Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.
On 2010-02-27 18:57, Dawid Marcin Grzesiak wrote: > Hi, > > I just wonder if I can use DRBD to asynchronously mirror two block > devices locally. > > For example I want to have a primary (dedicated, so quite secure) server > and on the other hand secondary (VPS, so quite insecure). > > I want to mirror block devices, but I want to keep it encrypted on VPS, > but not on dedicated server. > > Sure I can set encrypted partition up on VPS and share it via DRBD, but > then the encryption key will need to be entered and will be stored in > the RAM on VPS. > > Better is to map plain block device from secondary server on the primary > server, setup the encrypted partition there (thus encryption key never > leave the primary server) and then setup data mirroring locally. > > I imagine that it is possible with NBD and RAID, but: > 1. I'm worrying if NBD network protocol is stable enough. > 2. This will be synchronized mirroring. > 3. What about resynch? Is it have intelligent algorithm to make it fast > and save bandwidth? > > Is it possible with DRBD? In a sense, yes. You can set up the VPS to export your block device with iSCSI. Then use an iSCSI-client on your server, to import your block device into your local (primary) servers namespace. There, you use cryptsetup with LUKS to give access to the decrypted block device. Then just use DRBD between "/dev/localdisk" and "/dev/decrypted-remote-disk". This should work fine, albeit probably slowly. If you don't know iSCSI, it's kind of like NBD but 100 times better :) Oh, and DRBD will provide the intelligent resync mechanism for you. -- Med venlig hilsen Christian Iversen