On Tue, May 21, 2013 at 8:15 PM, SilverTip257 <silvertip257 at gmail.com> wrote: > > On Tue, May 21, 2013 at 3:53 PM, Markus Falb <wnefal at gmail.com> wrote: > > > > > On 15.Mai.2013, at 18:22, Dave Johansen wrote: > > > > > My main question is will it be better to encrypt the RAID itself or > > > the two partitions used by the RAID? > > > > encrypt data once and let md mirror the encrypted stuff > > > > Certainly the simplest. > +1 for LVM inside the LUKS volume ;) > > > > or > > let md mirror and encrypt data twice, once per raid member. > > > > In my example, my swap was striped, so it made sense (but with the price of > RAM there's hardly an excuse for swapping to disk!). > > > > > > Encryption is CPU hungry. > > > > I'll second this. I've noticed the iowait is fairly high on my offsite > encrypted backup server (backups are on software raid with LUKS on top). > And the kcryptd process consumes a fair bit of cpu time. > > > > Performance wise the winner seems clear. > > > > And kcrypd isn't SMP aware [0] (unless that has changed) so there's another > bottleneck. > > [0] http://www.redhat.com/archives/dm-devel/2009-April/msg00151.html Thanks for all the feedback. I just wanted to make sure that there wasn't some gotcha that I was missing or any slight tweak that would improve performance, but it sounds like there's not. Thanks, Dave