- The Basics
- 1. Select encryption software
- 2. Create encrypted partition
- 3. Configure Iguana
We frequently get asked about using encrypted storage for Iguana’s log files, and our answer is usually “it’s straightforward!”
That’s true. Still, we thought a quick primer would be a helpful addition to our documentation.
The Basics [top]
Disk encryption is specific to your operating system. If you’re running Iguana on Windows, your steps will be different from those on Linux or Mac. But in general the same approach holds. Here are the steps, in general:
- Select the disk encryption software
- Create an encrypted disk partition
- Configure Iguana to use the encrypted partition
Before you begin, keep this in mind:
Using encrypted storage introduces a risk of data loss (or, rather, data unrecoverability.) If a password or key is misplaced or forgotten, there is no getting the data back, ever.
1. Select disk encryption software [top]
There many disk encryption options (see Comparison Of Disk Encryption Software at Wikipedia). Our advice is to use a mainstream product that is in widespread usage.
We have successfully used and tested these products with Iguana:
- Windows: Microsoft BitLocker
- Linux: LUKS/dm-crypt
- Mac OS X: FileVault2
2. Create an encrypted disk partition [top]
All the platforms we have tested with Iguana provide detailed step-by-step guides, with supporting documentation. Follow the instructions for your platform.
- Microsoft BitLocker (Windows)
- LUKS/dm-crypt Disk Encryption Guide (Linux. This guide is provided by RedHat, but the instructions can be followed on any modern distribution.)
- Apple FileVault2 (Mac)
3. Configure Iguana to use the encrypted partition [top]
This is the easiest part. Just follow the instructions here: Changing the Iguana Logs Directory, and then re-start Iguana. That’s it!
You can expect a small performance hit associated with the overhead of disk encryption.
We performed a series of tests on Iguana (both Windows and Linux) using a 10-channel “daisy chain” of LLP channels with extremely high message volume. Our results showed a roughly 20-35% decrease in the number of messages processed per minute.
These channels basically did nothing but write logfiles, with no transformation or networking activity, so they represent the worst-case scenario for encryption-related slowdown.