Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

Does anyone have metrics on the performance consequences of enabling Filevault on a MacOS FM server14 installation?


This topic is 3305 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Posted

Our University IT is now requiring MacOS users to encrypt all storage devices.

 

What I found on the FM board (http://help.filemaker.com/app/answers/detail/a_id/9650)  is the recommendation NOT to enable Filevault due to the performance hit, but no indication of the severity of the effect. The recommendation is indistinguishable from being part of a laundry list of generic recommendations to improve performance (get a fast drive, enough RAM etc).

 

Any experiences to help guide me here?

 

thanks.

Posted

Avoid File Vault.  Instead enable the built-in FileMaker Platform Encryption at Rest and Encryption in Transit.  That's why they are in the product:  to safeguard the file and to safeguard the data while they are in transit.

 

Steven

  • Like 1
Posted

Thanks Steven,

that would be my preference as well. Unfortunately, I do not know if that will satisfy the IT demands, given that they may want to check off their checkboxes.

That's why it would be useful to have some examples, even anecdotes, as long as they provide some metrics and details on the setup, that could serve as signposts for what to expect, even if it is quite clear that there is no generally valid answer given all the variables involved. 

Posted (edited)

Download https://www.wireshark.org and do your own measurements. Best way to do this is to set up 2 systems with the exact same setup, the only difference being with and without filevault.

 

Did you consider o3x?

Edited by ggt667
Posted

 

Did you consider o3x?

Non-traditional file systems are usually not a good idea for FMS deployments - and by extension FMP deployments.  ReFS from Microsoft for instance is also not a good choice.

Stay within support parameters.

 

Posted (edited)

Non-traditional file systems are usually not a good idea for FMS deployments - and by extension FMP deployments.

How come? Please explain.

 

I run ZFS/o3x on all my datastores. Not only does it outperform HFS+ and NTFS, but data is safe; there is no bitrot, in FileMaker terms there are no records with only "?" for data, and it is also possible to encrypt the pools.

Yet my major fascination with ZFS is that there are no partition sizes.

 

ZFS for SmartOS and SAN( used for postfix, postgreSQL, couchDB, FileMaker, nginx, documents, etc, ) o3x on MacOS X( mainly for documents, photos and FileMaker files )

Edited by ggt667
Posted

because they are not supported... and that is important, whether you think one OS is superior to the other.  If you pay the money for the licenses, you may as well stay within those support parameters.  It removes unknowns and uncertainty from the deployment.

On the technical side: in the case of ReFS for instance I know that the hard-linking mechanism for backups does not work.

Posted

The university I work for recently wanted to do the same exact thing to everyone.  FileVault for our MAC machines, and some variant of Symantec Encryption for any Windows based machines.   I was able to successfully argue that our FileMaker Mac server didn't need this protection because of the reasons Steven already mentioned - especially the Encryption at Rest feature.  As long as you don't put any other sensitive data/files on your server (like using it for file sharing), I don't see any reason to use FileVault on a server context.  Unless they are genuinely concerned against physical theft.  But there are better ways to prevent that sort of issue.

I cloned our production FMS onto a spare mini, and performed some metrics with and without FileVault.  As expected, the disk read/write had slowed significantly.  There was enough memory cache to handle most of the load, so it didn't really affect performance as far as FileMaker was concerned.  I only noticed client slowness when the FMS was flushing the cache to disk.  For most situations in a smaller enviroment, this is not a concern.

Posted

Strong endorsement of FileVault 2 - been using it on multiple OS X servers for several years with zero problems.   It's 100% transparent at the OS level so software such as filemaker really has no idea it's even on a FV encrypted volume.

  There is a speed hit but it's been benchmarked at around 5% or so, assuming you have a beefy enough CPU (the Core i5s and higher have built in encryption opcodes. Older Core 2 Duos may show worse performance).  

Oh, and I hope it goes without saying : buy a high quality SSD.

The only thing I don't like about FV2 is that you have to be more careful about rebooting if you are doing remote administration (check out the fdesetup authrestart command)

 

This topic is 3305 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.