[OpenIndiana-discuss] ZFS Encryption for MySQL data store

Mark Creamer whitetr6 at gmail.com
Wed Jan 18 15:16:00 UTC 2012


OK, sorry about that guys. I was assuming it was an available feature and
was obviously incorrect. Thanks for the clarification.
-Mark

On Wed, Jan 18, 2012 at 10:11 AM, LinuxBSDos.com <finid at linuxbsdos.com>wrote:

> > I'd like to get a better understanding (or have someone correct me where
> > I'm wrong) about using ZFS encryption for a particular zfs filesystem.
> >
> > The idea is to create a zfs file system for a MySQL database to use to
> > store its datafiles since the database contains potentially sensitive
> > information. The server we would do this on already has several zfs
> > filesystems used for other purposes.
> >
> > So if I create a new filesystem, and set encryption to on, these are the
> > caveats as I understand them:
> >
> > 1. I can snapshot and zfs send | zfs receive to a separate physical
> backup
> > server for archival storage, and as long as the receiving file system is
> > also set to encryption=on, the replicated data would remain encrypted
> with
> > the same passphrase
> > 2. In order for the server to mount this filesystem on boot, someone
> would
> > need to be available to enter the passphrase - otherwise the file system
> > would remain unmounted, meaning MySQL could not use it
> >
> > Are these two things correct? If so, is there a better solution for Item
> > #2, such that remotely rebooting the server would allow MySQL to start
> and
> > be able to use the file system?
> >
>
> I don't know the answer to your question, but ZFS on OI does not yet have
> support for encryption, unless your question is about Oracle Solaris 11.
>
>
> --
> Fini D.
>
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>



-- 
Mark


More information about the OpenIndiana-discuss mailing list