Of course we are all excitedly waiting for ZFS-crypto to hit OpenSolaris,
but what are some encryption methods people are using with ZFS in the mean
time? I would be interested to read any and opinions, links, or debate from
those with experience in this area.
Full disk encryption (hardware) - A simple solution, but you have to buy it.
Any recommendations?
Full disk encryption (software) - each disk is encrypted and unlocked on
boot. Is it even possible to put your root ZFS on such a system? Obviously,
the boot partition would be a seperate, unencrypted disk. As a bonus, this
would actually work with deduplication.
Container encryption - Large encrypted container files ala Truecrypt. I
think this uses FUSE. Any others?
Per-file encryption - encfs will run on FUSE
Is anyone using a FUSE based solution in a production environment? Does
that work well or is there a better way I haven''t considered? I have no
doubt ZFS-crypto will be simpler, more reliable, and more flexible than any
of these solutions, but for now we must use what we have.
Thanks,
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.opensolaris.org/pipermail/zfs-crypto-discuss/attachments/20100429/916b29ee/attachment.html>