Tag: ZFS

ZFS Disaster Recovery: Rebuilding and Mirroring a Pool After Top-Level Vdev Error

I recently learned a hard lesson about ZFS Vdev architecture after attempting to convert a single-disk pool into a mirror. By mistake, I added the new disk as a top-level Vdev, rather than attaching it as a mirror. As zpool remove and zpool detach both failed on the top-level Vdev, I was forced to destroy the pool and restore the data from a snapshot.

This process outlines how I recovered data and subsequently created a proper mirror configuration.

Continue reading ZFS Disaster Recovery: Rebuilding and Mirroring a Pool After Top-Level Vdev Error

ZFS Data Migration: Encrypting Existing Volumes with zfs send and zfs recv

Encrypting previously unencrypted data, such as a legacy ZFS pool, requires a reliable migration strategy. The most robust way to achieve this is by using the powerful ZFS data stream mechanism: zfs send and zfs recv.

The core procedure is simple: create a snapshot, transfer this snapshot, and receive it at a new, encrypted destination.

Continue reading ZFS Data Migration: Encrypting Existing Volumes with zfs send and zfs recv

ZFS Encryption: Mitigating Physical Attacks with Remote Key Management

This article documents the design and implementation of an external key management solution for ZFS encryption. This approach utilizes a custom PHP service to serve encryption keys on demand, specifically designed to mitigate physical and system-level compromises where local keys would fail. This deep dive explores the security architecture, the self-written PHP proof-of-concept (PoC), and the critical security caveats of building a custom Key Management System (KMS).

Continue reading ZFS Encryption: Mitigating Physical Attacks with Remote Key Management