What is ZFS?
ZFS is not just a volume manager and filesystem, it is also a disk multiplexer - a better term for 'RAID' since RAID0 is not redundant and JBOD/spanning/concatenating has just as much reason to be called RAID if RAID0 is permitted. All these storage schemes do is translate logical LBA to physical LBA across multiple disks, and add error correction (Mirror/Hamming/Parity) to improve effective Bit-Error-Rate.
But the storage schemes ZFS employs are strictly speaking no RAID, because no RAID engine could ever mimic what ZFS does. Because ZFS combines the filesystem with the disk multiplexer, it does not have to follow a static scheme like traditional RAID does, but rather improvise. The result is a dynamic stripesize for RAID-Z family, which is impossible for traditional RAID. The RAID engine has no knowledge about when the stripesize will be higher or lower - unless it will read the filesystem itself and try to figure it out. Thus, strictly speaking ZFS is not RAID.
But of course it falls in the software 'RAID' category.
Encryption and ZFS
Proprietary code exists to integrate encryption in ZFS, but is unusable due to its proprietary nature. But there are other options:
- encrypt whole disks and give them to ZFS
- encrypt disk partitions and give them to ZFS, this allows nice label names like 'gpt/SamsungDisk12.eli' where the .eli suffix is the decrypted version of the disk
- use unencrypted pool but encrypt ZFS volumes instead, that are shared across the network with iSCSI
The latter is the most easy to accomplish, and does not require the whole pool to be encrypted at creation time, and be decrypted every time. You can encrypt and decrypt the ZVOL (ZFS volume) at any time, after shutting down iSCSI of course. Technically, you can also put another ZFS pool on the encrypted ZFS volume, but i'm not sure whether this kind of nested ZFS will run stable under stress.
Hope any of this is useful, good luck!
