From owner-freebsd-stable@FreeBSD.ORG Tue Jan 15 09:53:21 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 88F2A16A41A for ; Tue, 15 Jan 2008 09:53:21 +0000 (UTC) (envelope-from johan@stromnet.se) Received: from core.stromnet.se (core.stromnet.se [83.218.84.131]) by mx1.freebsd.org (Postfix) with ESMTP id 4C7DE13C45D for ; Tue, 15 Jan 2008 09:53:20 +0000 (UTC) (envelope-from johan@stromnet.se) Received: from localhost (unknown [83.218.84.135]) by core.stromnet.se (Postfix) with ESMTP id 056F6D46403; Tue, 15 Jan 2008 10:53:19 +0100 (CET) X-Virus-Scanned: amavisd-new at stromnet.se Received: from core.stromnet.se ([83.218.84.131]) by localhost (core.stromnet.se [83.218.84.135]) (amavisd-new, port 10024) with ESMTP id gyGCrrkplnaz; Tue, 15 Jan 2008 10:53:16 +0100 (CET) Received: from [172.28.1.102] (90-224-172-102-no129.tbcn.telia.com [90.224.172.102]) by core.stromnet.se (Postfix) with ESMTP id 8BCE1D46406; Tue, 15 Jan 2008 10:53:16 +0100 (CET) Mime-Version: 1.0 (Apple Message framework v753) Content-Type: text/plain; charset=ISO-8859-1; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: quoted-printable From: =?ISO-8859-1?Q?Johan_Str=F6m?= Date: Tue, 15 Jan 2008 10:52:56 +0100 To: freebsd-stable@freebsd.org X-Mailer: Apple Mail (2.753) Cc: emj@emj.se Subject: Backup solution suggestions X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jan 2008 09:53:21 -0000 Hello I'm looking to invest in some new hardware for backup. probably some =20 kind of NAS (a 4-disk 1U NAS or something in that size). The thing is =20= that I won't be the only one with access to this box, thus I would =20 like to secure my data. What I would like is encryption both for the transfer to the box, and =20= encrypted on disk. The data on disk should not be readable by anyone =20 but me (ie the other user(s) of the box should not be able to read =20 it, at least not without a big effort). So, I'm wondering what the best solution might be.. Tar'balling all =20 my stuff and encrypt it with GPG or something and just dump it there =20 with NFS would be the easiest solution, but maybe not the best. I've =20 been thinking about running a GELI image on my box, and store that on =20= the NAS over NFS.. would that be doable/secure/stable? Another idea would be to go with some regular 1U box running some =20 FBSD, doing scp to the box and geli local on the box but that would =20 require me to have the encryption keys on that box (which would be =20 shared so thus no good idea). Any other ideas? Being able to rsync to the backup storage instead of =20= just sending big encrypted tarballs would be very nice (and I guess =20 that would be possible with geli version) Maybe not the perfect list for this, but it is somewhat freebsd =20 specific and I'm sure some other ppl on the list have had simliar =20 situations :) -- Johan Str=F6m Stromnet johan@stromnet.se http://www.stromnet.se/