Table 2. Additional effort for data and privacy protection using a Trusted Server.
| Issue | Comment | Additional effort |
|---|---|---|
| Basic installation | Two servers, host and virtual machine, have to be installed, LUKS-disk encryption needs to be set up and sealing scripts have to be installed. | about factor 3 |
| Customization | Task-specific software installation and configuration is required on the virtual machine only and in a conventional fashion. | none |
| Initialization and Sealing | Depends on installation size, disk- and system performance. Values relate to a fully functional standard Debian GNU/Linux system on two different hardware platforms. | 25 minutes on older 2CPU/8GB/SATA Laptop 15 minutes on 12CPU/32GB/SAS Server |
| Backup & Restore | Duration depends on disk and interface performance and installation size. Any data uploaded after sealing at least decryption keys have to be uploaded again after sealing. |
+ second disk restore + sealing + data or key upload |
| System update | Full restore and sealing is needed, update times itself are equal to unsecured server but have to be applied to host and virtual machine. | + restore + double updates + sealing |
| System stability | No instability or otherwise different behavior compared to our conventional servers was observed during one year of operation on several servers. | none |
| Performance degradation | Possible impact on performance by LUKS disk encryption or the virtual machine is not observable on any modern hardware. | not observable |
| Resource consumption | Moderately better equipment is required. | + second disk + 4 GB RAM for host |