not the disk systems vendors that use their supplies. While IBM does qualify DDM suppliers for each purpose, we are basically purchasing them from the same major vendors as all of our competitors. I suspect you won't get much more than the responses you posted from Seagate and HGST.

American car owners replace their cars every 59 months

According to a frequently cited auto market research firm, the average time before the original owner transfers their vehicle -- purchased or leased -- is currently 59 months.Both studies mention that customers have a different "definition" of failure than manufacturers, and often replace the drives before they are completely kaput. The same is true for cars. Americans give various reasons why they trade in their less-than-five-year cars for newer models. Disk technologies advance at a faster pace, so it makes sense to change drives for other business reasons, for speed and capacity improvements, lower power consumption, and so on.

The CMU study indicated that 43 percent of drives were replaced before they were completely dead.So, if General Motors estimated their cars lasted 9 years, and Toyota estimated 11 years, people still replace them sooner, for other reasons.

At IBM, we remind people that "data outlives the media". True for disk, and true for tape. Neither is "permanent storage", but rather a temporary resting point until the data is transferred to the next media. For this reason, IBM is focused on solutions and disk systems that plan for this inevitable migration process. IBM System Storage SAN Volume Controller is able to move active data from one disk system to another; IBM Tivoli Storage Manager is able to move backup copies from one tape to another; and IBM System Storage DR550 is able to move archive copies from disk and tape to newer disk and tape.

If you had only one car, then having that one and only vehicle die could be quite disrupting. However, companies that have fleet cars, like Hertz Car Rentals, don't wait for their cars to completely stop running either, they replace them well before that happens. For a large company with a large fleet of cars, regularly scheduled replacement is just part of doing business.

This brings us to the subject of RAID. No question that RAID 5 provides better reliability than having just a bunch of disks (JBOD). Certainly, three copies of data across separate disks, a variation of RAID 1, will provide even more protection, but for a price.

Robin mentions the "Auto-correlation" effect. Disk failures bunch up, so one recent failure might mean another DDM, somewhere in the environment, will probably fail soon also. For it to make a difference, it would (a) have to be a DDM in the same RAID 5 rank, and (b) have to occur during the time the first drive is being rebuilt to a spare volume.

The human body replaces skin cells every day

So there are individual DDMs, manufactured by the suppliers above; disk systems, manufactured by IBM and others, and then your entire IT infrastructure. Beyond the disk system, you probably have redundant fabrics, clustered servers and multiple data paths, because eventually hardware fails.

People might realize that the human body replaces skin cells every day. Other cells are replaced frequently, within seven days, and others less frequently, taking a year or so to be replaced. I'm over 40 years old, but most of my cells are less than 9 years old. This is possible because information, data in the form of DNA, is moved from old cells to new cells, keeping the infrastructure (my body) alive.

Our clients should approach this in a more holistic view. You will replace disks in less than 3-5 years. While tape cartridges can retain their data for 20 years, most people change their tape drives every 7-9 years, and so tape data needs to be moved from old to new cartridges. Focus on your information, not individual DDMs.

What does this mean for DDM failures. When it happens, the disk system re-routes requests to a spare disk, rebuilding the data from RAID 5 parity, giving storage admins time to replace the failed unit. During the few hours this process takes place, you are either taking a backup, or crossing your fingers.Note: for RAID5 the time to rebuild is proportional to the number of disks in the rank, so smaller ranks can be rebuilt faster than larger ranks. To make matters worse, the slower RPM speeds and higher capacities of ATA disks means that the rebuild process could take longer than smaller capacity, higher speed FC/SCSI disk.

According to the Google study, a large portion of the DDM replacements had no SMART errors to warn that it was going to happen. To protect your infrastructure, you need to make sure you have current backups of all your data. IBM TotalStorage Productivity Center can help identify all the data that is "at risk", those files that have no backup, no copy, and no current backup since the file was most recently changed. A well-run shop keeps their "at risk" files below 3 percent.

So, where does that leave us?
  • ATA drives are probably as reliable as FC/SCSI disk. Customers should chose which to use based on performance and workload characteristics. FC/SCSI drives are more expensive because they are designed to run at faster speeds, required by some enterprises for some workloads. IBM offers both, and has tools to help estimate which products are the best match to your requirements.
  • RAID 5 is just one of the many choices of trade-offs between cost and protection of data. For some data, JBOD might be enough. For other data that is more mission critical, you might choose keeping two or three copies. Data protection is more than just using RAID, you need to also consider point-in-time copies, synchronous or asynchronous disk mirroring, continuous data protection (CDP), and backup to tape media. IBM can help show you how.
  • Disk systems, and IT environments in general, are higher-level concepts to transcend the failures of individual components. DDM components will fail. Cache memory will fail. CPUs will fail. Choose a disk systems vendor that combines technologies in unique and innovative ways that take these possibilities into account, designed for no single point of failure, and no single point of repair.
So, Robin, from IBM's perspective, our hands are clean. Thank you for bringing this to our attention and for giving me the opportunity to highlight IBM's superiority at the systems level.

technorati tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

5 comments
6 views

Permalink

https://community.ibm.com/community/user/blogs/tony-pearson1/2007/03/05/fleet-cars-and-skin-cells

Comments

Archive User
Tue January 29, 2008 05:51 PM

Michael,I address these in a series of posts here:http://www.ibm.com/developerworks/blogs/page/InsideSystemStorage?entry=ibm_acquires_xivhttp://www.ibm.com/developerworks/blogs/page/InsideSystemStorage?entry=emc_electrocutes_the_elephanthttp://www.ibm.com/developerworks/blogs/page/InsideSystemStorage?entry=spreading_out_the_re_replicationhttp://www.ibm.com/developerworks/blogs/page/InsideSystemStorage?entry=more_questions_about_ibm_xivhttp://www.ibm.com/developerworks/blogs/page/InsideSystemStorage?entry=cleaning_up_the_circus_gold
(1) The original post was based on research by Google and Carnegie Mellon University that companies replace their drives more often than suggested manufacturing rates. As it turns out, these rates are often estimated by disk manufacturers based on applying heat, cold or humidity extremes, and projected mathematically. Secondly, some companies, at their option, choose to replace drives when temporary errors occur, rather than wait for a permanent error to occur. Most disk array controllers detect and report temporary errors, but do not perform rebuild until permanent errors are detected.
(2) To address the RAID-5 issue, IBM now offers RAID-6 on some of our storage devices, and the new RAID-X that will be made available on our XIV Nextra units.
The tipping point has happened already with today's large capacity SATA disk, and to a lesser extent high-capacity FC disks. Using the metric of "GB-hours" that I mentioned in one of the above posts, one can decide how much data they wish to put at risk under RAID-5, or decided to switch to a RAID-6 or RAID-X scheme instead.
I have reviewed the various technical papers on RAID-6, RAID-X and other technologies, but am afraid that they are often too technical and academic in language to be understood by the average person. Instead, I have made an attempt to simplify the key points in this blog, especially in the posts above.
I hope this helps. Please feel to comment again if you have any further questions.

Archive User
Tue January 29, 2008 03:38 PM

Please answer the Joerg Hallbauer questions... thanks!

Archive User
Tue March 06, 2007 06:54 PM

Ok, I know I'm not the brightest bulb, so I must be missing something. I don't see ANY response to the issues raised in the response from IBM above. As I read it you're saying "hey, go talk to the disk drive manufacturers". The problem with that is that it's the DISK ARRAY that determines when a drive has failed an starts the rebuild process. That IS under the control of IBM, specifically the controller. But more importantly, it effects my risk of data loss.
As I see it, my risk of data loss with RAID-5 is influenced by two main factors. 1 - The drive replacement rate and 2 - The rebuild time (which to a great extent is a function of the drive size) both of which IBM has some control over.
So, I think that the question in my mind is, what's the tipping point? Where does the risk of using RAID-5 protection exceed what I'm willing to accept, and I need to move to some other protection mechanism like RAID-6? Is it when the rebuild times exceed 12 hours? 24 hours? 48 hours?
Also, I wonder why IBM isn't publishing some information to help me make these kinds of decisions?
--joerg

Archive User
Tue March 06, 2007 05:56 PM

Richard, I was not trying to imply that not being vertically integrated made the situation better, just that nobody is vertically integrated anymore. The reliability of the drives we get from our qualified suppliers is sufficient for our needs to be competitive in the marketplace. If they weren't, we'd have to build our own.

Depending on the aspect of the business, some Lines of Business are more immune to IT outages than others. There are probably some parts of Coca-Cola that rely heavily on their IT systems.

Archive User
Tue March 06, 2007 09:26 AM

Tony,I am not so sure that not being "vertically integrated" helps with disk reliability.
When it comes to reliability, perhaps it helps to be in control of the product ‘end to end’, disk and controller firmware/hardware included.
Coca Cola is not in the data business.... they don’t have to worry about reliability.
As for the 'super secret' recipe…. It has not changed for a long time , but they own it.