Hello list,

i have just setup a fresh NetBSD 3.0 system on top of MP 1GHz server,
with 2x 32GB raid1 raid (effective 32Gb) running at a 128MB ICP Vortex
controller. But as the writer of the NetBSD guide stated out, it won't
take to long that one will reinstall all again...

I am planing to run the following services on this server: 

+ postfix
+ mysql
+ bind 
+ courier-imap 
+ distccd
+ snort
+ apache 

I have red throught the great netbsd guide about cgd [1]. So far I think
it would be better, from a point of performance view, to only encrypt
those partitions where data is kept from the above mentioned services. 

+ mysqld: ~500MB (including snort and some userdb's)
+ courier-imap: ~500MB  
+ apache: ~300MB
+ bind: ~?
+ distccd: ~?

I have red throught the paper from Roland Dowdeswell [3], so far I think
aes-128 would at best fit my needs. What experiences do you people have
out there? Is a dual MP with 1Ghz fast enough for this task? Also I
would like to setup this services running in a chroot environment and
setting veriexec's strict [2] level to 1. 

How would you split the partions for this purposes? Any other
recommendations on this? 

Thx in advance four your great input and work on NetBSD :)

[1] 
http://www.netbsd.org/guide/en/chap-cgd.html
[2]
http://www.netbsd.org/guide/en/chap-veriexec.html#chap-veriexec-strict
[3]
http://www.imrryr.org/~elric/cgd/cgd.pdf

-- 
/sp4rc