All Drobo models have a built in internal battery. If power is unexpectedly removed, Drobo uses the battery to keep the processor and memory working. Then it writes out the memory to an internal SSD flash disk and, when everything is safely preserved, turns off the battery. Anything that Drobo was working on when the power was lost is permanently saved, including any of your data that was on its way through the system. When the power is restored Drobo will reload memory from the internal SSD flash disk and pick right back up where it left off.
Saving everything like this makes sure that nothing is lost or corrupted when the power is lost.
Sounds great, but why bother?
I’ll go into some more technical depth below, but the short answer is that without a battery there can be some nasty corruption waiting to come to the surface and bite in the future.
Using a UPS can help, but a UPS can’t protect against all problems; a power supply could fail; someone could kick out a plug; the UPS itself could fail; or the array might even reboot. The truth is, without the protection of an internal battery a power failure can lead to a problem.
The issue is caused by a dirty little secret that no one likes to talk about called the “RAID write hole”. The write hole is an artifact of how writes are sent independently to the individual disks in a storage array.
Consider the simple case of a mirror, where two disks are maintained as exact duplicates of each other by the RAID array. When a computer sends a write operation to a RAID, the array duplicates it and sends it to each of the disks in the mirror. If power goes out one of those individual disk writes may have completed but the other may have been interrupted. If this happens we’d have a RAID mirror where the two halves are out of sync, one of the disks has stale data. If the first disk fails at any time later the array would end up using data on the stale half of the mirror. In effect, when the power failed a little time bomb was created, waiting to go off, weeks, months or even years later! This same sort of problem exists with RAID-5 and RAID-6 stripes where the parity can become out of sync with the data stripe. In fact every RAID configuration is susceptible to corruption when power is lost.
An internal battery is the solution that prevents a Drobo from falling into the RAID write hole. Reloading transactions that were in-flight when the power failed lets Drobo make sure its mirrors and parity are always in sync, and your data is always completely safe.
By Rod Harrison
Rod is the CTO of Drobo and is responsible for our technical direction. Rod was one of the original engineers at Drobo and has over 25 years of experience in storage and operating systems development gained at Sun, SCO, Wind River and Veritas.
7 years ago