On Wed, Mar 13, 2013 at 04:00:48PM -0400, Ewen Chan wrote: > I'm running on a 30 TB server with about 1.4 million files. > > I think that at last audit, the single largest file is 45 GB (as an example). > > And I'm prepping to run AES-256-CBC. > > The host system has a SATA 6 Gbps, 10 drive, RAID5 array; so I'm > pretty sure that I can peg (or at least supply) the full 6 Gbps > bandwidth for encryption. > > I'm currently using OpenSSL 0.9.8, and evaluations to upgrade to the > latest openssl package is also being considered at this time (as well > as possible a change to the host system OS to Linux (e.g. Ubuntu > 12.04) or Solaris 11) or that I am just going to stream the data over > 10 GbE connection (by mounting over SMB/NFS and running the encryption > using the client processor, but the data is just being passed through > during the encryption process - no data is stored on the client system > post-encryption). > > The openssl wasn't recompiled from source; but whatever's > built/included with the OS.
Why not use the latest Linux kernel full disk and/or partition encryption via dmraid or other technique, which has AES-NI support in-kernel, to avoid userspace overhead which will be considerable with such throughput goals? Matthew. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
