I'm new to TrueNAS and ZFS. I'm planning to set up two servers, in two geographically separate locations. I want them to mirror each other (via internet), and at least one to have RAID capability switched on. I want data on both systems to be encrypted. I want this in case someone gains physical access to the drives and removes them: I want them to be useless in respect of accessing data. I need this facility for GDPR and other reasons. I'm aware that OpenZFS has native encryption.
I'm considering the best way to achieve encryption of my data. I could create large Veracrypt file containers (say 1TB each) and mount them on my desktop machine when I need access, and I think this is my preferred course of action. I have a concern that each modification will necessitate a massive (whole container) file upload for syncing with the other server. Does TrueNAS do some kind of delta synching (only that part of the file that has been changed is synched)?
I'm aware of the potential inefficiency in this choice in respect of wasted hard drive disk space. I'm familiar with Veracrypt and use it every day, and I'm nowhere near as familiar with TrueNAS, ZFS etc. I'm aware that my fear of trying something different may be driving my choice. I cannot afford to lose the data. I do want to make sure that the best aspects of TrueNAS and ZFS are utilised and as I understand it LUKS/Geli prevent access to the underlying hardware believe that may not work for me. I'm good at keeping access keys/passphrases securely.
Any thoughts and suggestions would be welcome.
I'm considering the best way to achieve encryption of my data. I could create large Veracrypt file containers (say 1TB each) and mount them on my desktop machine when I need access, and I think this is my preferred course of action. I have a concern that each modification will necessitate a massive (whole container) file upload for syncing with the other server. Does TrueNAS do some kind of delta synching (only that part of the file that has been changed is synched)?
I'm aware of the potential inefficiency in this choice in respect of wasted hard drive disk space. I'm familiar with Veracrypt and use it every day, and I'm nowhere near as familiar with TrueNAS, ZFS etc. I'm aware that my fear of trying something different may be driving my choice. I cannot afford to lose the data. I do want to make sure that the best aspects of TrueNAS and ZFS are utilised and as I understand it LUKS/Geli prevent access to the underlying hardware believe that may not work for me. I'm good at keeping access keys/passphrases securely.
Any thoughts and suggestions would be welcome.