Using Clevis / TANG Server for Encryption
As per this link on the ReadyNAS community, someone posted and suggested that I should add it as an idea here.
The premise is quite simple really, allow the RN machines to use Clevis and a TANG server to handle the decryption of volumes on boot. Although it currently (as per fw 6.6.0) allows you to encrypt volumes, the key has to be stored on a USB drive which has to be present on boot. Should there be a power failure for example, the poor sys-admin needs to journey to the data centre to plug it in. The alternative is leave the USB key in all the time and that's not really a viable alternative, should the machine be stolen somehow, they just need to boot it to access the data!
Okay so over to you guys I guess, fingers crossed it'll be implimented in the near future!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.