I would like to create a dedicated physical server which will work as a NAS & fileserver inside my LAN (as well as through VPN).
However I need to fully encrypt the drives (both the system ones and the data ones, as I think I'll use two zpools). Since ZFS encryption is not supported in version 28 which is what FreeBSD supports (and OpenIndiana, Nexenta, …) the only possibility seems to be to use GELI.
Now I'm thinking whethever adding a GELI layer on top of ZFS could lead to data loss. Some posts on the internet (though not many) seems to point this problem out. In particular, ZFS seems to be a far superior filesystem than any other in the Unix/Linux world (for instance ext4, xfs as well as btrfs) considering the integration of RAID(Z) and checksumming.
Now adding GELI on top of that seems to me just like adding LUKS on top of a RAID setup, though I did never experienced Geli and don't know its reliability. Performance is not a main issue, though I'd rather not have a 1MB/s transfer on my LAN (>20MB/s will be acceptable though).
I never got outside my Linux world so I don't have experiences with FreeBSD or the Solaris derivatives. I'd rather not use Solaris Express 11 because of the paid (expensive) support problem. This will be a computer at home. I'll be willing to learn them if necessary.
The server will need to do basics NAS tasks (in particular samba/cifs file sharing, I don't need the ones integrated with the newer ZFS versions).
After considering the encryption layer, will GELI + ZFS be more or less reliable than LUKS + LVM + ext4? I asked in another post on superuser and they suggested FreeBSD/Solaris(es) because of ZFS, though we did not talk about encryption. Don't know if OpenIndiana and the likes support a block encryption method like LUKS or GELI.
Furthermore will it be easy to add a disk to the array, grow the RAID(Z) and the filesystem as we do in Linux (for instance here)?
Best Answer
You should be able to use one of the geom providers for encryption with ZFS, but you should encrypt the devices below the ZFS. I'd probably setup geli and then make a gpt partition inside of type freebsd-zfs and then go from there.
I recommend you actually test both solutions (freebsd and linux) and decide based on sys admin time and performance which makes sense for you.