On Fri, Aug 12, 2016 at 6:04 AM, Austin S. Hemmelgarn <ahferro...@gmail.com> wrote: > On 2016-08-11 16:23, Dave T wrote:
>> 5. Would most of you guys use btrfs + dm-crypt on a production file >> server (with spinning disks in JBOD configuration -- i.e., no RAID). >> In this situation, the data is very important, of course. My past >> experience indicated that RAID only improves uptime, which is not so >> critical in our environment. Our main criteria is that we should never >> ever have data loss. As far as I understand it, we do have to use >> encryption. > > On a file server? No, I'd ensure proper physical security is established > and make sure it's properly secured against network based attacks and then > not worry about it. Unless you have things you want to hide from law > enforcement or your government (which may or may not be legal where you > live) or can reasonably expect someone to steal the system, you almost > certainly don't actually need whole disk encryption. Sure but then you need a fairly strict handling policy for those drives when they leave the environment: e.g. for an RMA if the drive dies under warranty, or when the drive is being retired. First there's the actual physical handling (even interception) and accounting of all of the drives, which has to be rather strict. And second, the fallback to wiping the drive if it's dead must be physical destruction. For any data not worth physically destroying the drive for proper disposal, you can probably forego full disk encryption. -- Chris Murphy -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
