Solaris, Napp-it and ecrypted volumes...

Katama

New Member
Mar 9, 2011
8
0
1
So thanks in large part to STH, Patrick, and the folks in the forums (props for the nice Solaris/Napp-it tutorial Nitrobass), I've gotten a crash course in setting up my own micro datacenter. My Intel E3-12xx series Xeon system (with Vt-d - who knew how useful that could be??), I've got Solaris Express 11 with Napp-it running under ESXi amd have passed-through my LSI 2008 disks to it for network storage (samba?). Is there some faster way to share other than SMB?

Anyway, now that I've been able to play around a bit with my new setup, my real question is regarding encrypted volumes on ZFS. Using Napp-it, I've created several pools, and on one pool I've created a volume with encryption turned on. So it seems like I can lock and unlock the encrypted volume from the Napp-it web GUI. Unlocked I can mount the volume remotely. When it is locked, I cannot.

I think I am missing something here - meaning, there's got to be an easier way to lock/unlock the volume outside of using the Napp-it web interface. Is there? Does it ever auto-lock, or as long as the server is powered on, does it stay unlocked. I am not sure what the encryption buys you, other than security when the server is powered off. Anyone care to shed some light on this?

Thanks in advance...
 

nitrobass24

Moderator
Dec 26, 2010
1,087
131
63
TX
If an encrypted file system key is not available during boot time, the file system is not mounted automatically. For example, a file system with an encryption policy set to passphrase,prompt will not mount during boot time because the boot process is not interrupted to prompt for a passphrase. If you want to mount a file system with an encryption policy set to passphrase,prompt at boot time, you will need to either explicitly mount it with the zfs mount command and specify the passphrase or use the zfs key -l command to be prompted for the key after the system is booted.

Take a look here for some more info. http://download.oracle.com/docs/cd/E19963-01/html/821-1448/gkkih.html

EDIT: you said mounting remotely...

Have you tried sharing via CIFS or NFS?
 
Last edited:

Katama

New Member
Mar 9, 2011
8
0
1
Thanks Nitrobass for the info.

I am mounting remotely (in Windows), I assume this is via samba, not NFS..?.