Transparent Encryption is very easy to use on Oracle Solaris.
You just need to set the encryption property when you create a new filesystem and provide a passphrase or keyfile.
On a SPARC S7 LDom we have 3 ZFS filesystems with different encryption settings.
# zfs get encryption v0123_db/plain v0123_db/encr v0123_db/encr256
NAME PROPERTY VALUE SOURCE
v0123_db/encr encryption on local
v0123_db/encr256 encryption aes-256-ccm local
v0123_db/plain encryption off -
Now lets see how much is the difference in write performance if we copy a 1 GB file.
# ls -lh p25604852_1100_Solaris86-64_1of4.zip
-rw-r--r-- 1 marcel staff 1.3G Apr 7 2017 p25604852_1100_Solaris86-64_1of4.zip
#
# time cp p25604852_1100_Solaris86-64_1of4.zip /plain
real 0m8.829s
user 0m0.002s
sys 0m1.711s
# time cp p25604852_1100_Solaris86-64_1of4.zip /encr
real 0m9.229s
user 0m0.002s
sys 0m1.747s
# time cp p25604852_1100_Solaris86-64_1of4.zip /encr256
real 0m9.733s
user 0m0.002s
sys 0m1.754s
The difference is a low one digit percent value.
Performance impact is a little larger when doing a simple read test.
# time cp /plain/p25604852_1100_Solaris86-64_1of4.zip /tmp
real 0m4.216s
user 0m0.002s
sys 0m3.810s
# time cp /encr/p25604852_1100_Solaris86-64_1of4.zip /tmp
real 0m5.131s
user 0m0.003s
sys 0m5.028s
# time cp /encr256/p25604852_1100_Solaris86-64_1of4.zip /tmp
real 0m5.400s
user 0m0.003s
sys 0m5.287s
Learn more about ZFS encryption with the Oracle Solaris 11.4 ZFS Admin Guide
https://docs.oracle.com/cd/E37838_01/html/E61017/gkkih.html
No comments:
Post a Comment