Re: [dm-crypt] Encrypted Raid1 or Raid 1 of encrypted devices?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Jorge Fábregas" <jorge.fabregas@gmail.com>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Encrypted Raid1 or Raid 1 of encrypted devices?
Date: Tue, 12 Jul 2011 07:32:36 -0400	[thread overview]
Message-ID: <4E1C30D4.9010503@gmail.com> (raw)
In-Reply-To: <20110711230312.9833b94d.ldarby@tuffmail.com>

On 07/11/2011 06:03 PM, Laurence Darby wrote:
> Is there a recommended way to do this?

Hello Laurence,

That's an interesting question:  encrypted raid1 or raid1 of encrypted
disks? That also could be phrased as "dm-crypt on top of dm-raid" or
"dm-raid on top of dm-crypt"?

I must admit  I would have never thought about a "raid1 of encrypted
disks" (seems awkward) but apparently it works.  I'm new here (and to
disk encryption at all) but here are my two cents:

# Performance
I guess from the point of view of performance (CPU-wise) , an "encrypted
RAID1" would be better as you would be only encrypting once and DM-raid
will take care of copying those bits as they are to the 2nd disk.  I
suggest you do some tests (copying large amount of data to the encrypted
disk) and measure it.

# Management
There's no doubt that an encrypted raid1 is much better (much less
commands: you just need to format once, luksOpen once, luksClose once.
one backup of the header)

# Reliability
I'm not sure about this part.  Let's see what others have to say
regarding this.

Regards,
Jorge

next prev parent reply	other threads:[~2011-07-12 11:32 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-07-11 22:03 [dm-crypt] Encrypted Raid1 or Raid 1 of encrypted devices? Laurence Darby
2011-07-12 11:32 ` Jorge Fábregas [this message]
2011-07-12 12:10   ` Milan Broz
2011-07-12 12:31     ` Arno Wagner
2011-07-12 23:14       ` Laurence Darby
2011-07-12 12:20 ` Arno Wagner
     [not found] <mailman.6.1310512453.3639.dm-crypt@saout.de>
2011-07-14  6:17 ` Yaron Sheffer
2011-07-14 11:01   ` Arno Wagner
2011-07-14 11:41     ` Roscoe
2011-07-14 13:42       ` Arno Wagner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4E1C30D4.9010503@gmail.com \
    --to=jorge.fabregas@gmail.com \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.