NEW: Encrypted ZFS Backups to the Cloud v0.3
By gbrunett-Oracle on Jun 16, 2009
From an end-user perspective, this change is mostly transparent. A few parameters were added or changed in the /etc/default/zfs-backup-to-s3 defaults file such as:
# ENC_PROVIDER defines the cryptographic services provider used for # encryption operations. Value values are "solaris" and "openssl". ENC_PROVIDER="solaris" # MAX_FILE_SIZE specifies the maximum file size that can be sent # to the Cloud storage provider without first splitting the file # up into chunks (of MAX_FILE_SIZE or less). This value is specified # in Kbytes. If this variable is 0 or not defined, then this service # will _not_ attempt to split the file into chunks. MAX_FILE_SIZE=40000000 # S3C_CRYPTO_CMD_NAME defines the fully qualified path to the # s3-crypto.ksh program which is used to perform compression, # encryption, and file splitting operations. S3C_CRYPTO_CMD_NAME="" # S3C_CLI_CMD_NAME defines the fully qualified path to the program # used to perform actual upload operations to the Cloud storage # provider. This program is called (indirectly) by the # s3-crypto.ksh program defined by the S3C_CRYPTO_CMD_NAME variable # above. S3C_CLI_CMD_NAME=""
It should be noted that compression is always enabled. If this turns out to be a problem, please let me know and we can add a parameter to control the behavior. I would like to try and keep the number of knobs under control, so I figured we would go for simplicity with this release and add additional functionality as necessary.
Encryption is always always enabled. In this release you have the choice of the OpenSSL or Solaris cryptographic providers. Note that just as with the Cloud Safety Box project, key labels are only supported for the Solaris cryptographic provider. The name of the algorithm to be used must match the algorithm name supported by whichever provider you have selected.
File splitting is enabled by default. This behavior can be changed by setting the MAX_FILE_SIZE parameter to 0 (off) or any positive integer value (representing a size in Kbytes).
All of the other changes are basic implementation details and should not impact the installation, configuration or use of the tool. If you have not had a chance, I would encourage you to check out the ZFS Automatic Snapshot as well as the latest version of this project so that you can begin storing compressed, encrypted ZFS backups into Amazon's Simple Storage Service (S3) or Sun's SunCloud Storage Service (when available).
As always, feedback and ideas are greatly appreciated! Come join the discussion at Project Kenai!