Visit Open-E website
Results 1 to 8 of 8

Thread: Encrypted volumes in Open-E

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. 10-20-2008, 06:15 PM #1
    Flancer
    Flancer is offline Newbie
    Join Date
    Oct 2008
    Posts
    4

    Default

    You have made big investigation of this question.
    But in real life everything is little bit easily. I have a DAS with encrypted volumes. When I want to mount an encrypted volume, I manually type the password and add a key file (in USB stick, for instance). Tell me, why I can not do same in SAN (not in NAS)? The way of the entering password, for instance, is SSH. a key file can be added by the any way (on network, on storage between many other files, on USB stick or something else).
    Of course, when the volume is mounted, it is decrypted and I need to use another way to make it safe. But when it is dismounted (the storage is switched off), I am absolutely sure that it is in safe condition.
    Reply With Quote Reply With Quote
  2. 10-20-2008, 06:29 PM #2
    jmo
    jmo is offline Whizz Kid
    Join Date
    May 2008
    Location
    Hamburg, Germany
    Posts
    108

    Default

    Quote Originally Posted by Flancer
    [...] When I want to mount an encrypted volume, I manually type the password and add a key file (in USB stick, for instance). Tell me, why I can not do same in SAN (not in NAS)? The way of the entering password, for instance, is SSH. a key file can be added by the any way (on network, on storage between many other files, on USB stick or something else).[...]
    I'm sure it could be done this way. The question is: How many users are out there that will use a block device (on SAN, big bucks) without having an automated way to mount the device? Or in other words: What major advantage is there over simply doing the encryption at the initiator's side?

    When using NAS, there is no simple way of doing client-side encryption (unless, of course, you misuse the NAS to store a file that is used as a virtual block device by the client ). When using a SAN, there is - iirc all major OSes support encrypted file systems. So why the hassle (for the SAN vendor) of implementing it the complicated way and/or (for the user) of having to transfer keys to the SAN device (typically locked up in the CC) and telnet/ssh/WebUI to the SAN device to unlock prior to mounting?

    I for sure prefer simple solutions - in my case, that would be a simple block device on the SAN and handling the encryption on the initiator's end. YMMV

    With regards,
    Jens
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules