iSCSI + Bitlocker?

Status
Not open for further replies.

xCatalystx

Contributor
Joined
Dec 3, 2014
Messages
117
Am I insane for thinking this might be a good idea? I am currently using a VHD encrypted with BitLocker but I am considering moving this to the network.

Would iSCSI provide better performance vs SMB? How about snapshots? I haven't tested anything so I was more just throwing it out there. The volume will only be read/write from 1 client device, I might mount the others as read-only.

I'm mainly storing personal docs, financials, tax records, etc. My desktop and laptop are both BitLocker enabled, but my zpool isn't encrypted (nor do i plan to. more likely to make a separate zpool).

I was using TrueCrypt till all that... well, you know what.
 

Stux

MVP
Joined
Jun 2, 2016
Messages
4,358
Unless you use a cluster aware file system, you mustn't have more than one client connecting to the volume.

The readers are not going to react well when the writer changes the world out from under them
 

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,175
I was using TrueCrypt till all that... well, you know what.
VeraCrypt was audited and found to be mostly okay. I expect the little issues to have been fixed by now, too.
 

Dice

Wizard
Joined
Dec 11, 2015
Messages
1,410
I'd like to get my thoughts straightened out on this topic -
1. Does CoW pose any problems when running VeraCrypt?
(I vaguely recall something about encrypted "lockers" appear as huge files - which in turn would cause unnecessarily large writes and terrible performance due to CoW nature?)
2. Is it problematic to encrypt an entire dataset(SMB shared) with veracrypt?
(recognizing the data will only be accessible via SMB/veracrypt)
 

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,175
1. Does CoW pose any problems when running VeraCrypt?
(I vaguely recall something about encrypted "lockers" appear as huge files - which in turn would cause unnecessarily large writes and terrible performance due to CoW nature?)
ZFS operates on a block, not file basis, so it's not worse than a zvol over iSCSI, but presumably a much lighter load.

2. Is it problematic to encrypt an entire dataset(SMB shared) with veracrypt?
(recognizing the data will only be accessible via SMB/veracrypt)
Depends on the size of the file(s) (you can't encrypt the dataset itself from a client).

You might want to wait for encrypted datasets to be released. I think it shouldn't be too long, now.
 

Dice

Wizard
Joined
Dec 11, 2015
Messages
1,410
ZFS operates on a block, not file basis, so it's not worse than a zvol over iSCSI, but presumably a much lighter load.
Last time I made an effort I got stuck on "encrypted containers" that I concluded would become a nightmare to have laying around on SMB shares, as they would effectively act as huge files, with an expected large hash-overhead forcing uncalled for amounts of writes on the ZFS level.
 
Status
Not open for further replies.
Top