english
other languages
nonfree Extensions:
acl extension
encryption
monitor
replication
complete
evaluate extension
free add-ons:
Logitech¨Mediasrv
Mediatomb
Kostenpflichtige Extras
via PayPal bestellen:
Bitte Hostname angeben oder per email mitteilen!
Aufgrund des Kleinunternehmerstatus gem. § 19 UStG erheben wir keine Umsatzsteuer und weisen diese daher auch nicht aus..
Unser Angebot richtet sich an gewerbliche Nutzer. Für private Verbraucher gilt unsere Widerrufsbelehrung, die Sie auch mit der Rechnung erhalten.
Details oder Infos zu Werbung an dieser Stelle...
Encryption Pools Poef
(Pools on encrypted files, works on any Solaris based System like Illumian, OpenIndiana or Solaris 11)
- GUI management of ZFS Folders on AES 256 encrypted files:
- Create encrypted folders
- Lock encrypted folders
- Unlock encrypted folderes - based on AES 256 encrypted files
- Basic Pools from one large file
- ZFS Z2 Pools from multiple small files. You can backup these encrypted Pools/files to any disk or cloud provider with ZFS-Z2 datasecurity
How to setup
- Encrypted pool management is part of the complete extension
- You can use for free for private, noncommercial use
Howto create encrypted pools
- Create a regular dataset example tank/secrets
- Create a new encrypted pool on this dataset with menu: pools - encrypted pools extension - create pool oef
- use small devices (example 2 GB) and Raid-Z2 if you want to backup your pools to external disks
- use one large basic pool if you just want to provide encrypted pools - Use menu : pools - encrypted pools extension - disconnect pool oef to lock/disconnect a pool (or shutdown)
- Use menu : pools - encrypted pools extension - connect pool oef to reconnect a pool (after lock orpower-on)
Howto backup encrypted pools
- If your encrypted pool is offline/disconnected: Backup the folder with the encrypted files
- If your pool is online/ in use: do a snap and backup the files from snap (Windows: previous version)
Howto delete encrypted pools
- Delete the encrypted files and/or throw away the key
If you want to encrypt your pools without the extension, you can do it via CLI or a shell script:
1. create a 10G file in /tank/secrets (a ZFS dataset)
cd /tank/secrets
mkfile 10g file1
2. create encrypted blockdevices from these file(s) -> creates a device /dev/lofi/1
lofiadm -c aes-256-cbc -a /tank/secrets/file1
Enter passphrase: ..
-repeat for all disks if you want to build a pool from more disks to have redundancy
(important if you want to backup these files on a non-ZFS file system)
3. Create a regular (ex. basic) ZFS pool from this or these (encrypted) device(s)
zpool create secretpool /dev/lofi/1
The newly created pool works like any ZFS pool.
4. To take offline you must export the pool and remove the devices:
zpool export secretpool
lofiadm -d /tank/secrets/file1
5. To take online you must build devices from the files again using the same PW and import the pool
lofiadm -c aes-256-cbc -a /tank/secrets/file1
Enter passphrase: ..
If you use the wrong PW, all seems ok but there are no files...
6. Now you can import your pool from these devices
zpool import -d /dev/lofi shows all available pools
To import the pool, you must use:
zpool import -d /dev/lofi/ secretpool
Disadvantage
Only disadvantage may be some lower performance (goes through ZFS twice + encryption).
Advantage
It is very elegant, easy to implement and simply based on one or more encrypted files.
If you want to backup them, you can just copy them. With small files its not a problem, even on FAT disks
with a max file limit of 2 GB. If you have build redundant ZFS pools from several files (ex Raid-Z2) its even not
a problem if two files get damaged for whatever reason on your backup disk. (encrypted backup with full ZFS data security)
more:
http://constantin.glez.de/blog/2012/02/introducing-sparse-encrypted-zfs-pools
http://www.cuddletech.com/blog/pivot/entry.php?id=1029
https://blogs.oracle.com/yakshaving/entry/encrypted fs on solaris 10
http://www.idevelopment.info/data/Oracle/DBA tips/Automatic Storage Management/ASM 21.shtml