On Tue, May 21, 2013 at 3:53 PM, Markus Falb wnefal@gmail.com wrote:
On 15.Mai.2013, at 18:22, Dave Johansen wrote:
My main question is will it be better to encrypt the RAID itself or the two partitions used by the RAID?
encrypt data once and let md mirror the encrypted stuff
Certainly the simplest. +1 for LVM inside the LUKS volume ;)
or let md mirror and encrypt data twice, once per raid member.
In my example, my swap was striped, so it made sense (but with the price of RAM there's hardly an excuse for swapping to disk!).
Encryption is CPU hungry.
I'll second this. I've noticed the iowait is fairly high on my offsite encrypted backup server (backups are on software raid with LUKS on top). And the kcryptd process consumes a fair bit of cpu time.
Performance wise the winner seems clear.
And kcrypd isn't SMP aware [0] (unless that has changed) so there's another bottleneck.
[0] http://www.redhat.com/archives/dm-devel/2009-April/msg00151.html
-- Markus _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos