Akinogor However, any data that has already been deduplicated will not be un-deduplicated. If portmapper is running and timeouts are still shown, force the use of TCP by including -o tcp in the mount command. However, deduplication is RAM intensive. This can be used to select a range of obsolete snapshots to be deleted with the Destroy icon at the bottom. If, however, the share will be used by several users, instead type in a group name and check the Create Group guife. When done, click Change button.

Author:Kijinn Mizahn
Language:English (Spanish)
Published (Last):5 May 2013
PDF File Size:1.64 Mb
ePub File Size:17.94 Mb
Price:Free* [*Free Regsitration Required]

Red The pool has a critical error. There is an option to Upgrade Pool. This button does not appear when the pool is running the latest version of the feature flags. Available space, disk details, and pool status is shown on the card.

The background color of the card indicates the pool status: Green: healthy or locked Yellow: unknown, offline, or degraded Red: faulted or removed 9. This type of encryption is primarily intended to protect against the risks of data being read or copied when the system is powered down, when the pool is locked, or when disks are physically stolen. Because data cannot be read without the key, encrypted disks containing sensitive data can be safely removed, reused, or discarded without secure wiping or physical destruction of the media.

This encryption method is not designed to protect against unauthorized access when the pool is already unlocked. Before sensitive data is stored on the system, ensure that only authorized users have access to the web interface and that permissions with appropriate restrictions are set on shares. To convert between these formats, both pools must be unlocked, and the data copied between them. The partition table on each disk is not encrypted, but only identifies the location of partitions on the disk.

On an encrypted pool, the data in each partition is encrypted. To use the drive firmware to completely encrypt the drive, see Self-Encrypting Drives.

Encrypted pools which do not have a passphrase are unlocked at startup. Pools with a passphrase remain locked until the user enters the passphrase to unlock them. Encrypted pools can be locked on demand by the user. They are automatically locked when the system is shut down.

This type of encryption is primarily useful for users wanting the ability to remove disks from the pool without having to first wipe the disks of any sensitive data. When discarding disks that still contain encrypted sensitive data, the encryption key must also be destroyed or securely deleted.

If the encryption key is not destroyed, it must be stored securely and kept physically separate from the discarded disks. If the encryption key is present on or with the discarded disks, or can be obtained by the same person who gains access to the disks, the data will be vulnerable to decryption. Protect the key with a strong passphrase and store all key backups securely. If the encryption key is lost, the data on the disks is inaccessible.

Always back up the key! Each pool has a separate encryption key. Technical details about how encryption key use, storage, and management are described in this forum post.

Data in memory, including ARC, is not encrypted. Swap data on disk is always encrypted. Drives added to an existing encrypted pool are encrypted with the same method specified when the pool was created. At present, there is no one-step way to encrypt an existing pool. The data must be copied to an existing or new encrypted pool. After that, the original pool and any unencrypted backup should be destroyed to prevent unauthorized access and any disks that contained unencrypted data should be wiped.

Hybrid pools are not supported. Added vdevs must match the existing encryption scheme. Extending a Pool automatically encrypts a new vdev being added to an existing encrypted pool. Encryption performance depends upon the number of disks encrypted. The more drives in an encrypted pool, the more encryption and decryption overhead, and the greater the impact on performance.

Encrypted pools composed of more than eight drives can suffer severe performance penalties. If encryption is desired, please benchmark such pools before using them in production. These processors can handle encryption of a small number of disks with negligible performance impact. They also retain performance better as the number of disks increases. Older processors without the AES-NI instructions see significant performance impact with even a single encrypted disk. This forum post compares the performance of various processors.

This key is required to read and decrypt any data on the pool. Encryption keys can also be downloaded as a safety measure, to allow decryption on a different system in the event of failure, or to allow the locally stored key to be deleted for extra security. Encryption keys can be optionally protected with a passphrase for additional security. The combination of encryption key location and whether a passphrase is used provide several different security scenarios: Key stored locally, no passphrase: the encrypted pool is decrypted and accessible when the system running.

If a passphrase is set on the key, it must also be entered before the encrypted pool can be accessed two factor authentication. Encrypted data cannot be accessed when the disks are removed or the system has been shut down. On a running system, encrypted data cannot be accessed when the pool is locked and the key is not available. If the key is protected with a passphrase, both the key and passphrase are required for decryption. Encryption applies to a pool, not individual users.

When a pool is unlocked, data is accessible to all users with permissions to access it. Note GELI uses two randomized encryption keys for each disk. The first has been discussed here. Loss of a disk master key due to disk corruption is equivalent to any other disk failure, and in a redundant pool, other disks will contain accessible copies of the uncorrupted data. While it is possible to separately back up disk master keys, it is usually not necessary or useful.

When a pool is locked, the data is not accessible until the pool is unlocked by supplying the passphrase.

For this reason, selecting this action prompts to confirm. Only the passphrase is used when both a passphrase and a recovery key are entered. The services listed in Restart Services will restart when the pool is unlocked. This allows them to see the new pool and share or access data on it. Individual services can be prevented from restarting by clicking the Restart Services drop-down and unselecting them. However, a service that is not restarted might not be able to access the unlocked pool.

Unlike a password, a passphrase can contain spaces and is typically a series of words. A good passphrase is easy to remember like the line to a song or piece of literature but hard to guess people you know should not be able to guess the passphrase.

Remember this passphrase. An encrypted pool cannot be reimported without it. In other words, if the passphrase is forgotten, the data on the pool can become inaccessible if it becomes necessary to reimport the pool.

Protect this passphrase, as anyone who knows it could reimport the encrypted pool, thwarting the reason for encrypting the disks in the first place. After setting or changing the passphrase, it is important to immediately create a new recovery key by clicking the Add Recovery Key button.

This way, if the passphrase is forgotten, the associated recovery key can be used instead. Add Recovery Key: generate a new recovery key. This recovery key can be used if the passphrase is forgotten. Always immediately add a recovery key whenever the passphrase is changed. Delete Recovery Key: Typically this is only performed when the administrator suspects that the current recovery key may be compromised.

Immediately create a new passphrase and recovery key. Note Protect the passphrase, recovery key, and encryption key. Do not reveal the passphrase to others. On the system containing the downloaded keys, take care that the system and its backups are protected.

Anyone who has the keys has the ability to re-import the disks if they are discarded or stolen. Warning If a re-key fails on a multi-disk system, an alert is generated. Do not ignore this alert as doing so may result in the loss of data.

Typically this is only performed when the administrator suspects that the current key may be compromised. This action also removes the current passphrase.

If the key is ever lost or destroyed and there is no backup key, the data on the disks is inaccessible. Before adding a cache or log device, refer to the ZFS Primer to determine if the system will benefit or suffer from the addition of the device.

This will reopen the pool creation screen described in the previous paragraph, but with the pool name displayed as read-only. These are drives that are connected to a pool, but not in use. If the pool experiences the failure of a data drive, the system uses the hot spare as a temporary replacement.

If the failed drive is replaced with a new drive, the hot spare drive is no longer needed and reverts to being a hot spare. If the failed drive is detached from the pool, the spare is promoted to a full member of the pool. Hot spares can be added to a pool during or after creation. To add a spare during pool creation, click the Add Spare.

Select the disk from Available Disks and use the right arrow next to Spare VDev to add it to the section. Danger When adding a spare disk to an encrypted pool the passphrase and recovery key are reset. Click Download Recovery Key after adding the spare device. A popup warning displays a reminder to stripe vdevs of the same size and type. Note If the existing pool is encrypted, an additional warning message shows a reminder that extending a pool resets the passphrase and recovery key.


FreeNAS 9.1 Setup Guide

Zular A Remove User button appears for custom users that have been added by the system administrator. Huide the entry for an rsync task to display buttons for Edit, Delete, or Run Now. During the import, the GELI keys can be entered as described above. This will create a mirrored boot device. Remember that there will be a system freenad of at least 8 GB and at least one data storage disk of at least 4 GB. Make certain that all data has been backed up and that the disk is no longer freens use. When multiple replications have been created, replication tasks run serially, one after another.



Gull Proper storage design is important for any NAS. Suggestions for testing disks before adding them to a RAID array can be found in this forum post https: Repeat 3 thru 6 for the rest of users, Admin, and Public dataset. An existing ZFS volume is required before creating a snapshot. To reorder the list, click the desired column name. Click on FreeNAS if uder did not change the name of the system.


Kerisar After done installing, Click on Jails on top of screen. This can be used to provide a secure connection to a cloud service providers. Since sysctl, loader, and rc. This menu is empty if there are no ZFS volumes yet. Shares are created to provide and control access to an area of storage. Usser status of a running scrub or the statistics from the last completed scrub can be seen by clicking the Volume Status button. Additional replications can use the same dedicated user that has already been set up.


Red The pool has a critical error. There is an option to Upgrade Pool. This button does not appear when the pool is running the latest version of the feature flags. Available space, disk details, and pool status is shown on the card. The background color of the card indicates the pool status: Green: healthy or locked Yellow: unknown, offline, or degraded Red: faulted or removed 9.

Related Articles