drbd-user March 2010 archive
Main Archive Page > Month Archives  > drbd-user archives
drbd-user: Re: [DRBD-user] local mirror

Re: [DRBD-user] local mirror

From: Lars Ellenberg <lars.ellenberg_at_nospam>
Date: Thu Mar 04 2010 - 15:55:07 GMT
To: drbd-user@lists.linbit.com

On Mon, Mar 01, 2010 at 01:16:52PM +0100, Christian Iversen wrote:
> On 2010-02-27 18:57, Dawid Marcin Grzesiak wrote:
> >Hi,
> >
> >I just wonder if I can use DRBD to asynchronously mirror two block
> >devices locally.
> >
> >For example I want to have a primary (dedicated, so quite secure) server
> >and on the other hand secondary (VPS, so quite insecure).
> >
> >I want to mirror block devices, but I want to keep it encrypted on VPS,
> >but not on dedicated server.
> >
> >Sure I can set encrypted partition up on VPS and share it via DRBD, but
> >then the encryption key will need to be entered and will be stored in
> >the RAM on VPS.
> >
> >Better is to map plain block device from secondary server on the primary
> >server, setup the encrypted partition there (thus encryption key never
> >leave the primary server) and then setup data mirroring locally.
> >
> >I imagine that it is possible with NBD and RAID, but:
> >1. I'm worrying if NBD network protocol is stable enough.
> >2. This will be synchronized mirroring.
> >3. What about resynch? Is it have intelligent algorithm to make it fast
> >and save bandwidth?
> >
> >Is it possible with DRBD?
>
> In a sense, yes.
>
> You can set up the VPS to export your block device with iSCSI.
>
> Then use an iSCSI-client on your server, to import your block device
> into your local (primary) servers namespace. There, you use
> cryptsetup with LUKS to give access to the decrypted block device.
>
> Then just use DRBD between "/dev/localdisk" and
> "/dev/decrypted-remote-disk".
>
> This should work fine, albeit probably slowly.
>
> If you don't know iSCSI, it's kind of like NBD but 100 times better :)

Others would put this the other way around.
Probably a matter of preference, requirements and environment.

Also, DRBD is for replication between two nodes,
not for replication between two block devies on the same node.

So if that is what you are up to, you rather want to
look at sofware raid more closely again.
man mdadm, specifically: bitmap, write-mostly, write-behind ...

Yes, we are not only about DRBD.
We know some other stuff as well ;-)
Just use the right tool for the job.

-- : Lars Ellenberg : LINBIT | Your Way to High Availability : DRBD/HA support and consulting http://www.linbit.com DRBD® and LINBIT® are registered trademarks of LINBIT, Austria. __ please don't Cc me, but send to list -- I'm subscribed _______________________________________________ drbd-user mailing list drbd-user@lists.linbit.com http://lists.linbit.com/mailman/listinfo/drbd-user