Add a third disk to encrypted mirror volume

[Mr_N]

I would have thought people using it would have a good reason to use it and therefore also have a good reason to understand it and stay uptodate on it :)

 

[gpsguy]

Unfortunately a lot of our users don't RTFM. It's sad, but true


Sent from my iPhone using Tapatalk

 

[cyberjock]

I would have thought people using it would have a good reason to use it and therefore also have a good reason to understand it and stay uptodate on it :)

Hell no. Our average user shows up in the forums with only the desire to get it working, then they disappear. Next time we hear from them its often because they've already done a series of steps resulting in permanent loss of the zpool and they're asking for advice on how to recover. Of course, at that point it's too late. :(

 

[jdong]

Hell no. Our average user shows up in the forums with only the desire to get it working, then they disappear. Next time we hear from them its often because they've already done a series of steps resulting in permanent loss of the zpool and they're asking for advice on how to recover. Of course, at that point it's too late. :(

Agreed. And specifically with regards to encryption, I think a lot of consumers are used to other products where "full disk encryption" has been productized into something as straightforward as 1 checkbox to turn it on + 1 password (or even your standard OS login credentials). FreeNAS's encryption isn't that straightforward, and I would guess users would typically find that out the hard way when they've nearly lost all their data. And this isn't criticizing FreeNAS — it's just saying, users might mistakenly think this is something so simple and familiar from other products that why would you read the manual? In my opinion, turning on encryption should direct you to read the manual (especially as it pertains to replacing disks, when you need to rekey, and the importance of saving the recovery key) to reduce the element of surprise.

 

[m0nkey_]

And specifically with regards to encryption, I think a lot of consumers are used to other products where "full disk encryption" has been productized into something as straightforward as 1 checkbox to turn it on + 1 password

OS X does this. Apple did a good job with it. It also tells you to backup your recovery key, but how many people have actually bothered to do that? Okay, you can store it in the Apple cloud, but that then begins to defeat the purpose of FDE.

In my opinion, turning on encryption should direct you to read the manual (especially as it pertains to replacing disks, when you need to rekey, and the importance of saving the recovery key) to reduce the element of surprise.

People need to do this from the get go. I know when I'm deploying new software or product to contain valuable information, I read the manual. Although, that's not to say I haven't learnt from past mistakes. I used to dive right in without looking at the docs, get horribly confused and then ultimately give up.

I do believe there should be a link to the documentation upon downloading the software at http://www.freenas.org/download-freenas-release/, right now it only links to the change log and release notes. However, in the GUI there is already a link to the documentation.

 

[jdong]

OS X does this. Apple did a good job with it. It also tell you to backup your recovery key, but how many people have actually bothered to do that? Okay, you can store it in the Apple cloud, but that then begins to defeat the purpose of FDE.

People need to do this from the get go. I know when I'm deploying new software or product to contain valuable information, I read the manual. Although, that's not to say I haven't learnt from past mistakes. I used to dive right in without looking at the docs, get horribly confused and then ultimately give up.

I do believe there should be a link to the documentation upon downloading the software at http://www.freenas.org/download-freenas-release/, right now it only links to the change log and release notes. However, in the GUI there is already a link to the documentation.

Yeah, I wasn't gonna name names as far as who I think does it well. The Apple recovery key is also more conceptually simple because it is just a 25-digit code that looks like a password, while hiding the FreeNAS-like internals where there's one or two giant key files protected by a smaller symmetric key (your password or recovery password), and you never have to manually rekey or have your recovery key changed after any sort of storage operations.

But yeah, I totally agree with you that one should read the whole manual before just assuming that their mission-critical data is intact, but the GUI could still do a better job of giving the user a heads-up when something unintuitive is about to happen. For example, when you add a vdev or replace a disk in your encrypted pool, it could pop up a warning and say "Did you know that unless you click Re-key, set passphrase, and download recovery key, you may permanently lose your pool if you reboot now? *see link to manual* for more details"

 

[gpsguy]

Supposedly iXsystems will be redesigning the encryption piece in FreeNAS 10.


Sent from my iPhone using Tapatalk

 

[joeschmuck]

Supposedly iXsystems will be redesigning the encryption piece in FreeNAS 10.

Unfortunately that won't help the idiots out there who will just jump in and shoot from the hip, then screw up their system. I hope the new encryption system works well because I'd like to have a single dataset that can be encrypted and separate from other datasets. Not sure that will happen but I guess it's possible in the future. And keep in mind, I'm not up to date on FreeNAS 10, been out of the loop for a while.

 

[jgreco]

OS X does this. Apple did a good job with it. It also tells you to backup your recovery key, but how many people have actually bothered to do that?

I never did understand the point of that. Since you'd never store valuable data on a laptop, Mac, or PC, surely it'd just be a matter of wiping the disk and reinstalling. "Recovery?" For what?

Heh.