On Mon, 27 Apr 2015 09:11:12 AM Noah O'Donoghue wrote:
On 24 April 2015 at 21:33, Russell Coker <russell@coker.com.au> wrote:
For as long as LUKS has been available commonly available CPUs have been able to encrypt/decrypt significantly faster than disks can write/read. CPUs have been increasing in speed at a greater rate than disks, so I really don't think a pair of separately encrypted disks is going to take much CPU time.
I dispute this assertion,
1. I don't think it's necessarily true.. Benchmarks such as this one indicate average 20-50% performance loss on a 2014 *core i7* ultrabook. ( http://www.phoronix.com/scan.php?page=article&item=ubuntu_1404_encryption&n um=1 )
http://ecryptfs.org/about.html The 50% performance loss was for "home directory encryption" which is using eCryptfs. The above URL describes eCryptfs and it's obvious why performance is reduced.
On Fri, 24 Apr 2015 09:33:08 PM Russell Coker wrote:
If you had a pair of SSDs then bulk IO wouldn't be a problem as the commonly available SSDs aren't THAT fast for bulk IO. But if you had lots of random seeks then the latency of encryption might slow things down a bit, but it would probably only be noticable in benchmark results not in real world operations.
For LUKS the worst case was on Postmark where LUKS delivered 76.9% of unencrypted performance on a SSD. I've pasted back in the above section from my previous message. Anyway unless the server that you are referring to is using SSDs and performing operations that are latency dependent such as running a mail server then you have nothing to worry about.
2. I think CPUs / chipsets that make their way into home servers have been increasing in performance per watt, but haven't steadily increased in performance. Especially when you look at the trend for NASes and file servers to feature power efficient Atom & AMD cpus (and ARM..) rather than quad cores, and for some manufacturers preferring dual core i7's now instead of quad core i7's for power / thermal efficiency in laptops..
While there has been a small trend towards low power systems the general trend is that everything gets faster. Sure the Raspberry Pi is somewhat slow, but it's probably still faster than the Cobalt Qube. Anyway if you run a Raspberry Pi as a server (and some people do) then you are going to be limited by USB speed and reliability. The servers with low power CPUs tend to be the ones that can't contain many disks (Dell apparently now sells low end servers that are designed for a single disk). If you look at affordable servers that are capable of having a few internal SATA disks then you will see options like the Dell PowerEdge T110 which has adequate CPU power.
I think the RAID suggestion is a good one for servers that already have RAID configured, but the rsync and set up crypto (on the LVM or RAID device rather than the disk device) is probably the better long term solution for performance / power efficiency / simplicity.
Going to use the rsync solution. Thanks everyone :)
If it's a server you should still use RAID though. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/