Moore, Joe wrote: > Toby Thain Wrote: >> ZFS allows the architectural option of separate storage without losing end >> to end protection, so the distinction is still important. Of course this >> means ZFS itself runs on the application server, but so what? > > The OP in question is not running his network clients on Solaris or > OpenSolaris or FreeBSD or MacOSX, but rather a collection of Linux > workstations. Unless there's been a recent port of ZFS to Linux, that makes > a big What. > > Given the fact that NFS, as implemented in his client systems, provides no > end-to-end reliability, the only data protection that ZFS has any control > over is after the write() is issued by the NFS server process.
NFS can provided on the wire protection if you enable Kerberos support (there are usually 3 options for Kerberos: krb5 (or sometimes called krb5a) which is Auth only, krb5i which is Auth plus integrity provided by the RPCSEC_GSS layer, krb5p Auth+Integrity+Encrypted data. I have personally seen krb5i NFS mounts catch problems when there was a router causing failures that the TCP checksum don't catch. -- Darren J Moffat _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss