Off-site replication target with encryption

[petr]

Hi,

I've got slightly unusual use-case. I was given access to a place with a good internet connection where I could place my off-site backup machine. The problem is, that physical security cannot really be guaranteed - it's not likely that anything is going to happen but I would not like the data to sit there unencrypted.

I am also not after whole-disk encryption - there is no reason for the other machine to actually see what the data is - it is sufficient that it would hold only the encrypted copy, no need for the machine to have even access to the decrypted content.

So effectively, I am after "pre-internet" encryption on my outgoing data but I would also like to retain the snapshots and other ZFS features. What would be the best thing I could do?

Best,

Petr

 

[jgreco]

So you want the ZFS on the remote machine to take care of ZFS features but you do not want to reveal what the data is to the remote ZFS machine....?

 

[depasseg]

In order to suggest something, what do you see as the physical threat at the remote end? Cli access, theft, data manipulation, unauthorized sharing? How are you using the local freenas? Zvols? Cifs? Nfs? Could you use a file level encryption tool on the local end?

 

[petr]

So you want the ZFS on the remote machine to take care of ZFS features but you do not want to reveal what the data is to the remote ZFS machine....?

Not necessarily - I do not need the remote machine to be aware of the ZFS features - they just need to be recoverable when restore is needed.

In order to suggest something, what do you see as the physical threat at the remote end? Cli access, theft, data manipulation, unauthorized sharing? How are you using the local freenas? Zvols? Cifs? Nfs? Could you use a file level encryption tool on the local end?

Physical access is the best description of the thread - the machine will be placed in a space where access cannot be easily controlled. As I've said, I do not need it to have any file sharing on the remote network, I would like it just to act as a silo holding the backup.

Local FreeNAS is hosting HFS and AFP shares mainly, and I would like to find a solution that would not require me to add unnecessary complexity to the local FreeNAS.

 

[depasseg]

If you don't want the other machine to have any access at all, then you will need to encrypt at a higher level. This would mean encrypting files using something like truecrypt. The problem with that is that it doesn't support your sharing needs very well (read: at all).

If it were me. I would use the dataset encryption option on the remote system (and possibly without a passphrase so it can be mounted with your intervention). I would disable all unnecessary services. Set a very strong user password. Configure SSH to tunnel the management GUI. and log the heck out of it (unauthorized login attempts).

 

[depasseg]

After thinking about this a little more, you could use something backup software like Crashplan to backup your primary machine to the remote location. Or if you had the space available locally, backup your primary system using crashplan locally, and then use ZFS replication to mirror the backup dataset to the remote system.