LinuxQuestions.org

LinuxQuestions.org (http://www.linuxquestions.org/questions/index.php)
-   Linux - Hardware (http://www.linuxquestions.org/questions/forumdisplay.php?f=18)
-   -   Looking for a good raid controller... (http://www.linuxquestions.org/questions/showthread.php?t=4175446227)

rudepeople 01-18-2013 03:54 PM

Looking for a good raid controller...
 
I have been using Areca products for a long time, but recently I realized that maybe there are better solutions out there... having no real experience with any, I figured I'd come here...

I am getting tired of the raid controller taking longer to post than my entire system takes to boot. so I think I want a faster to post raid controller... but more importantly, I am looking for a raid controller that supports Full Disk Encryption (FDE). I note that a lot of storage companies are touting their drives having FDE built in but without a raid controller to support it, it's just a gimmic. also, I note that the only two controllers out there that DO support FDE are not Hardware raid, they are host raid (which Linux doesn't really do).

Assuming price is not an object (because it really isn't) what is a good Hardware raid controller that supports full disk encryption?

one last note; no, this is not for a server. I just like a workstation with some power under the hood... I like having a system that no matter what I throw at it, it works and has enough resources to spare for Minecraft at the same time! :P

Kustom42 01-18-2013 04:12 PM

What kind of raid level are you looking to obtain? You say you want some power so is this going to be like a striped mirror or something of that nature?

rudepeople 01-18-2013 04:50 PM

I have 5 drives in the system.

2 SSDs (OCZ Agility 2 60GB SATA II) and 3 MHDs (Seagate Momentus 750GB SATA II)

before my areca 1280 bit the dust, my disks were setup like thus:

Raid 0 stripe on SSDs - 120GB
/boot - 2GB
SWAP - 16GB
/ - remainder of stripe ~100GB

Raid 5 array on MHDs - 1500GB
/Home - 1.5TB

I kept my OS and all resource hungry applications running on the stripe (raid 0 is not really a correct term) and used the raid 5 array as /home storage... home storage doesn't require the heavy access I/O of running applications.

I would LIKE to get me swap onto a separate SSD from the root partition, but securing it would be harder...

I guess I should mention, I suffer from extreme paranoia... hence me looking into FDE.

[EDIT] I guess I should ALSO mention, I have no qualms about getting all new drives... SATA3 looks speedy fast... but I like to build my rigs around the storage controller first then the proc and system-board, I find this is the performance bottleneck almost no one looks at.

NyteOwl 01-19-2013 01:45 PM

It is easy to encrypt swap, whether the rest is encrypted or not - a number of tutorials abound. While there may be some speed benefits to a hardware raid controller, unless you keep a spare (especially if using hw encryption) you are better off with software raid. The performance impact on most modern systems is negligible.

Check out LSI's products as they have some models that may suit your needs. Intel may also be an option for you. However, virtually all hardware RAID controllers will slow the POST time at boot.


My personal workstation is running a RAID 1 array using mdadm and is FDE via LUKS. Swap is also encrypted and the boot partition is on a small USB key which when removed renders the system useless. Backups are to an external HDD and are also encrypted. There is no noticeable performance impact in normal daily use.

rudepeople 01-19-2013 04:43 PM

Quote:

Originally Posted by NyteOwl (Post 4873653)
It is easy to encrypt swap, whether the rest is encrypted or not - a number of tutorials abound. While there may be some speed benefits to a hardware raid controller, unless you keep a spare (especially if using hw encryption) you are better off with software raid. The performance impact on most modern systems is negligible.

Check out LSI's products as they have some models that may suit your needs. Intel may also be an option for you. However, virtually all hardware RAID controllers will slow the POST time at boot.


My personal workstation is running a RAID 1 array using mdadm and is FDE via LUKS. Swap is also encrypted and the boot partition is on a small USB key which when removed renders the system useless. Backups are to an external HDD and are also encrypted. There is no noticeable performance impact in normal daily use.

I figured this would be the typical response... and I really don't have a reason for wanting hardware raid anymore I guess...

I guess I should just get me a PCIe SSD card in the 16~32 gig range and put my swap out there. I could also throw my boot partition on it so I don't have to surrender any space to "/boot" from "/"

My only real concern is this, how easy is it to hack the standard luks encryption setup? is there any way to mitigate that risk?

NyteOwl 01-20-2013 01:46 PM

LUKS uses the encryption algorithms available to the kernel. This includes AES, Blowfish, Twofish, Serpent and others. None of those mentioned have been compromised to date (or the NSA, CSE or GCHQ aren't talking). Note that LUKS, like most block level drive encryptions protect data at rest. Once mounted and unlocked the contents are as vulnerable as any non-encrypted drive. This is true of hardware FDE as well. To protect data contents at the file elvel you have to layer FDE with an encrypted filesystem (such as encfs for example).

All in all, I would say LUKS is secure enough for all consumer and virtually all business grade use. Possibly much government use as well for that matter.

rudepeople 01-22-2013 07:52 PM

Quote:

Originally Posted by NyteOwl (Post 4874213)
LUKS uses the encryption algorithms available to the kernel. This includes AES, Blowfish, Twofish, Serpent and others. None of those mentioned have been compromised to date (or the NSA, CSE or GCHQ aren't talking). Note that LUKS, like most block level drive encryptions protect data at rest. Once mounted and unlocked the contents are as vulnerable as any non-encrypted drive. This is true of hardware FDE as well. To protect data contents at the file elvel you have to layer FDE with an encrypted filesystem (such as encfs for example).

All in all, I would say LUKS is secure enough for all consumer and virtually all business grade use. Possibly much government use as well for that matter.

Outstanding!

I am researching encrypted filesystems as well... Thank you!


All times are GMT -5. The time now is 04:53 AM.