as a SaaS provider with sensitive informations we think about crypted filesystem (under Linux) but is there any problem about performances or maintenance if the filesystem crash? We want to use it on Mysql server for web application with medium load but high peeks of visitors.
Thanks,
Regards
Cédric
1) There is a performance hit. That might be low enough for you to handle... or maybe not. You'll have to test in your environment.
2) FS crashes aren't any worse with encryption, though when booting into whatever recovery console you use (main system , or a boot cd) you'll need to have all the encryption tools and pass phases or keys to unlock the encrypted partitions before performing any recovery actions on them otherwise you won't be able to do anything at all.
3) Encrypted file systems generally only protect you in situations where the physical disk has been stolen/misplaced. Once an encrypted file system is mounted, it is, for all disc access, unencrypted. This is true, at least, for boot time encryption. If you're going to use some sort of user level encryption where each customer has a separately mounted separately encrypted FS then that won't apply. THAT, however, will likely be much more cumbersome to set up. From what you've described, handling encryption at the application level might be more appropriate.
EDIT: I should add that I use FS level encryption on desktops and laptops but not on any servers here at the office. The only advantage to FS level encryption on servers that I see is saving time when decomissioning them: wouldn't have to wipe the drives before hocking them.
