*New 12.1 series Release:
2020-07-21: XigmaNAS 12.1.0.4.7683 - released

*New 11.4 series Release:
2020-07-20: XigmaNAS 11.4.0.4.7682 - released!


We really need "Your" help on XigmaNAS https://translations.launchpad.net/xigmanas translations. Please help today!

Producing and hosting XigmaNAS costs money. Please consider donating for our project so that we can continue to offer you the best.
We need your support! eg: PAYPAL

Partial encrypt a ZFS pool

Encrypting information and help
Forum rules
Set-Up GuideFAQsForum Rules
Post Reply
Scully
NewUser
NewUser
Posts: 1
Joined: 05 Aug 2012 18:37
Status: Offline

Partial encrypt a ZFS pool

#1

Post by Scully »

Hi there,

I wondered what the best solution is to encrypt parts of a ZFS pool. As far as i know the recommended method for encryption is to encrypt the whole disks and create a ZFS pool from these encrypted volumes.
Is there a way to encrypt only specific ZFS datasets of a non encrypted ZFS pool?
The benefit of this would be more performance for data which is not in need to be encrypted (which is the majority of the data in this case).

Somewhere I read about creating a ZFS pool, then creating ZFS volumes and encrypt these, and create a new ZFS pool from those volumes (ZFS->ELI->ZFS). How much of a performance loss would you have to take with this approach?

And related to that:
Does encryption in either of these two ways (ELI->ZFS pool) or (ZFS->ELI->ZFS) in any way "harm" or loosen ZFS's benefits related to data integrity?
I think the ZFS->ELI->ZFS method is more "secure" against data corruption because of the underlying ZFS layer, is this assumption correct?

Thanks
S.

User avatar
raulfg3
Site Admin
Site Admin
Posts: 5153
Joined: 22 Jun 2012 22:13
Location: Madrid (ESPAÑA)
Contact:
Status: Offline

Re: Partial encrypt a ZFS pool

#2

Post by raulfg3 »

Sorry, no experience here, only read this in the ReadMe:
51 Permanent restrictions:
52 - It is not possible to format a SoftRAID disk with MSDOS FAT16/32.
53 - It is not possible to encrypt a disk partition, only complete disks are supported.
54 - Enable 'polling' on interfaces used by a LAGG interface will make it inoperable.
12.0.0.4 (revision 6766)+OBI on SUPERMICRO X8SIL-F 8GB of ECC RAM, 12x3TB disk in 3 vdev in RaidZ1 = 32TB Raw size only 22TB usable

Wiki
Last changes

HP T510

Post Reply

Return to “Encryption”