begr4trwh436
Cadet
- Joined
- Apr 19, 2022
- Messages
- 6
Hello together,
I´m new to TrueNAS Scale, but I already read here many threads and the TrueNAS documentation. My TrueNAS Scale server is already installed on a Boot Disk, but without an Storage Pool, I will wait and understand the encryption process, for example my Notebook is with LUKS encrypted, it asks me each boot process to enter a passphrase, no one can read the data on the disk until I unlock LUKS with the passphrase.
When I would create for example the following pool layout, the easiest way would be to encrypt only "high important" projects folder, at dataset level
tank01
- rootdataset
-- media
---- music
---- movies
-- shares
--- smb
--- nfs
-- projects (encrypted)
--- projectA (encrypted)
--- procectB (encrypted)
--- ... (encrypted)
...but maybe, the other should also be encrypted or new directories would be important again
1) How you handle these data and which encryption type keyfile or passphrase would you choose?
2) I read the keyfile will remain on the boot disk, so each server restart will be automatically decrypt the dataset? If it is true, the strong passphrase approach is for my better to decrypt the content manually!
3) The planned RAIDZ2 pool with 6 disks, how would be to look at a specific disk and mount it on external system, to look into the uncrypted data, is it possible (RAW ZFS)?
4) The decision about encrypt the new pool tank01 from beginning is still open, are there any disadvantages/performance problems/Scrub task on encrypted datasets ... ??
Encryption with TrueNAS:
https://www.truenas.com/docs/core/storage/pools/storageencryption/
I´m new to TrueNAS Scale, but I already read here many threads and the TrueNAS documentation. My TrueNAS Scale server is already installed on a Boot Disk, but without an Storage Pool, I will wait and understand the encryption process, for example my Notebook is with LUKS encrypted, it asks me each boot process to enter a passphrase, no one can read the data on the disk until I unlock LUKS with the passphrase.
When I would create for example the following pool layout, the easiest way would be to encrypt only "high important" projects folder, at dataset level
tank01
- rootdataset
-- media
---- music
---- movies
-- shares
--- smb
--- nfs
-- projects (encrypted)
--- projectA (encrypted)
--- procectB (encrypted)
--- ... (encrypted)
...but maybe, the other should also be encrypted or new directories would be important again
1) How you handle these data and which encryption type keyfile or passphrase would you choose?
2) I read the keyfile will remain on the boot disk, so each server restart will be automatically decrypt the dataset? If it is true, the strong passphrase approach is for my better to decrypt the content manually!
3) The planned RAIDZ2 pool with 6 disks, how would be to look at a specific disk and mount it on external system, to look into the uncrypted data, is it possible (RAW ZFS)?
4) The decision about encrypt the new pool tank01 from beginning is still open, are there any disadvantages/performance problems/Scrub task on encrypted datasets ... ??
Encryption with TrueNAS:
https://www.truenas.com/docs/core/storage/pools/storageencryption/