LUKS safety on RAID 1 mirror

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello

I currently have a deployment with luks (aes-cbc-256) on different 1TB, 500GB, 300GB etc. drives. All the drives use different keys and XFS filesystem on the top of luks. 
I'm planning to replace this setup with 2X4TB disks in software raid1 (with mdraid) but I have my concerns.

1, If a sector goes bad on disk1 that normally shouldn't be replicated to disk2 but in case of luks I don't know what happens then.

2, I think it is more practical -when one is dealing with encryption- to keep many smaller partitions encrypted with separate keys, in case of partial disk failure (other parts of the disk can still be accessed).
Also all the partitions have their own separate luks headers...

Unlike if I don't even create partition just put sda (4TB) sdb(4TB) into and md0 array and make luks on that one, if anything goes wrong with the header I lose all my data or if any part of the disks breaks.

I know that ultimately raid is only protect against drive failures (not if files get corrupted or deleted) so have to have a separated snapshotted backup next to it. But would implementing raid1 in case of luks be an advantage or a disadvantage?

Thanks
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt




[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux