david lethe
2010-Aug-09 15:10 UTC
What is latest on zfs-crypto avialability / upward compatibility with lofi
Any ETA on formal release of zfs-cryto? To be politically incorrect, and with deepest respect to the development team and volunteers ... is it "safe" today? I''m having problem seeing specifics regarding upgrade/migration issues and features should I use the zfs lofi encryption today and want to go to zfs-crypto later on. Is there anything in stone saying it will be painless or even in-place? -- This message posted from opensolaris.org
Darren J Moffat
2010-Aug-09 15:38 UTC
What is latest on zfs-crypto avialability / upward compatibility with lofi
On 09/08/2010 16:10, david lethe wrote:> I''m having problem seeing specifics regarding upgrade/migration issues> and features should I use the zfs lofi encryption today and want > to go to zfs-crypto later on. Is there anything in stone saying > it will be painless or even in-place? Using lofi for encryption of a ZFS pool is equivalent as far as ZFS is concerned to having no crypto at all or having encrypting drives. To easily migrate from using a pool with lofi encryption to one that doesn''t use lofi encryption (for example to use some other form of encryption or to use none at all) you need to have been using a ZFS pool based on mirrors - though I think you should be able do this for raidz pools as well by replacing a device at a time. For a ZFS pool based on mirrors a safe and easy way to do this is attach a mirror to each of the devices in the ZFS pool that is current based on using encrypting lofi devices (maybe splitting an existing mirror and just not putting the lofi "shim" on it). Once it has all resilvered then detach the original lofi versions and you are no longer using lofi for encryption (maybe reattaching those without the lofi "shim"); you can then enable some other form of encryption if it is available to you. -- Darren J Moffat
david lethe
2010-Aug-09 18:40 UTC
What is latest on zfs-crypto avialability / upward compatibility with lofi
So when will zfs-crypto be part of an official release, and considered "safe" for production use? -- This message posted from opensolaris.org
Valerie Anne Fenwick
2010-Aug-09 18:48 UTC
What is latest on zfs-crypto avialability / upward compatibility with lofi
On 08/ 9/10 11:40 AM, david lethe wrote:> So when will zfs-crypto be part of an official release, and considered "safe" for production use?Hi David - Oracle does not allow individual employees from answering release date type details externally, but I can say that once we make an OS feature like this a part of an official release, then it is safe for production use. Valerie -- Valerie Fenwick, http://bubbva.blogspot.com/ @bubbva Solaris Security Technologies, Developer, Oracle, Inc. 17 Network Circle, Menlo Park, CA, 94025.