I just don't want to waste any performance and in my opinion SED can do it transparently, because they already do it all the time, but the encryption key is by default not secured with a password. At least that is how I understood it. Doing dmcrypt still goes through the CPU IIRC. But basically I only want to be able to send disks back to HPE when they shipped a bunch of ... check notes ... top performing and reliable enterprise disks. But I have to say that the idea of handing the SED/OPAL stuff over to dmcrypt is very promising :) Am Mi., 28. Aug. 2024 um 17:02 Uhr schrieb Anthony D'Atri < anthony.datri@xxxxxxxxx>: > > > > is it possible to somehow distinguish self encrypting drives from drives > > that are lacking the support in the orchestrator. > > > > So I don't encrypt them twice :) > > I believe that an osd_spec can be bound to drive models, so you could > differentiate that way. > > You could also just not use SED/OPAL and rely on dmcrypt across the board, > but probably you paid extra for drives for a reason and have a key > management scheme. > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx > To unsubscribe send an email to ceph-users-leave@xxxxxxx > -- Die Selbsthilfegruppe "UTF-8-Probleme" trifft sich diesmal abweichend im groüen Saal. _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |