[dm-crypt] Encrypted Raid1 or Raid 1 of encrypted devices?
jorge.fabregas at gmail.com
Tue Jul 12 13:32:36 CEST 2011
On 07/11/2011 06:03 PM, Laurence Darby wrote:
> Is there a recommended way to do this?
That's an interesting question: encrypted raid1 or raid1 of encrypted
disks? That also could be phrased as "dm-crypt on top of dm-raid" or
"dm-raid on top of dm-crypt"?
I must admit I would have never thought about a "raid1 of encrypted
disks" (seems awkward) but apparently it works. I'm new here (and to
disk encryption at all) but here are my two cents:
I guess from the point of view of performance (CPU-wise) , an "encrypted
RAID1" would be better as you would be only encrypting once and DM-raid
will take care of copying those bits as they are to the 2nd disk. I
suggest you do some tests (copying large amount of data to the encrypted
disk) and measure it.
There's no doubt that an encrypted raid1 is much better (much less
commands: you just need to format once, luksOpen once, luksClose once.
one backup of the header)
I'm not sure about this part. Let's see what others have to say
More information about the dm-crypt