Linked by Rohan Pearce on Wed 8th Jun 2011 21:27 UTC
BSD and Darwin derivatives "FreeNAS is an open source operating system based on FreeBSD and, as its name implies, designed for networked storage. The project recently celebrated the release of FreeNAS 8, which racked up some 43,000 downloads in the first 48 hours after its release. I caught up with Josh Paetzel, director of IT at iXsystems and project manager for FreeNAS 8, to talk about the current state of the OS, what lies ahead for it, and the relationship to FreeNAS 0.7."
Order by: Score:
Encryption
by tony on Thu 9th Jun 2011 00:26 UTC
tony
Member since:
2005-07-06

My biggest beef with FreeNAS 8 is the lack of encryption support. Essentially, there are no more open source NAS offerings that offer encryption. FreeNAS 7 had it, but FreeNAS 8 dropped it (because they became ZFS centric where .72 was UFS or ZFS).

I would need to run regular Ubuntu or another distro or FreeBSD, and lose all the great tools FreeNAS had in order to pull off encryption.

OpenFiler doesn't do encryption. I tried to add Truecrypt but there were a tons of dependency problems with even getting a compiler installed)

ZFS supports encryption, but not in the version that's integrated with FreeNAS.

Reply Score: 2

RE: Encryption
by umccullough on Thu 9th Jun 2011 01:41 UTC in reply to "Encryption"
umccullough Member since:
2006-01-26

My biggest beef with FreeNAS 8 is the lack of encryption support. Essentially, there are no more open source NAS offerings that offer encryption. FreeNAS 7 had it, but FreeNAS 8 dropped it (because they became ZFS centric where .72 was UFS or ZFS).


Hmm - I am using UFS on FreeNAS 8 still... but yeah, I don't remember seeing any encryption settings.

Besides the lack of a torrent client now (which apparently they will add as a plugin soon), my other major annoyance with FreeNAS 8 is that it cannot be installed to the same disk that you use for storage any longer. That was a feature I liked about FreeNAS 0.7 With FreeNAS 8 I have to use a USB stick to boot it, and it's noticeably slower to start up. There are other advantages to using the USB stick, however, so I'm not too upset about it.

I hope that FreeNAS 8 has lots of potential once the new "plugin" features start getting used.

Reply Score: 2

RE: Encryption
by Luminair on Thu 9th Jun 2011 02:15 UTC in reply to "Encryption"
Luminair Member since:
2007-03-30

Your beef is really that it is not done yet ;) FreeNAS 8 is a bit like KDE 4. iXsystems is really quite amazing, but they cannot work at warp speed. I bet a pony this new FreeNAS will have the whole kitchen sink this year.

Reply Score: 2

RE[2]: Encryption
by Luminair on Thu 9th Jun 2011 02:22 UTC in reply to "RE: Encryption"
Luminair Member since:
2007-03-30

(like KDE 4 in that it shipped missing basic stuff, not that it will take forever to catch up)

Reply Score: 2

RE: Encryption
by Luminair on Thu 9th Jun 2011 02:17 UTC in reply to "Encryption"
Luminair Member since:
2007-03-30

ZFS v28 will make an appearance sooner or later [when FreeBSD bumps up a version, and then FreeNAS bumps up to that version], which will bring things like dedup and a detachable ZIL with it. If Oracle open sources ZFS v30 like they have said they will, we'll eventually get that as well, which brings with it filesystem encryption.


I thought the encryption code was already out, but what do I know, not as much as him apparently.

Reply Score: 2

RE[2]: Encryption
by Laurence on Thu 9th Jun 2011 11:49 UTC in reply to "RE: Encryption"
Laurence Member since:
2007-03-26

I thought the encryption code was already out, but what do I know, not as much as him apparently.

ZFS encryption is a relatively new feature even on Solaris (in fact I wasn't even aware Oracle had released that versions source already).

FreeBSD's current ZFS version (v15?) doesn't even support raidz3 and deduping, which was released quite some time back, so it certainly wouldn't be recent enough to support encryption.

Reply Score: 2

RE[3]: Encryption
by dnebdal on Thu 9th Jun 2011 12:06 UTC in reply to "RE[2]: Encryption"
dnebdal Member since:
2008-08-27

FreeBSD's current ZFS version (v15?) doesn't even support raidz3 and deduping, which was released quite some time back, so it certainly wouldn't be recent enough to support encryption.


Well, yes and no - FreeBSD-CURRENT (which will eventually be released as the 9.x branch) has had v28 since January. The stable branches (7.x and 8.x) are still on v15, though.

I have no idea when they'll import v30, but I expect it'll happen eventually. Alternatively, it's possible to combine ZFS with e.g. GELI to get an encrypted FreeBSD system today - so if they have enough man-hours, they can add that to FreeNAS instead of waiting.

Reply Score: 1

RE[4]: Encryption
by Laurence on Thu 9th Jun 2011 12:24 UTC in reply to "RE[3]: Encryption"
Laurence Member since:
2007-03-26


Well, yes and no - FreeBSD-CURRENT (which will eventually be released as the 9.x branch) has had v28 since January. The stable branches (7.x and 8.x) are still on v15, though.

Well yes, but you'd be insane to run FreeBSD-CURRENT on a production storage array anyway, so your point is moot.

I have no idea when they'll import v30, but I expect it'll happen eventually. Alternatively, it's possible to combine ZFS with e.g. GELI to get an encrypted FreeBSD system today - so if they have enough man-hours, they can add that to FreeNAS instead of waiting.

I didn't know about GELI. Thank you ;)

Reply Score: 2

RE[5]: Encryption
by dnebdal on Thu 9th Jun 2011 15:05 UTC in reply to "RE[4]: Encryption"
dnebdal Member since:
2008-08-27

Well yes, but you'd be insane to run FreeBSD-CURRENT on a production storage array anyway, so your point is moot.


Not quite - it shows that it's already in there and just waiting for 9 to mature enough for a release. As of right now, it's quite stable - there are people using it in not-entirely-critical production, including me. (I've got a ZFS mirror with dedup and compression on a lab fileserver. It's just for working copies, but I honestly trust it more than how we store the reference copies.)

I didn't know about GELI. Thank you ;)

I think someone needs to make a "nice FreeBSD features you might not know about"-list. ;)
(I'd thrown in HAST as well - I don't use it, but I'd like to.)

Edited 2011-06-09 15:06 UTC

Reply Score: 1

RE[6]: Encryption
by Laurence on Thu 9th Jun 2011 15:22 UTC in reply to "RE[5]: Encryption"
Laurence Member since:
2007-03-26


Not quite - it shows that it's already in there and just waiting for 9 to mature enough for a release.

We already know that's the case though. The opening poster (who I was originally replying to) even stated this and it was also mentioned in the article.

The point was it's not in the STABLE branch now.


As of right now, it's quite stable - there are people using it in not-entirely-critical production, including me. (I've got a ZFS mirror with dedup and compression on a lab fileserver. It's just for working copies, but I honestly trust it more than how we store the reference copies.)

That's reassuring to hear.

I was adamant I wouldn't bother upgrading my FreeBSD NAS (Not FreeNAS - it's something I built myself) OS as it's running smoothly and - aside the ZFS array - all the other server services are running in VMs (which are kept up to date) hosted on the NAS.

However I might dd a backup image and attempt the upgrade after hearing of your success ;)

Reply Score: 2

RE[7]: Encryption
by phoenix on Thu 9th Jun 2011 16:39 UTC in reply to "RE[6]: Encryption"
phoenix Member since:
2005-07-11

[q]The point was it's not in the STABLE branch now.

It is as of 2011-06-06!!

Reply Score: 3

RE[7]: Encryption
by dnebdal on Thu 9th Jun 2011 23:05 UTC in reply to "RE[6]: Encryption"
dnebdal Member since:
2008-08-27

Mh, I was just reacting to "currently, FreeBSD doesn't even have ..." - more of a sub-ideal formulation than a completely wrong statement, anyway. ;)

And yeh, it was really quite un-dramatic. I already had CURRENT on it, and all it took was building+installing world+kernel, and a zpool upgrade.

What's definitely left is setting up NFSv4 and using the AD server for authentication ... but that'll have to wait for a chunk of spare time. At current estimates, that'll be in 2015.

Reply Score: 1

RE[3]: Encryption
by phoenix on Thu 9th Jun 2011 16:34 UTC in reply to "RE[2]: Encryption"
phoenix Member since:
2005-07-11

ZFSv28 was merged to FreeBSD 8-STABLE this week.

Reply Score: 2

Whats the point of encryption?
by FunkyELF on Thu 9th Jun 2011 15:20 UTC in reply to "Encryption"
FunkyELF Member since:
2006-07-26

Encrypted volumes protect your data if someone gets physical access to your hardware so I understand why someone would want this on laptops and home computers and things that could be stolen.

What is the benefit of encryption on production NAS systems? Would it just slow things down?

Reply Score: 2

Laurence Member since:
2007-03-26

Encrypted volumes protect your data if someone gets physical access to your hardware so I understand why someone would want this on laptops and home computers and things that could be stolen.

What is the benefit of encryption on production NAS systems? Would it just slow things down?


Piece of mind if you get burgled or (if you've got something to hide) raided by the police.

Reply Score: 2

umccullough Member since:
2006-01-26

What is the benefit of encryption on production NAS systems? Would it just slow things down?


It's a lot easier to decommission an HD if it's encrypted - you just remove the encryption key, and the data is effectively "scrambled".

A good example is a failed HD - depending on how the disk fails, you may not be able to erase it with zeros, but someone with the proper facilities can still recover the data off it.

If the HD is in an external enclosure (like an external eSATA or USB device), having someone walk off with it is always a possibility as well.

Erasing a disk is time consuming - so being able to simply destroy the encryption key is awfully convenient in many situations (as mentioned in the situation of a police raid - one could just yank the bootable USB key from a FreeNAS box and destroy it rendering the HD contents useless).

Edit: per your performance question, I suspect the network latency/bandwidth is a larger impact when using a NAS. With read/write caching (including read-ahead) and enough RAM, you shouldn't notice much performance impact on block-level encryption. A fast CPU should already do the trick.

Edited 2011-06-09 18:55 UTC

Reply Score: 2

Neolander Member since:
2010-03-08

But if the disk is out of order anyway, can't you simply mechanically destroy it with a hammer ? Sounds enough to permanently destroy regular data ^^

Reply Score: 1

RE: Whats the point of encryption?
by tony on Fri 10th Jun 2011 02:05 UTC in reply to "Whats the point of encryption?"
tony Member since:
2005-07-06

Encrypted volumes protect your data if someone gets physical access to your hardware so I understand why someone would want this on laptops and home computers and things that could be stolen.

What is the benefit of encryption on production NAS systems? Would it just slow things down?


There is some performance penalty for encryption, unless you have an Intel CPU that has AES-NI. Most of the laptops have it now, and a good number of the desktop CPUs have it. It seems to remove most of the performance penalty for encryption.

If you run Truecrypt and have an AES-NI processor (only Intel has them right now) then you can also make use of the acceleration.

Reply Score: 2

RE: Encryption
by phoenix on Thu 9th Jun 2011 16:37 UTC in reply to "Encryption"
phoenix Member since:
2005-07-11

I haven't used FreeNAS yet, but can't you maually create GELI-based "disks", then use those to create the pool?

That's the current method of supporting enc in ZFS on FreeBSD.

ZFS enc is part of ZFSv31 which is only available in Oracle Solaris 11 Express.

Reply Score: 2

RE: Encryption
by modmans2ndcoming on Fri 10th Jun 2011 04:02 UTC in reply to "Encryption"
modmans2ndcoming Member since:
2005-11-09

They said encryption in on the table for 8.1

Edit:

Apparently... future release.

Edited 2011-06-10 04:08 UTC

Reply Score: 2

Comment by Fergy
by Fergy on Thu 9th Jun 2011 07:14 UTC
Fergy
Member since:
2006-04-10

It would be nice to build your own NAS with freenas but it always seems to come done to normal PC hardware which uses a lot more power than a prebuilt NAS. Can anybody recommend hardware that comes close to the power usage of a NAS?

Reply Score: 2

RE: Comment by Fergy
by R_T_F_M on Thu 9th Jun 2011 09:05 UTC in reply to "Comment by Fergy"
R_T_F_M Member since:
2007-02-24

With new AMD CPUs (for example Asus E35M1-I fanless) in Chenbro ES34069 case and 2 x 2TB Western Digital Caviar Green power consumption is ~35-38 Watts, same as Synology or QNAP.

Reply Score: 1

RE: Comment by Fergy
by Laurence on Thu 9th Jun 2011 11:53 UTC in reply to "Comment by Fergy"
Laurence Member since:
2007-03-26

It would be nice to build your own NAS with freenas but it always seems to come done to normal PC hardware which uses a lot more power than a prebuilt NAS. Can anybody recommend hardware that comes close to the power usage of a NAS?

In all honesty, if you want to make use of ZFS then you're looking at a minimum spec of x86_64 CPU + 2GB RAM.

If low powered is essential, then you really need to be looking at something like Debian running on ARM.

Edited 2011-06-09 11:56 UTC

Reply Score: 2