[CentOS] Best configuration for encrypted software RAID 1?

Wed May 22 03:15:14 UTC 2013
SilverTip257 <silvertip257 at gmail.com>

On Tue, May 21, 2013 at 3:53 PM, Markus Falb <wnefal at gmail.com> wrote:

> On 15.Mai.2013, at 18:22, Dave Johansen wrote:
> > My main question is will it be better to encrypt the RAID itself or
> > the two partitions used by the RAID?
> encrypt data once and let md mirror the encrypted stuff

Certainly the simplest.
+1 for LVM inside the LUKS volume  ;)

> or
> let md mirror and encrypt data twice, once per raid member.

In my example, my swap was striped, so it made sense (but with the price of
RAM there's hardly an excuse for swapping to disk!).

> Encryption is CPU hungry.

I'll second this.  I've noticed the iowait is fairly high on my offsite
encrypted backup server (backups are on software raid with LUKS on top).
 And the kcryptd process consumes a fair bit of cpu time.

> Performance wise the winner seems clear.

And kcrypd isn't SMP aware [0] (unless that has changed) so there's another

[0] http://www.redhat.com/archives/dm-devel/2009-April/msg00151.html

> --
> Markus
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

//  SilverTip257  //