× NETGEAR will be terminating ReadyCLOUD service by April 1st, 2023. For more details click here.
Reply

Encrypted X-RAID and horizontal expansion.

Radjin
Aspirant

Encrypted X-RAID and horizontal expansion.

I realize the answer must be here somewhere but hours of looking has not reveiled it. I purchased two 316 units with 4 12tb drives each. Eventually one will be local and one remote synced with Replicate. If I understand it correctly I need to do the following to have an encripted X-RAID single volume system.

 

1. Install drives and do a system setup.

2. Convert the system to Flex-RAID and choose encryption.

3. Convert back X-RAID.

 

Please correct me if I am wrong.

 

Now if I expand horziontaly by adding a disk to each what happens? Does the system do as the manual says and extend the X-RAID volume or does the encryption add complications?

 

Thanks for any assistance.

Model: RN31663D|ReadyNAS 316 6-Bay
Message 1 of 9
StephenB
Guru

Re: Encrypted X-RAID and horizontal expansion.

The software manual is often a useful guide Smiley Surprised  http://www.downloads.netgear.com/files/GDC/READYNAS-100/READYNAS_OS_6_SM_EN.pdf

 

You'll need to destroy the volume after you switch to flexraid, and then create a new one with encryption.  

 

 


Radjin wrote:

 

Now if I expand horziontaly by adding a disk to each what happens? Does the system do as the manual says and extend the X-RAID volume or does the encryption add complications?

It does add complications which unfortunately aren't documented.  It will expand horizontally, but it won't expand vertically.  So your disks will need to be the same size.

 

In my opinion volume encryption is of limited value with a ReadyNAS.  The USB encryption key needs to be handy in order to boot the NAS.  If the key is inserted (or simply right near the NAS), anyone with the right knowledge can do an OS reinstall and gain administrative access to the ReadyNAS over the network - giving them full access to your data.  The encryption key likely will need to remain inserted in your remote NAS. 

 

Since volume encryption does have some downsides, it's worth rethinking why you want it.

 

Message 2 of 9
Radjin
Aspirant

Re: Encrypted X-RAID and horizontal expansion.

Thanks for the reply.  I have a copy of the manuel; in fact every manual related to my devices. 

 

Why whould encryption not be as convenient as x-raid in today’s environment?  As for why I choose to encrypt is to keep my and my clients data secure.  Here at the office it is pretty secure even though the determined can get in any place, but the remote unit will be totally out of my direct control until I visit the location, so having it encrypted is mandatory. 

 

So by your reply I can expand the encrypted x-raid volume just by adding in another disk of the same size? It’s the original setup of the encrypted x-raid volume that is the pain.

Message 3 of 9
StephenB
Guru

Re: Encrypted X-RAID and horizontal expansion.


@Radjin wrote:

 

So by your reply I can expand the encrypted x-raid volume just by adding in another disk of the same size? It’s the original setup of the encrypted x-raid volume that is the pain.


Also, encryption doesn't allow vertical expansion, so you won't be able to increase the volume size by swapping in larger disks later on.

 


@Radjin wrote:

 

Why whould encryption not be as convenient as x-raid in today’s environment?  

Note I don't work for Netgear.  I agree volume encryption should be convenient, but in practice it isn't. 

 


@Radjin wrote:

Here at the office it is pretty secure even though the determined can get in any place, but the remote unit will be totally out of my direct control until I visit the location,


Well, the USB encryption key will need to be inserted into the remote NAS - otherwise you won't be able to access the volume when the NAS reboots.  Either you need to trust someone at the remote location with the USB encryption key (and coordinate with that person every time a reboot happens), or you will just leave the encryption key inserted in the NAS 24x7.  If the remote location is nearby, then you could keep the encryption key yourself, but you will need to be able to go to that site regularly, and sometimes w/o notice.

 

If it's not practical for you to keep the USB key in your personal possession, then the security of the remote unit won't be under your direct control - it depends on keeping the USB key safe and not with the NAS.  In practice that isn't easy to do, especially when you have power interruptions or need to reboot the NAS.  If you do proceed with this, you should make sure you deploy a UPS at the remote site to minimize the risk of reboots due to power glitches.  (In general I recommend a UPS for all ReadyNAS - unexpected power cuts can lead to data loss).

 

And the bigger threat to your client data is the network security, and volume encryption makes no difference there.

 

Another approach on this is to use something like VeraCrypt, which encrypts in the client PC.  The NAS doesn't know the encryption key, so the encryption is completely under your control.  The data can only be decrypted on a PC that has the key.  Only the encrypted data flows over the network. 

 

If you are the only user,  you can similarly use encrypted VHD (Windows) or encrypted iSCSI LUNs. 

 

If you go with this alternative approach (using an encrypted container), ReadyDR would be a good backup method - it's more efficient than rsync at handling block storage.

 

Message 4 of 9
Radjin
Aspirant

Re: Encrypted X-RAID and horizontal expansion.

Currently I mirror both my OS and data drives for easy switch should there be a failure, then I have a versioned archive backup with everything encrypted.  I had planned on letting the local NAS be my mirror for the data drive.  But after reading advice from far more experienced users with these units I am thinking I should keep my local mirrors as they are and use the NAS for my encrypted, versioned archive which would be replicated to the remote unit.  The archive data is deduplicated, compressed and encrypted so should be quite safe even if stored on non encrypted drives.  This will allow me to keep the easy functionality of the x-raid and expand as I need.

 

I’m open to other options if they are available but I purchased these units for their ease of use and expansion.  Perhaps Netgear will bring the OS up to date, encryption wise, in the not to distance future.

 

Thanks for the replies.  

Message 5 of 9
Sandshark
Sensei

Re: Encrypted X-RAID and horizontal expansion.

One flaw in your plan.  You say you use Replicate for it.  Replicate is being de-activated. 

Message 6 of 9
Radjin
Aspirant

Re: Encrypted X-RAID and horizontal expansion.

I didn’t see that memo in the manuals. So what is to replace it?

Message 7 of 9
StephenB
Guru

Re: Encrypted X-RAID and horizontal expansion.


@Radjin wrote:

I didn’t see that memo in the manuals. So what is to replace it?


ReadyDR (which will run on RN316 NAS).

Message 8 of 9
Radjin
Aspirant

Re: Encrypted X-RAID and horizontal expansion.

As long as I can mirror the local unit to the remote unit securely and automatically without requiring my computer to do the work the plan doesn’t need to change, whatever they call the software.

Message 9 of 9
Top Contributors
Discussion stats
  • 8 replies
  • 794 views
  • 0 kudos
  • 3 in conversation
Announcements