[Fed-Talk] some observations on Lion Server and whole-disk encryption
[Fed-Talk] some observations on Lion Server and whole-disk encryption
- Subject: [Fed-Talk] some observations on Lion Server and whole-disk encryption
- From: David Emery <email@hidden>
- Date: Wed, 04 Jan 2012 11:32:51 -0500
I moved my 'inside server*' to Lion Server before Christmas, and over the holidays started applying whole-disk encryption (which is my must-have Lion feature). This is running on a 2ghz Core 2 Duo Mini (conventional Mini, not Mini Server.) The primary role for this machine is file and backup server (it also provides LDAP) and the disk drives are interfaced via FW800.
Converting my disks to encrypted was surprisingly painful.
My TimeMachine drive (I started with that one) is a 2TB drive that was about 80% full. I used Carbon Copy Cloner and its block level copy to dupe that disk to an external 2TB "working copy" drive, and that step tool the better part of 18 hours. Then I formatted the TimeMachine drive to the new whole-disk encryption format. But when I tried to use CCC to restore the drive, I hit some real problems. (a) The TimeMachine drive capacity is now slightly smaller than before, so CCC won't d a block-level copy from a larger to smaller drive. And CCC will not copy TimeMachine backups any other way. So I switched to SuperDuper, which will do a file-based copy of a TimeMachine dataset. That step took another 12 hours. When I re-enabled TimeMachine, it announced that I had switched backup drives and did I really want to use that drive. That caused TimeMachine to basically crunch through the full backup set. And when TimeMachine was done, the Metadata Service (MDS) application had to rebuild the TimeMachine drive indexes.
Next I wanted to encrypt the drive (partition on a OWC Qx2 4 drive RAID enclosure) that holds my server's client home directories. I disabled file sharing, and used SuperDuper to copy that 1TB drive to my 2TB working copy drive, about 8 hours. I enabled encryption, and copied back from the 2TB to 1TB drive using SuperDuper. Once again, when that was done, TimeMachine and Metadata Service needed to spend a lot of time re-establishing backups and indexes.
Then I ran Disk Utility Repair and DiskWarrior on both the TimeMachine and home directories drives. That went OK, but -yet again- TimeMachine and MDS decided they needed to reindex the drives. I don't recall seeing this with Snow Leopard/Snow Leopard Server.
And I've noticed the load average, particularly the system/kernel (vs application) load average has substantially increased. On this machine, with MDS or TimeMachine running, system time is running 30% (and 45% when both are running, as is happening as I write this note...) It's not a surprise that the kernel does a lot of the work for encrypting/decrypting, but I didn't expect that to run 30% or more. Before, under SL Server, the overall load average was less than 5%.
I'm still hoping for a Thunderbolt to eSATA adapter, so I can move the external drives from FW800. When that happens, I'll probably replace the Core 2 Duo Mini with a Thunderbolt equipped Mini (but since my 'real disks' are external RAID enclosures, paying the extra $ for the Apple dual-drive Mini server doesn't make sense.)
dave
* I have 2 Minis running server. The other Mini is still on Snow Leopard Server and sits as a DMZ machine, running a couple of websites, etc. I am not running email.
-----
David Emery, 703 298 3473 (c) 703 272 7496 (fax)
Supporting PdM Software Integration
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden