LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Hardware
User Name
Password
Linux - Hardware This forum is for Hardware issues.
Having trouble installing a piece of hardware? Want to know if that peripheral is compatible with Linux?

Notices

Reply
 
Search this Thread
Old 01-18-2013, 03:54 PM   #1
rudepeople
LQ Newbie
 
Registered: Jan 2013
Location: I live in a town so small, if I tell you the name of the town you will know where I live.
Distribution: Fedora, Debian, and Arch
Posts: 6

Rep: Reputation: Disabled
Looking for a good raid controller...


I have been using Areca products for a long time, but recently I realized that maybe there are better solutions out there... having no real experience with any, I figured I'd come here...

I am getting tired of the raid controller taking longer to post than my entire system takes to boot. so I think I want a faster to post raid controller... but more importantly, I am looking for a raid controller that supports Full Disk Encryption (FDE). I note that a lot of storage companies are touting their drives having FDE built in but without a raid controller to support it, it's just a gimmic. also, I note that the only two controllers out there that DO support FDE are not Hardware raid, they are host raid (which Linux doesn't really do).

Assuming price is not an object (because it really isn't) what is a good Hardware raid controller that supports full disk encryption?

one last note; no, this is not for a server. I just like a workstation with some power under the hood... I like having a system that no matter what I throw at it, it works and has enough resources to spare for Minecraft at the same time! :P
 
Old 01-18-2013, 04:12 PM   #2
Kustom42
Senior Member
 
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,565

Rep: Reputation: 410Reputation: 410Reputation: 410Reputation: 410Reputation: 410
What kind of raid level are you looking to obtain? You say you want some power so is this going to be like a striped mirror or something of that nature?
 
Old 01-18-2013, 04:50 PM   #3
rudepeople
LQ Newbie
 
Registered: Jan 2013
Location: I live in a town so small, if I tell you the name of the town you will know where I live.
Distribution: Fedora, Debian, and Arch
Posts: 6

Original Poster
Rep: Reputation: Disabled
I have 5 drives in the system.

2 SSDs (OCZ Agility 2 60GB SATA II) and 3 MHDs (Seagate Momentus 750GB SATA II)

before my areca 1280 bit the dust, my disks were setup like thus:

Raid 0 stripe on SSDs - 120GB
/boot - 2GB
SWAP - 16GB
/ - remainder of stripe ~100GB

Raid 5 array on MHDs - 1500GB
/Home - 1.5TB

I kept my OS and all resource hungry applications running on the stripe (raid 0 is not really a correct term) and used the raid 5 array as /home storage... home storage doesn't require the heavy access I/O of running applications.

I would LIKE to get me swap onto a separate SSD from the root partition, but securing it would be harder...

I guess I should mention, I suffer from extreme paranoia... hence me looking into FDE.

[EDIT] I guess I should ALSO mention, I have no qualms about getting all new drives... SATA3 looks speedy fast... but I like to build my rigs around the storage controller first then the proc and system-board, I find this is the performance bottleneck almost no one looks at.

Last edited by rudepeople; 01-18-2013 at 04:59 PM.
 
Old 01-19-2013, 01:45 PM   #4
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 138Reputation: 138
It is easy to encrypt swap, whether the rest is encrypted or not - a number of tutorials abound. While there may be some speed benefits to a hardware raid controller, unless you keep a spare (especially if using hw encryption) you are better off with software raid. The performance impact on most modern systems is negligible.

Check out LSI's products as they have some models that may suit your needs. Intel may also be an option for you. However, virtually all hardware RAID controllers will slow the POST time at boot.


My personal workstation is running a RAID 1 array using mdadm and is FDE via LUKS. Swap is also encrypted and the boot partition is on a small USB key which when removed renders the system useless. Backups are to an external HDD and are also encrypted. There is no noticeable performance impact in normal daily use.
 
1 members found this post helpful.
Old 01-19-2013, 04:43 PM   #5
rudepeople
LQ Newbie
 
Registered: Jan 2013
Location: I live in a town so small, if I tell you the name of the town you will know where I live.
Distribution: Fedora, Debian, and Arch
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by NyteOwl View Post
It is easy to encrypt swap, whether the rest is encrypted or not - a number of tutorials abound. While there may be some speed benefits to a hardware raid controller, unless you keep a spare (especially if using hw encryption) you are better off with software raid. The performance impact on most modern systems is negligible.

Check out LSI's products as they have some models that may suit your needs. Intel may also be an option for you. However, virtually all hardware RAID controllers will slow the POST time at boot.


My personal workstation is running a RAID 1 array using mdadm and is FDE via LUKS. Swap is also encrypted and the boot partition is on a small USB key which when removed renders the system useless. Backups are to an external HDD and are also encrypted. There is no noticeable performance impact in normal daily use.
I figured this would be the typical response... and I really don't have a reason for wanting hardware raid anymore I guess...

I guess I should just get me a PCIe SSD card in the 16~32 gig range and put my swap out there. I could also throw my boot partition on it so I don't have to surrender any space to "/boot" from "/"

My only real concern is this, how easy is it to hack the standard luks encryption setup? is there any way to mitigate that risk?
 
Old 01-20-2013, 01:46 PM   #6
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 138Reputation: 138
LUKS uses the encryption algorithms available to the kernel. This includes AES, Blowfish, Twofish, Serpent and others. None of those mentioned have been compromised to date (or the NSA, CSE or GCHQ aren't talking). Note that LUKS, like most block level drive encryptions protect data at rest. Once mounted and unlocked the contents are as vulnerable as any non-encrypted drive. This is true of hardware FDE as well. To protect data contents at the file elvel you have to layer FDE with an encrypted filesystem (such as encfs for example).

All in all, I would say LUKS is secure enough for all consumer and virtually all business grade use. Possibly much government use as well for that matter.
 
1 members found this post helpful.
Old 01-22-2013, 07:52 PM   #7
rudepeople
LQ Newbie
 
Registered: Jan 2013
Location: I live in a town so small, if I tell you the name of the town you will know where I live.
Distribution: Fedora, Debian, and Arch
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by NyteOwl View Post
LUKS uses the encryption algorithms available to the kernel. This includes AES, Blowfish, Twofish, Serpent and others. None of those mentioned have been compromised to date (or the NSA, CSE or GCHQ aren't talking). Note that LUKS, like most block level drive encryptions protect data at rest. Once mounted and unlocked the contents are as vulnerable as any non-encrypted drive. This is true of hardware FDE as well. To protect data contents at the file elvel you have to layer FDE with an encrypted filesystem (such as encfs for example).

All in all, I would say LUKS is secure enough for all consumer and virtually all business grade use. Possibly much government use as well for that matter.
Outstanding!

I am researching encrypted filesystems as well... Thank you!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
RAID controller with RAID 1+0 for workstations/desktops dlugasx Linux - Hardware 2 03-17-2012 11:04 PM
ICP raid controller, no automatic rebuild of raid 5 after replacing bad disk auclark@wsu.edu Linux - Newbie 3 12-14-2009 10:54 AM
RAID controller card override onboard RAID controller? Dr. Psy Linux - Enterprise 1 05-30-2005 10:35 AM
Sata RAID with onboard raid controller SourCreamAndOni Linux - Hardware 1 05-21-2004 12:51 AM
ABIT KR7A133-RAID MB - HPT372 RAID Controller jeb Linux - Hardware 3 05-07-2002 01:51 PM


All times are GMT -5. The time now is 08:03 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration