Page 1 of 1

Partial encrypt a ZFS pool

Posted: 05 Aug 2012 18:52
by Scully
Hi there,

I wondered what the best solution is to encrypt parts of a ZFS pool. As far as i know the recommended method for encryption is to encrypt the whole disks and create a ZFS pool from these encrypted volumes.
Is there a way to encrypt only specific ZFS datasets of a non encrypted ZFS pool?
The benefit of this would be more performance for data which is not in need to be encrypted (which is the majority of the data in this case).

Somewhere I read about creating a ZFS pool, then creating ZFS volumes and encrypt these, and create a new ZFS pool from those volumes (ZFS->ELI->ZFS). How much of a performance loss would you have to take with this approach?

And related to that:
Does encryption in either of these two ways (ELI->ZFS pool) or (ZFS->ELI->ZFS) in any way "harm" or loosen ZFS's benefits related to data integrity?
I think the ZFS->ELI->ZFS method is more "secure" against data corruption because of the underlying ZFS layer, is this assumption correct?

Thanks
S.

Re: Partial encrypt a ZFS pool

Posted: 06 Aug 2012 13:03
by raulfg3
Sorry, no experience here, only read this in the ReadMe:
51 Permanent restrictions:
52 - It is not possible to format a SoftRAID disk with MSDOS FAT16/32.
53 - It is not possible to encrypt a disk partition, only complete disks are supported.
54 - Enable 'polling' on interfaces used by a LAGG interface will make it inoperable.