Thanks for the replies,
I understand that ZFS is unlikely to be ported to BSD any time soon. My requirements may seem a little puzzling, but I am also restricting the vulnerability of the clients by doing the second level of encryption/decryption (the one that lets the clients see the monolithic file as a partition) using smart cards to restrict the attack window for the fileserver to only the times when a user is actually accessing their data, or at least has left their card in. Without this second layer the server is a single point of failure if it is compromised since then it would have access to the plaintext, of course no matter what I do the workstation will always exhibit that same behaviour, but I hope the use of hardware tokens used only when necessary will limit the attack window. Do I _need_ this level of security? Probably not, I'm not the NSA and we don't have any data _that_ critical, but we keep some confidential stuff on there and I reckon security is cheap and regretting it after your data is compromised isn't. The reason I'm only using OpenBSD on the fileserver is because, much as I like BSD it doesn't meet my needs as a desktop OS, I like the design philosophy and would run it on the desktop if I felt I'd get the functionality I want. I'll obviously be doing some testing and playing with different solutions, and I'm not in a mad rush to implement this tomorrow, so I'd like to keep this thread going - I'm particularly interested to know if anyone knows the status of a port of HAMMER to BSD (if one is even planned) and if anyone can answer authoritativly whether the snapshots in it are block level? This seems to be my best chance of getting a BSD based solution. thanks Paul
