Detail
Why is encryption at rest preferable to LUKS (Linux Unified Key Setup)?
What is the performance impact when using LUKS?
Answer
LUKS provides a standard on-disk-format for hard disk encryption. LUKS has no awareness of data storage formats, so it does the encryption block-by-block, this results in worse performance as compared to Aerospike’s own encryption. This is particularly noticeable with record reads, where LUKS-encrypted volumes must read whole LUKS blocks and decrypt them, instead of reading single records.
Aerospike’s encryption at rest feature encrypts records on storage devices using symmetric AES-128 or AES-256 encryption and does not require reading of large blocks. It is, therefore, a more efficient encryption method for use with Aerospike. Read more about Aerospike’s encryption at rest feature on the Encryption at Rest documentation.