>> Are there any encryption options? Your only real option is for a KVM guest to use encryption inside a Zone (CentOS and Ubuntu offer encryption at their install screens). Some people use ZVOLs as back-ends for FreeBSD's GELI on FreeBSD, or use GELI to encrypt the underlying vdevs of their zpool, but FreeBSD Jails aren't anywhere near a complete alternative to zones.
If you need to run Windows guests, you could probably find a way to PXE-boot them off of iSCSI targets (running in another Zone) that have encrypted back-ends or just have them use Samba to access encrypted volumes. Yes I understand everything I typed above is very ugly. I would really like to see encrypted added to the illumos/ZFS or OpenZFS feature set, would do it myself if I currently held the necessary skillset. On Sat, Mar 14, 2015 at 2:00 PM, George Linn via smartos-discuss < [email protected]> wrote: > Are there any encryption options? Specifically if the SmartOS > installation is used primarily for hosting Zones. Could sleep better > knowing that if my machine was physically compromised my data would be a > bit more difficult to access. > > ------------------------------ > *From:* Brian Bennett via smartos-discuss < > [email protected]> > *To:* [email protected]; George Linn <[email protected]> > > *Sent:* Saturday, March 14, 2015 4:29 PM > *Subject:* Re: [smartos-discuss] ZFS encryption > > ZFS encryption was integrated into Solaris 11 after OpenSolaris updates > stopped. That's not to say it couldn't be added, but it hasn't been a > priority so far. > > -- > Brian Bennett > Systems Engineer, Cloud Operations, Joyent, Inc. > 655 Montgomery St., Suite 1600 | San Francisco | California | 94111 > [email protected] | www.joyent.com > office 415-400-0645 | mobile 619-663-IPv6 > > > > On Mar 14, 2015, at 11:17 AM, George Linn via smartos-discuss < > [email protected]> wrote: > > After some searching, it seems that there is no integrated encryption for > ZFS in SmartOS that would allow something like the following to happen: > > *zfs create -o encryption=on rpool/export/somthing* > > Can encryption be used with ZFS at all on SmartOS? I see some examples of > creating encrypted block devices in OpenIndiana but I am not sure how this > is helpful in a general sense on SmartOS since my disk space is all > allocated during the initial installation of SmartOS. > > > *smartos-discuss* | Archives > <https://www.listbox.com/member/archive/184463/=now> > <https://www.listbox.com/member/archive/rss/184463/26986985-d0246faa> | > Modify <https://www.listbox.com/member/?&;> Your Subscription > <http://www.listbox.com/> > > > > > > > > ------------------------------------------- > smartos-discuss > Archives: https://www.listbox.com/member/archive/184463/=now > RSS Feed: > https://www.listbox.com/member/archive/rss/184463/26967883-1315225c > Modify Your Subscription: https://www.listbox.com/member/?&; > Powered by Listbox: http://www.listbox.com > > > *smartos-discuss* | Archives > <https://www.listbox.com/member/archive/184463/=now> > <https://www.listbox.com/member/archive/rss/184463/26912851-a47b45cc> | > Modify > <https://www.listbox.com/member/?&;> > Your Subscription <http://www.listbox.com> > ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
