[dm-crypt] Encrypted Raid1 or Raid 1 of encrypted devices?

Jorge Fábregas jorge.fabregas at gmail.com
Tue Jul 12 13:32:36 CEST 2011


On 07/11/2011 06:03 PM, Laurence Darby wrote:
> Is there a recommended way to do this?

Hello Laurence,

That's an interesting question:  encrypted raid1 or raid1 of encrypted
disks? That also could be phrased as "dm-crypt on top of dm-raid" or
"dm-raid on top of dm-crypt"?

I must admit  I would have never thought about a "raid1 of encrypted
disks" (seems awkward) but apparently it works.  I'm new here (and to
disk encryption at all) but here are my two cents:

# Performance
I guess from the point of view of performance (CPU-wise) , an "encrypted
RAID1" would be better as you would be only encrypting once and DM-raid
will take care of copying those bits as they are to the 2nd disk.  I
suggest you do some tests (copying large amount of data to the encrypted
disk) and measure it.

# Management
There's no doubt that an encrypted raid1 is much better (much less
commands: you just need to format once, luksOpen once, luksClose once.
one backup of the header)

# Reliability
I'm not sure about this part.  Let's see what others have to say
regarding this.

Regards,
Jorge


More information about the dm-crypt mailing list