vicidial.org

[sammysam1]

HI

I was wondering if anyone has implemented full disk encryption on a database server (Vicidial Cluster setup) and if there is a performance hit or any other complications?

https://en.opensuse.org/SDB:Encrypted_root_file_system

We need to implement encryption of data at rest for PCI compliance.

Thanks
Sam

[mflorell]

We have one client that tried disk encryption on their database, it did introduce significant delay with unpredictable sessions of inaccessibility of a few seconds each time. Vicidial was basically unusable for them under that scenario.

As for PCI compliance, full disk encryption is NOT a requirement, but there are a lot of other requirements, depending on the size of your business and how many credit card transactions you process.

On our hosted service, we do offer encrypted custom fields for VICIdial, where the data is stored as encrypted in the database(not using MySQL encryption), But it is not a part of the public VICIdial codebase,
http://www.vicihost.com/?p=131

Another option is to use native MySQL encryption to only encrypt the fields that need to be protected,
https://dev.mysql.com/doc/refman/5.5/en ... tions.html

[sammysam1]

Thank you Matt.

Is it alright to do full disk encryption on the archive server?

Btw the hosted solution looks very reasonable. I'll talk to my clients to see if they will move some servers over.

[mflorell]

I can't say I've ever tried using disk encryption on an archive server. I would suggest testing it first before moving a production server to it.