Best strategy for system dataset on encrypted FreeNAS

Peter4563 · October 24, 2020, 4:41pm

Hi there,

I’ve just setup a FreeNAS and I want to use encrypted pools with passphrase as I want to avoid someone getting access to the data in case of theft of the appliance.

After setting up a encrypted pool with 4 drives I noticed that the system dataset wants to live on that pool but with the system dataset on that pool I can not add a passphrase to the pool as this can only be done with pools without the system dataset.

Slight dilemma is that the manual does not recommend moving the system dataset onto the boot drive as flash memory degrades rather quickly when constantly being written to.

So here’s the question: Does this warning apply to NVMEs as well? (by boot drive as an NVME) and I can ignore that warning and move the system dataset to the boot drive?

Or:

Do I need to add another spinning drive just for the purpose of hosting the system dataset? Not really keen on doing that as it would waste an entire drive slot for minimal space needed for the system dataset on it’s own pool as I want all other pools encrypted with a pass phrase.

Or am I missing something? What’s the best strategy?

Also: Is this different on TrueNAS or the same?

Thanks for the advice!

LTS_Tom · October 25, 2020, 11:18am

USB Flash drives degrade quickly, not NVME or SATA solid state drives. Same answer applies to FreeNAS & TrueNAS.

Peter4563 · October 25, 2020, 11:31am

Thanks Tom!

So I guess I’m OK to move the system dataset (iocage) to the boot drive in terms of wear. Are there other pitfalls I might encounter further down the line by doing this that puts this workflow into the “better avoid” category? Like what happens if I have to do a re-install of FreeNAS, will that blow away the system dataset and lock myself out of my pool or other things to consider? (Provided I keep offline copies of the config and keys safe obviously)

Many thanks and I look forward to installing TrueNAS as soon as the bleeding edge dust has settled.

P.

LTS_Tom · October 25, 2020, 11:39am

Where you store the jails and the system data set are two different things. I would not put the jails anywhere there was not redundant storage.

Peter4563 · October 25, 2020, 11:42am

OK great. I’m not using jails, and haven’t planned to so far but that’s good to know.

Thanks again Tom!