Date: Thu, 10 Oct 2013 20:08:31 +0200 From: Terje Elde <terje@elde.net> To: yudi v <yudi.tux@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Geli and ZFS Message-ID: <77878DF1-8266-406D-BD76-02295AE09CF0@elde.net> In-Reply-To: <CACo--mtCxL1TPuACind8VsaFmA%2B7jB1Hxu0%2B5Pviauo=mV0vOA@mail.gmail.com> References: <CACo--mtCxL1TPuACind8VsaFmA%2B7jB1Hxu0%2B5Pviauo=mV0vOA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_052FB60A-7917-462B-A4D0-F3274E3EB14F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On Oct 9, 2013, at 6:43 AM, yudi v <yudi.tux@gmail.com> wrote: > Generally, it's recommended to let ZFS manage the whole disk if = possible, > so I was wondering if the second option is better. > I will be using couple of 3TB HDDs mirrored for data and want to = encrypt > them. IIRC, there is/was a major performance-difference on Solaris between = using ZFS on a partition, or a whole disk. FreeBSD is happy with = either. The two alternatives you mentioned were: ZFS over GELI over disk and ZFS over GELI over ZFS over disk While ZFS wouldn't get the raw disk in setup #1, the left-most ZFS = wouldn't get it in the second scenario either. > I am hoping someone with an in-depth understanding of ZFS will be able = to > offer some insight. What I usually do and recommend is using GPT with labels for the = partitions you'll put GELI/ZFS on. There's a couple of different reasons for this: * It'll let you create your zpool on /dev/gpt/label, which will make it = easy to find even when the device moves (harddisk-renumbering, changes = from internal ATA to USB enclosure=85 ) * You don't run things through ZFS twice. * The disk is fully encrypted. * etc Terje --Apple-Mail=_052FB60A-7917-462B-A4D0-F3274E3EB14F Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEkBAEBCgAGBQJSVu0lAAoJEKIog3c0EBYzZh8IPjeiHx14sJsoTDWtZtmz+W3t 5YFsutQlYgL/iXN0Wao6BJ/07UvwJn3LhVOGbGHkmDXJ5Z/4NjRjyXT7VBZlgaER XgHfT0kooCy66MAVhjpWavuYTe1/s4BkofR1TI0U9fHuptj8QGFJ7oTNEPh38/o3 0E53XBWqI9VdXN3t8nzS8ul7gwFijkjlei/Vryq6AvUGKMYiBwPpDg8ke+AiG+T5 G72uEeQBJ2UkZlzISALOoHHZaaZ7wgJ3sFfYt3AfcQL0LeAgs7rWk1NztOjERcd1 bQXF24HweFoGCJGrXeDATZumn2dVYuSleHEdTfRCIMk9SewRICdL02U5UJJNrsQT Yh6MLpGLBw== =QYmE -----END PGP SIGNATURE----- --Apple-Mail=_052FB60A-7917-462B-A4D0-F3274E3EB14F--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?77878DF1-8266-406D-BD76-02295AE09CF0>