Bill,
You can partition a drive and have both encrypted and unencrypted partitions on the same physical drive. FileVault 2 works on a per-partition basis. For example, during my 10.7 testing, I had an encrypted 10.7 boot volume and an unencrypted 10.6.x boot
volume on the same SSD drive.
Warning! Plug ahead!
If anyone's attending this year's MacTech conference, I'm giving a session on FileVault 2:
As part of the session, I'll be talking about how you can use it in the enterprise and covering some specific issues that will be near and dear to the .gov folks in attendance.
Thanks,
Rich
----
Sent from my Wireless Handheld
On Jul 29, 2011, at 11:36 PM, "Mr. William G. Cerniuk" < email@hidden> wrote:
A little follow up as well.
I have painlessly encrypted
- Internal HD on iMac 27"
- Internal HD on MacBook Pro 15" Unibody v1
- Internal HD on MacPro Tower running as a server
- External 500GB HD
- External Thumbdrives (8GB, 16GB)
- External SmartMedia Camera memory (just because I could)
None of the aforementioned hand any issues, including and especially the MacPro server which ran for several weeks under DP4 during our testing of the new Apple Teams (or what do they call that now?). I had AFP, SMB, FTP and WebDAV turned on hitting the
encrypted disk as well. Completely forgot I encrypted it until I had to upgrade it to the release version of Lion. (upgraded it from a boot Lion installer thumb drive, clean install, very very fast)
While I realize that FileVault 2 is now a block IO level encryption, I would sure like to be able to partition a storage volume and encrypt the partitions individually if desired... There is always FileVault in Disk Image form (Encrypted Disk Image) but
not as clean. On the high side, ejecting a volume now ejects all the virtual disks that were mounted from disk images stored on the hard-volume being ejected. Now **THAT** is sweet! Virtual Disks are now a very attractive commodity, even for use on Windows
server volumes ;-)
--
Best,
Wm. Cerniuk
Ph: 703.594.7616
On Jul 22, 2011, at 3:22 PM, Taylor Armstrong wrote:
Just to follow up on my own question from earlier.
I can confirm a roughly 12% impact on throughput on my personal MBP writing to a FileVault2 volume (roughly 190mb/sec vs 215mb/sec writing a test file to a SSD)
Slight, but tolerable CPU hit.. kernal_task hovered around 4.0% while writing to a *non*-encrypted volume, and about 35% when writing to an encrypted volume. So yes, I can see the difference when watching Activity Monitor, but it certainly isn't enough to
cause major stress on the CPU and have fans spooling up. So roughly a 30% increase in CPU activity for one cpu core (out of the 4 available on my machine)....
Reads did NOT seem to be impacted as much in terms of throughput - averaged about 315mb/sec reads on both volumes, although again - kernel_task was basically a non-issue when reading from the "regular" volume, and bounced between 30-40% when reading from the
encrypted volume.
(note - both volumes are on the same physical disk, just my "regular" and my "test" partitions on a 256gb SSD. Tests were done writing out 10-20gb files using DD, not the most scientific, but easily repeatable for testing purposes.)
Taylor
On 7/21/2011 4:15 PM, Taylor Armstrong wrote:
An interesting test would be to see what sort of CPU hit you encounter as well.... with SSD's, a 12% throughput hit isn't all that horrible, but I'm curious what impact it has on CPU doing the encryption/decryption on the fly. Will
writing files cause my MBP to spin the fans up? Writing an encrypted DMG sure does....
Taylor
On 7/21/2011 4:10 PM, David Emery wrote:
I installed FileVault on an older MB Pro (that happens to have a Momentus XT Hybrid drive in it), ran XBench Disk Test, then enabled File Vault encryption and re-ran the Disk Test benchmark. FileVault inflicted a roughly 12% performance
hit. This is not a scientific test for many reasons, but it's probably a good first blush.
Does Lion support FileVault encryption on external drives, too? How about Lion Server? (Now that it's out, I guess we can talk about such things, right?)
dave
-----
David Emery, 703 298 3473 (c) 703 272 7496 (fax)
Supporting PdM Software Integration
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to
email@hidden
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
W. Taylor Armstrong email@hidden
NOAA's National Ocean Service Domain Infrastructure Team
1305 East-West Highway Phone (301) 713-1156
Silver Spring, MD 20910 http://nos.noaa.gov
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list ( email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
|