Linked by Rohan Pearce on Wed 8th Jun 2011 21:27 UTC
BSD and Darwin derivatives "FreeNAS is an open source operating system based on FreeBSD and, as its name implies, designed for networked storage. The project recently celebrated the release of FreeNAS 8, which racked up some 43,000 downloads in the first 48 hours after its release. I caught up with Josh Paetzel, director of IT at iXsystems and project manager for FreeNAS 8, to talk about the current state of the OS, what lies ahead for it, and the relationship to FreeNAS 0.7."
Thread beginning with comment 476534
To read all comments associated with this story, please click here.
Encryption
by tony on Thu 9th Jun 2011 00:26 UTC
tony
Member since:
2005-07-06

My biggest beef with FreeNAS 8 is the lack of encryption support. Essentially, there are no more open source NAS offerings that offer encryption. FreeNAS 7 had it, but FreeNAS 8 dropped it (because they became ZFS centric where .72 was UFS or ZFS).

I would need to run regular Ubuntu or another distro or FreeBSD, and lose all the great tools FreeNAS had in order to pull off encryption.

OpenFiler doesn't do encryption. I tried to add Truecrypt but there were a tons of dependency problems with even getting a compiler installed)

ZFS supports encryption, but not in the version that's integrated with FreeNAS.

Reply Score: 2

RE: Encryption
by umccullough on Thu 9th Jun 2011 01:41 in reply to "Encryption"
umccullough Member since:
2006-01-26

My biggest beef with FreeNAS 8 is the lack of encryption support. Essentially, there are no more open source NAS offerings that offer encryption. FreeNAS 7 had it, but FreeNAS 8 dropped it (because they became ZFS centric where .72 was UFS or ZFS).


Hmm - I am using UFS on FreeNAS 8 still... but yeah, I don't remember seeing any encryption settings.

Besides the lack of a torrent client now (which apparently they will add as a plugin soon), my other major annoyance with FreeNAS 8 is that it cannot be installed to the same disk that you use for storage any longer. That was a feature I liked about FreeNAS 0.7 With FreeNAS 8 I have to use a USB stick to boot it, and it's noticeably slower to start up. There are other advantages to using the USB stick, however, so I'm not too upset about it.

I hope that FreeNAS 8 has lots of potential once the new "plugin" features start getting used.

Reply Parent Score: 2

RE: Encryption
by Luminair on Thu 9th Jun 2011 02:15 in reply to "Encryption"
Luminair Member since:
2007-03-30

Your beef is really that it is not done yet ;) FreeNAS 8 is a bit like KDE 4. iXsystems is really quite amazing, but they cannot work at warp speed. I bet a pony this new FreeNAS will have the whole kitchen sink this year.

Reply Parent Score: 2

RE[2]: Encryption
by Luminair on Thu 9th Jun 2011 02:22 in reply to "RE: Encryption"
Luminair Member since:
2007-03-30

(like KDE 4 in that it shipped missing basic stuff, not that it will take forever to catch up)

Reply Parent Score: 2

RE: Encryption
by Luminair on Thu 9th Jun 2011 02:17 in reply to "Encryption"
Luminair Member since:
2007-03-30

ZFS v28 will make an appearance sooner or later [when FreeBSD bumps up a version, and then FreeNAS bumps up to that version], which will bring things like dedup and a detachable ZIL with it. If Oracle open sources ZFS v30 like they have said they will, we'll eventually get that as well, which brings with it filesystem encryption.


I thought the encryption code was already out, but what do I know, not as much as him apparently.

Reply Parent Score: 2

RE[2]: Encryption
by Laurence on Thu 9th Jun 2011 11:49 in reply to "RE: Encryption"
Laurence Member since:
2007-03-26

I thought the encryption code was already out, but what do I know, not as much as him apparently.

ZFS encryption is a relatively new feature even on Solaris (in fact I wasn't even aware Oracle had released that versions source already).

FreeBSD's current ZFS version (v15?) doesn't even support raidz3 and deduping, which was released quite some time back, so it certainly wouldn't be recent enough to support encryption.

Reply Parent Score: 2

Whats the point of encryption?
by FunkyELF on Thu 9th Jun 2011 15:20 in reply to "Encryption"
FunkyELF Member since:
2006-07-26

Encrypted volumes protect your data if someone gets physical access to your hardware so I understand why someone would want this on laptops and home computers and things that could be stolen.

What is the benefit of encryption on production NAS systems? Would it just slow things down?

Reply Parent Score: 2

Laurence Member since:
2007-03-26

Encrypted volumes protect your data if someone gets physical access to your hardware so I understand why someone would want this on laptops and home computers and things that could be stolen.

What is the benefit of encryption on production NAS systems? Would it just slow things down?


Piece of mind if you get burgled or (if you've got something to hide) raided by the police.

Reply Parent Score: 2

umccullough Member since:
2006-01-26

What is the benefit of encryption on production NAS systems? Would it just slow things down?


It's a lot easier to decommission an HD if it's encrypted - you just remove the encryption key, and the data is effectively "scrambled".

A good example is a failed HD - depending on how the disk fails, you may not be able to erase it with zeros, but someone with the proper facilities can still recover the data off it.

If the HD is in an external enclosure (like an external eSATA or USB device), having someone walk off with it is always a possibility as well.

Erasing a disk is time consuming - so being able to simply destroy the encryption key is awfully convenient in many situations (as mentioned in the situation of a police raid - one could just yank the bootable USB key from a FreeNAS box and destroy it rendering the HD contents useless).

Edit: per your performance question, I suspect the network latency/bandwidth is a larger impact when using a NAS. With read/write caching (including read-ahead) and enough RAM, you shouldn't notice much performance impact on block-level encryption. A fast CPU should already do the trick.

Edited 2011-06-09 18:55 UTC

Reply Parent Score: 2

tony Member since:
2005-07-06

Encrypted volumes protect your data if someone gets physical access to your hardware so I understand why someone would want this on laptops and home computers and things that could be stolen.

What is the benefit of encryption on production NAS systems? Would it just slow things down?


There is some performance penalty for encryption, unless you have an Intel CPU that has AES-NI. Most of the laptops have it now, and a good number of the desktop CPUs have it. It seems to remove most of the performance penalty for encryption.

If you run Truecrypt and have an AES-NI processor (only Intel has them right now) then you can also make use of the acceleration.

Reply Parent Score: 2

RE: Encryption
by phoenix on Thu 9th Jun 2011 16:37 in reply to "Encryption"
phoenix Member since:
2005-07-11

I haven't used FreeNAS yet, but can't you maually create GELI-based "disks", then use those to create the pool?

That's the current method of supporting enc in ZFS on FreeBSD.

ZFS enc is part of ZFSv31 which is only available in Oracle Solaris 11 Express.

Reply Parent Score: 2

RE: Encryption
by modmans2ndcoming on Fri 10th Jun 2011 04:02 in reply to "Encryption"
modmans2ndcoming Member since:
2005-11-09

They said encryption in on the table for 8.1

Edit:

Apparently... future release.

Edited 2011-06-10 04:08 UTC

Reply Parent Score: 2