I recently set up a server at my buddies house for remote, off-site, backups
using ZFS send/recv. Since SmartOS is lacking any
sort of encryption for ZFS I instead used FreeBSD with
geli. This way, I get
the benefits of ZFS incremental send and receive for doing backups, with the security
of knowing my data is encrypted on disk.
To ensure maximum security, I made sure the passphrase for unlocking the drives was not stored
anywhere on the server itself, and instead would require manual intervention on my part
to decrypt the drives anytime the server is rebooted. To do this, I created 2 pools:
zroot - the main pool, mounted at
paper - the pool used for backups, mounted at
The server will boot into the operating system automatically, and from there I
must run a script to unlock the drives and import the
PS: The zpool is called
paper because the server is called
paperdyne. That name
was cleverly derived from dataDyne (my storage server)
and @papertigerss (my buddy whose house this server now lives).
The first step, of course, is to install FreeBSD. Go to the website, make a
bootable USB (or DVD, or CD, or whatever) and install it.