"Simple" question: Is is possible to set up the ReadyNAS 104 (FW 6.6.0) to use a TANG server to store and provide the decryption key(s)?
We have a local TANG server which is used by some of our Centos boxes so that should the encrypted machine be stolen, it won't be able to reach the TANG server and therefore, the data remains in the encrypted state and un-accessible to the would-be thieves.
I see it's possible to encrypt a ReadyNAS volume but I also note that it needs a USB key to be inserted at boot to decrypt - not very sysadmin friendly as should the power be lost and restored, they'd have to journey to our data centre to plug a USB drive in. Of course, the other option is to leave the key plugged in but, if the machine was physically stolen, it'd just decrypt on boot - thus making encryption totally pointless!
Oh and although the server resides in a building you need an access card to get in, followed by a physical key'd door and followed by a code-lock'd door, the chances of it being physically stolen are slim but given that it's all possible with social engineering, we would like to just err on the side of caution.
