[CentOS] Best configuration for encrypted software RAID 1?
SilverTip257
silvertip257 at gmail.com
Wed May 22 03:15:14 UTC 2013
On Tue, May 21, 2013 at 3:53 PM, Markus Falb <wnefal at gmail.com> wrote:
>
> On 15.Mai.2013, at 18:22, Dave Johansen wrote:
>
> > My main question is will it be better to encrypt the RAID itself or
> > the two partitions used by the RAID?
>
> encrypt data once and let md mirror the encrypted stuff
>
Certainly the simplest.
+1 for LVM inside the LUKS volume ;)
> or
> let md mirror and encrypt data twice, once per raid member.
>
In my example, my swap was striped, so it made sense (but with the price of
RAM there's hardly an excuse for swapping to disk!).
>
> Encryption is CPU hungry.
>
I'll second this. I've noticed the iowait is fairly high on my offsite
encrypted backup server (backups are on software raid with LUKS on top).
And the kcryptd process consumes a fair bit of cpu time.
> Performance wise the winner seems clear.
>
And kcrypd isn't SMP aware [0] (unless that has changed) so there's another
bottleneck.
[0] http://www.redhat.com/archives/dm-devel/2009-April/msg00151.html
> --
> Markus
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
---~~.~~---
Mike
// SilverTip257 //
More information about the CentOS
mailing list