What about using solid state drives with AES chips built in? would that remove the performance hit of a highly used server?
Would a server with several SSD's providing enough storage for the needs sufficiently handle the encryption and raid without a performance hit? Or is that not what the AES chips in the newer SSD's handle?
On 4/2/2013 9:48 AM, Paul Mooring wrote:
You could run some tests yourself, but due to the nature of encryption I strongly suspect that the overhead added by LVM is negligible. Encryption is supposed to be CPU intensive, like everything else involve security it's a tradeoff. The most important thing to keep in mind is that you don't need to care about CPU overhead, if it's lightly used getting your files 0.25 seconds later and averaging 60% CPU rather than 40% just doesn't matter. Stepping on my soapbox for a minute here, network/server security is far less magical than many make it out to be. It's really up to you to determine how much risk is involved in something and what the costs are to mitigate that risk. In your case if the server isn't heavily used so the CPU overhead isn't a problem, the only cost is having to put in a password to mount the encrypted drive. The risk of having sensitive files makes it a no brainer to set this up. Contrast that to a file server being used for just public files (say free exes and isos from the internet) that's heavily used by an office of people. In that case setting up encryption is definitely more secure and also a very bad idea because the costs are greater than the risk. All that to say, don't pay too much attention to those numbers. Setting this up is pretty straightforward and moving data off the encrypted drive is also pretty easy, so just set it up and if it works for you don't worry about trying to squeeze that last drop of performance out until you need to.
--------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
