I appreciate what you have said here Paul. This was the kind of insight I was looking for. Very true. I have lots of large files I will be transferring back and forth, but the majority of my use will be with mysql and apache on this particular machine. I would be well off keeping the apache and mysql stuff on a non-encrypted partition and place my sensitive data on an encrypted partition. I was considering something like this already. I would like to have my apache docroot and mysql databases stored somewhere secure, but on boot mount a tmpfs to /var/lib/mysql and /var/www/html and copy the necessary files from the encrypted location to the tmpfs mounts. Then run a script to update or backup what ever is needed. The server will have plenty of ram so using 4 GB for tmpfs like this would not be an issue. Regardless, it would be a fun project anyway. Thanks again Paul. Nathan On 4/2/2013 9:48 AM, Paul Mooring wrote: > You could run some tests yourself, but due to the nature of encryption I > strongly suspect that the overhead added by LVM is negligible. Encryption > is supposed to be CPU intensive, like everything else involve security > it's a tradeoff. The most important thing to keep in mind is that you > don't need to care about CPU overhead, if it's lightly used getting your > files 0.25 seconds later and averaging 60% CPU rather than 40% just > doesn't matter. > > Stepping on my soapbox for a minute here, network/server security is far > less magical than many make it out to be. It's really up to you to > determine how much risk is involved in something and what the costs are to > mitigate that risk. In your case if the server isn't heavily used so the > CPU overhead isn't a problem, the only cost is having to put in a password > to mount the encrypted drive. The risk of having sensitive files makes it > a no brainer to set this up. Contrast that to a file server being used > for just public files (say free exes and isos from the internet) that's > heavily used by an office of people. In that case setting up encryption > is definitely more secure and also a very bad idea because the costs are > greater than the risk. > > All that to say, don't pay too much attention to those numbers. Setting > this up is pretty straightforward and moving data off the encrypted drive > is also pretty easy, so just set it up and if it works for you don't worry > about trying to squeeze that last drop of performance out until you need > to. --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss