[OpenIndiana-discuss] ZFS Encryption for MySQL data store
LinuxBSDos.com
finid at linuxbsdos.com
Wed Jan 18 15:11:08 UTC 2012
> I'd like to get a better understanding (or have someone correct me where
> I'm wrong) about using ZFS encryption for a particular zfs filesystem.
>
> The idea is to create a zfs file system for a MySQL database to use to
> store its datafiles since the database contains potentially sensitive
> information. The server we would do this on already has several zfs
> filesystems used for other purposes.
>
> So if I create a new filesystem, and set encryption to on, these are the
> caveats as I understand them:
>
> 1. I can snapshot and zfs send | zfs receive to a separate physical backup
> server for archival storage, and as long as the receiving file system is
> also set to encryption=on, the replicated data would remain encrypted with
> the same passphrase
> 2. In order for the server to mount this filesystem on boot, someone would
> need to be available to enter the passphrase - otherwise the file system
> would remain unmounted, meaning MySQL could not use it
>
> Are these two things correct? If so, is there a better solution for Item
> #2, such that remotely rebooting the server would allow MySQL to start and
> be able to use the file system?
>
I don't know the answer to your question, but ZFS on OI does not yet have
support for encryption, unless your question is about Oracle Solaris 11.
--
Fini D.
More information about the OpenIndiana-discuss
mailing list