Hi All, Just a quick one. I spotted that Tom Caputi committed his amazing ZFS encryption work into the ZFSOnLinux github tree back in August. Since then there have been a few follow up stability commits:
https://github.com/zfsonlinux/zfs/commits/master/lib/libzfs/libzfs_crypto.c I wondered if Joyent had any intention of importing this work into SmartOS, and integrating encryption into the toolchain, for example with regards to vmadm and Triton? If not, is anyone aware of any work being done within the wider illumos community to integrate this into illumos-gate? The reason that I ask is that in Europe, GDPR is coming into effect in May, and although the regulations don't stipulate encryption, they do recommend using it as appropriate. We are now getting customers requesting it, in particular that their offsite backups be encrypted. We utilise ZFS send/receive for efficient incremental backups, and at present that means they remain unencrypted at rest. The ZoL/OpenZFS encryption work includes the ability to do "raw send", allowing encrypted filesystems to be sent offsite, without the recipient server ever having access to the encryption keys, which seems ideal for our use case. Further, encryption would solve the case where a customer wants their data "securely erased". With ZFS, we cannot stipulate that their data has been erased without securely wiping all the physical disks, as zfs destroy simply removes the pointer to it. Obviously this isn't at all practical in a cloud or multi-tenanted environment. Kind Regards, Alasdair ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
