On 07/27/11 12:51, Pawel Jakub Dawidek wrote:
On Tue, Jul 26, 2011 at 03:28:10AM -0700, Fred Liu wrote:
The ZFS Send stream is at the DMU layer at this layer the data is
uncompress and decrypted - ie exactly how the application wants it.
Even the data compressed/encrypted by ZFS will be decrypted? If it is true,
will it be any CPU overhead?
And ZFS send/receive tunneled by ssh becomes the only way to encrypt the data
transmission?
Even if zfs send/recv will work with encrypted and compressed data you
still need some secure tunneling. Storage encryption is not the same as
network traffic encryption.
Indeed, plus you don't necessarily want to always have your backups
encrypted by the same keys as the live data (ie the policy for key
management and retention could be different on purpose).
--
Darren J Moffat
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
