On 07/26/11 11:28, Fred Liu wrote:
The ZFS Send stream is at the DMU layer at this layer the data is
uncompress and decrypted - ie exactly how the application wants it.
Even the data compressed/encrypted by ZFS will be decrypted?
Yes, which is exactly what I said.
All data as seen by the DMU is decrypted and decompressed, the DMU layer
is what the ZPL layer is built ontop of so it has to be that way.
> If it is true, will it be any CPU overhead?
There is always some overhead for doing a decryption and decompression,
the question is really can you detect it and if you can does it mater.
If you are running Solaris on processors with built in support for AES
(eg SPARC T2, T3 or Intel with AES-NI) the overhead is reduced
significantly in many cases.
For many people getting the stuff from disk takes more time than doing
the transform to get back your plaintext.
In some of the testing I did I found that gzip decompression can be more
significant to a workload than doing the AES decryption.
So basically yes of course but does it actually mater ?
And ZFS send/receive tunneled by ssh becomes the only way to encrypt the data
transmission?
That isn't the only way.
--
Darren J Moffat
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss