Does commenting still work?

/FJ

It seems to work

/FJ

For performance ideas, have a look at Dan Langille's results. He has looked much more at this than I have.

Performance depends on your CPU. If it can not encrypt/decrypt the data fast enough, you are going to wait on it.

My home server is a HP MicroServer N36L. It has an Atom-like dual core CPU, running at 1.3GHz. Not a speedmonster in any way. 4 drives attached, running raidz1.

I can read around 55MB/s from the encrypted ZFS. While doing this, the CPU is maxed out.

If your server has a modern high performance CPU, you will be able to saturate a 1Gb link with no problem.

I've been considering converting my Windows Server 2008r2 setup with 6x3TB in raid 5 to a ZFS built with encryption. So i'd be using FreeBSD 9.1 + GELI + ZFS raidz1 or z2 pool.

What kind of performance can I expect? Can I easily saturate a 1 gbit connection? And how much CPU does it use? Is the performance cpu or hdd bound? And if so, which cpu do you use?

Hopefully you can give me some more insight.

Thanks

(Sorry about the delay. I have not yet set up monitoring of the comment moderation queue. UPDATE: This has been fixed now)

I do not understand why you would want more than 3 parity disks. The ability to loose 3 disks before loosing data is pretty OK. Are you sure that you are not confusing the number of disks in the pool with the number of parity disks?

As for truecrypt, you might be looking for /usr/ports/security/truecrypt

Hi,

Thank you for documenting this experiment/observation with others. I really appreciate it. I am a bsd noob trying to covert my system to bsd and very much interested in encrypted zfs. I read somewhere that zfs only supports up to 3 raidz parity disks as I found out here -> https://blogs.oracle.com/ahl/entry/what_is_raid_z and so does most of the example I found on the net.

Another question, Are there any functionality/programs like truecrypt in bsd where I can hide partitions/(pools?) in bsd just like in linux/windows ?

Thank you again for a thoughtful write-up on encrypted zfs.

Tarsnap er fint for den paranoide geek.

rsnapshot for os knap så paranoide geeks

og gmail/dropbox/usb lignende løsninger for de resterende 99.9% af jordens befolkning

men off-site backup er generelt et godt råd

Dropbox er afgjort en god løsning for de fleste.
De sikkerheds issues der er ved servicen, er ikke relevante for de fleste almindelige brugere.

Man skal dog huske at den stjålne laptop vil have adgang til at slette data i dropbox.
Ikke noget der vil være et problem i de fleste situationer med en mistet laptop, men dog en pointe.

Jeg har også pushet https://www.dropbox.com/ til venner og bekendte. En nem måde at få taget en kopi og få den sendt væk fra computeren.

Sikkerheden for at amazon s3 så ikke smider vores data væk og sikkerheden mod at nogen læser mine filer....tjaeh tjoeh... Erfaringen viser at det er mere sandsynligt at min taske bliver stjålet