[CentOS] Best configuration for encrypted software RAID 1?

SilverTip257 silvertip257 at gmail.com
Wed May 22 03:15:14 UTC 2013


On Tue, May 21, 2013 at 3:53 PM, Markus Falb <wnefal at gmail.com> wrote:

>
> On 15.Mai.2013, at 18:22, Dave Johansen wrote:
>
> > My main question is will it be better to encrypt the RAID itself or
> > the two partitions used by the RAID?
>
> encrypt data once and let md mirror the encrypted stuff
>

Certainly the simplest.
+1 for LVM inside the LUKS volume  ;)


> or
> let md mirror and encrypt data twice, once per raid member.
>

In my example, my swap was striped, so it made sense (but with the price of
RAM there's hardly an excuse for swapping to disk!).


>
> Encryption is CPU hungry.
>

I'll second this.  I've noticed the iowait is fairly high on my offsite
encrypted backup server (backups are on software raid with LUKS on top).
 And the kcryptd process consumes a fair bit of cpu time.


> Performance wise the winner seems clear.
>

And kcrypd isn't SMP aware [0] (unless that has changed) so there's another
bottleneck.

[0] http://www.redhat.com/archives/dm-devel/2009-April/msg00151.html


> --
> Markus
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
---~~.~~---
Mike
//  SilverTip257  //



More information about the CentOS mailing list