On Tue, May 21, 2013 at 3:53 PM, Markus Falb <wnefal at gmail.com> wrote: > > On 15.Mai.2013, at 18:22, Dave Johansen wrote: > > > My main question is will it be better to encrypt the RAID itself or > > the two partitions used by the RAID? > > encrypt data once and let md mirror the encrypted stuff > Certainly the simplest. +1 for LVM inside the LUKS volume ;) > or > let md mirror and encrypt data twice, once per raid member. > In my example, my swap was striped, so it made sense (but with the price of RAM there's hardly an excuse for swapping to disk!). > > Encryption is CPU hungry. > I'll second this. I've noticed the iowait is fairly high on my offsite encrypted backup server (backups are on software raid with LUKS on top). And the kcryptd process consumes a fair bit of cpu time. > Performance wise the winner seems clear. > And kcrypd isn't SMP aware [0] (unless that has changed) so there's another bottleneck. [0] http://www.redhat.com/archives/dm-devel/2009-April/msg00151.html > -- > Markus > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- ---~~.~~--- Mike // SilverTip257 //