Hi All,

Just a quick one. I spotted that Tom Caputi committed his amazing ZFS
encryption work into the ZFSOnLinux github tree back in August. Since then
there have been a few follow up stability commits:


I wondered if Joyent had any intention of importing this work into SmartOS,
and integrating encryption into the toolchain, for example with regards to
vmadm and Triton?

If not, is anyone aware of any work being done within the wider illumos
community to integrate this into illumos-gate?

The reason that I ask is that in Europe, GDPR is coming into effect in May,
and although the regulations don't stipulate encryption, they do recommend
using it as appropriate. We are now getting customers requesting it, in
particular that their offsite backups be encrypted.

We utilise ZFS send/receive for efficient incremental backups, and at
present that means they remain unencrypted at rest.

The ZoL/OpenZFS encryption work includes the ability to do "raw send",
allowing encrypted filesystems to be sent offsite, without the recipient
server ever having access to the encryption keys, which seems ideal for our
use case.

Further, encryption would solve the case where a customer wants their data
"securely erased". With ZFS, we cannot stipulate that their data has been
erased without securely wiping all the physical disks, as zfs destroy
simply removes the pointer to it. Obviously this isn't at all practical in
a cloud or multi-tenanted environment.

Kind Regards,


Archives: https://www.listbox.com/member/archive/184463/=now
Modify Your Subscription: 
Powered by Listbox: http://www.listbox.com

Reply via email to