Please validate my backup plan: Rotating offsite backup disks, from single FreeNAS primary storage

[Ericloewe]

SATA expander card.

There's no such thing as a SATA expander. The card is an SAS HBA (or controller). An SAS expander is kinda like a network switch for SAS devices. A SATA port replicator does a similar thing, but they're notoriously unreliable.

attempting to backup the GELI key for the individual drives

I have a hard time imagining it being caused by the SAS controller. I'm not familiar with the details of encryption, so I can't help you with details. I can say that, if the card is properly flashed (P20 IT mode for the latest releases, P16 for releases older than August), it's absolutely transparent. However, the mfi references are an indicator that the card is not in IT mode.

 

[usergiven]

I'd like to continue a rotating backup plan using a secondary internal pool (single disk pool) and backing up my main pool using localhost as the "remote" replication location. I ran into an issue that I'm trying to figure out. After my initial pool snapshot passed its lifetime of 1 month, the replication failed because my single disk backup pool ran out of space. I think this is due to it replicating the newest fresh snapshot and not the incremental one. I think the right solution is to check "delete stale snapshots on remote system" under replication tasks. When thinking this through, this means every month that my main pool has to resnapshot itself, will the replication task ALWAYS have to resend the entire thing? I was trying to achieve infinite incremental replication and I was hoping someone could give advice on setting this up.

I eventually will setup a duplicate Freenas box with a snapshot/replication task but even on that hardware the same question applies, methinks?

 

[Mr_N]

See Below...

 

[cyberjock]

@Mr_N

Sorry, that topic isn't related to this thread. Please create your own thread with your problem.

 

[Gerda39]

it would be possible to force it via command line to use the same key for both backup drives, but I did not bother

My apologies for posting to a pretty old thread, and I will start a new one if that is more appropriate, but I was specifically interested in exactly the option mentioned here by @Dusan - how would I encrypt multiple volumes with the same key?

I understand that it might be difficult to imagine why one would need that. Let's say I have a set of drives in a volume that will be used as primary in my FreeNAS machine. I also have a backup set of drives. I need to protect the drives when at rest with encryption, but I could do without the extra level of passphrase protection. The problem is that the users who will be operating the machine on a daily basis will not have root privileges, and thus would not be able to import, say, the backup volume after the primary has been used or vice versa. (I do that via Web Interface, something that as non-root they would not have access to. And, I imagine, if there were a way to do this via a command line, root privileges would still be required.)

So, I thought, if the two volumes had the same key, which is stored in /data/geli, the users might be able to swap the volumes seamlessly, not having to do anything extra to decrypt them. Is this assumption even correct? Obviously, I cannot test it until I can first create two volumes encrypted with exactly the same key...;) If this assumption is not correct, and even with the two volumes encrypted with the same key the volume swap is non-seamless, could you think of another solution to my dilemma?

Many thanks!