Announcement

Collapse
No announcement yet.

Cloudflare Improving Linux Disk Encryption Performance - Doubling The Throughput

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cloudflare Improving Linux Disk Encryption Performance - Doubling The Throughput

    Phoronix: Cloudflare Improving Linux Disk Encryption Performance - Doubling The Throughput

    Cloudflare employs Linux disk encryption on their servers and with some optimizations have made it at least two times faster throughput while also lowering the latency...

    http://www.phoronix.com/scan.php?pag...ncryption-Perf

  • #2
    Makes me wonder what else is using some form of crypto offload that inline would replace and raise performance on?

    Comment


    • #3
      Maybe this is a silly question... Why disk encryption on a server? I thought this was a protection for "data at rest", e.g. a powered off laptop, unmounted disk, etc

      EDIT: Got several good answers to this, thanks
      Last edited by swagg_boi; 03-25-2020, 03:46 PM.

      Comment


      • #4
        Originally posted by swagg_boi View Post
        Maybe this is a silly question... Why disk encryption on a server? I thought this was a protection for "data at rest", e.g. a powered off laptop, unmounted disk, etc
        There are all sort of risks including protecting data from theft for a server

        Comment


        • #5
          Anyone got a way to email the author? I'm curious how their changes effect ARM. I don't believe they have the same FPU context issues for their crypto instructions. Then again the ARM crypto modules may be labled differently.

          Comment


          • #6
            "Doubling The Throughput" sounds fishy to say the least, coz that's only possible if FDE at least halves throughput, which I seriously doubt.

            ... assuming these patches aren't actually faster than unencrypted drives, of course.

            Comment


            • #7
              Originally posted by swagg_boi View Post
              Maybe this is a silly question... Why disk encryption on a server? I thought this was a protection for "data at rest", e.g. a powered off laptop, unmounted disk, etc
              Many regulated industries (I work in clinical research software) basically require all sensitive data to be encrypted at rest, regardless of the type of system it's on. This is especially important if you're renting hosting space from a 3rd party (e.g. Azure, AWS, Rackspace, etc). If the disks are unencrypted there is a possibility, however small, that one of their staff or cleaning crew could pull a drive and run off with the PHI for all of your patients (or bank account/credit card information as another example) .... which would be a really bad day for a lot of people. Same goes for physical desktops, laptops, whatever.

              All sensitive data should always be treated as if someone was about to yank the drive and sell it on the black market. If it's always encrypted, the loss of a disk is annoying, but not a company-ending event that also sends some of the management to jail.

              Comment


              • #8
                Got it. I guess that would make sense as I imagine Cloudflare probably leases rack space from ISPs and other third parties to have their servers as "close" to the end user as possible. No way for them to be 100% sure who comes in and out of those data centers.

                Comment


                • #9
                  Originally posted by anarki2 View Post
                  "Doubling The Throughput" sounds fishy to say the least, coz that's only possible if FDE at least halves throughput, which I seriously doubt.

                  ... assuming these patches aren't actually faster than unencrypted drives, of course.
                  Cloudflare does not make that claim, and also check their blog post https://blog.cloudflare.com/speeding...sk-encryption/

                  Comment


                  • #10
                    Originally posted by Pajn View Post

                    Cloudflare does not make that claim, and also check their blog post https://blog.cloudflare.com/speeding...sk-encryption/
                    I took a look but it's 20 pages of rambling and text output, so TLDR.

                    In any case, that's exactly what I implied there - it's most likely Michael's clickbait title which should be addressed.

                    Comment

                    Working...
                    X