Quote Originally Posted by Flancer
[...] When I want to mount an encrypted volume, I manually type the password and add a key file (in USB stick, for instance). Tell me, why I can not do same in SAN (not in NAS)? The way of the entering password, for instance, is SSH. a key file can be added by the any way (on network, on storage between many other files, on USB stick or something else).[...]
I'm sure it could be done this way. The question is: How many users are out there that will use a block device (on SAN, big bucks) without having an automated way to mount the device? Or in other words: What major advantage is there over simply doing the encryption at the initiator's side?

When using NAS, there is no simple way of doing client-side encryption (unless, of course, you misuse the NAS to store a file that is used as a virtual block device by the client ). When using a SAN, there is - iirc all major OSes support encrypted file systems. So why the hassle (for the SAN vendor) of implementing it the complicated way and/or (for the user) of having to transfer keys to the SAN device (typically locked up in the CC) and telnet/ssh/WebUI to the SAN device to unlock prior to mounting?

I for sure prefer simple solutions - in my case, that would be a simple block device on the SAN and handling the encryption on the initiator's end. YMMV

With regards,
Jens