Hello,
I'm setting up a new bacula server for a friend. It runs on FreeBSD 6.2
using sqlite2 as the backend database. All clients are bacula 2.03 as is the
director and storage daemons. Aside, for CentOS5 are there bacula 2.03 rpms
available that do tls and data encryption that i can get from a centos-repo
rpmforge just for example?
Backups are working fine, now i'm implementing tls communications between
the various daemons and data encryption from the file daemon. For tls
encryption i followed:
http://www.devco.net/pubwiki/Bacula/TLS
and for data encryption:
http://www.bacula.org/rel-manual/Data_Encryption.html
I did some initial testing with a remote client, same network, small job. I
ran the job twice once with data encryption, once without, both times with
tls. With encryption on information was:
Elapsed time: 11 mins 34 secs
FD Files Written: 3,503
SD Files Written: 3,503
FD Bytes Written: 31,160,525 (31.16 MB)
SD Bytes Written: 32,555,687 (32.55 MB)
Rate: 44.9 KB/s
Software Compression: 77.3 %
Encryption: yes
and with encryption off:
Elapsed time: 6 mins 6 secs
FD Files Written: 3,503
SD Files Written: 3,503
FD Bytes Written: 29,080,372 (29.08 MB)
SD Bytes Written: 29,524,318 (29.52 MB)
Rate: 79.5 KB/s
Software Compression: 78.8 %
Encryption: no
After all that here are my questions. From what i can see it seems as if
there's a performance hit with data encryption, in the throughput area, is
encryption done as the files are going out? If so is that why the slow data
transfer rate? Same question for software compression, this one is a little
more slight, but without encryption it compresses a little better, though
unless your doing large backups probably not that significant. Lastly, in
both cases the fd and sd files written values are the same, but the amounts
are different, without encryption the byte values don't match, but they're
not off by that much, with encryption the mismatch is more pronounced,
question is the difference with encryption due to the fact that the files
are being sent as encrypted files?
NOw, away from the results, one last general question. Following the
bacula manual section above i created a master key called master.key and
.crt and a file-daemon specific key, called hostname-fd.key and .crt. One of
my pki lines references the master public key, but aside from that reference
there was no interaction between the keys during creation, i don't
understand how this master key will decrypt the client encrypted data if the
client specific keys are lost, since the private keys are not the same.
I hope all this makes sense.
Thanks.
Dave.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
