Re: ASM on encrypted filesystem files

I have not used dm-crypt, but interesting topic. The first link I found says that dm-crypt is for block devices, not filesystems. https://en.wikipedia.org/wiki/Dm-crypt
https://wiki.archlinux.org/title/dm-crypt

Since they appear as block devices, should creating ASM volumes on these dm-crypt devices solve the problem then?

On Wed, May 17, 2023 at 3:23 PM Tim Gorman <tim.evdbt_at_gmail.com> wrote:

> Friends and colleagues,
>
> I have a customer who wishes to use Linux DM-CRYPT to encrypt all
> filesystem contents on their Linux systems. They wish for DM-CRYPT to also
> cover their Oracle database files on ASM which they note uses "raw" block
> devices not based on any filesystem, which they feel leaves them choosing
> between using DM-CRYPT and ASM.
>
> Yes, we've discussed Oracle TDE, and they prefer not to use it. That
> conversation is a dead end.
>
> I know that it is possible to pre-create empty files on remote NFS
> filesystems and then use those as disk files for ASM, instead of block
> devices, as described in Oracle Support note #731775.1 (entitled "*How To
> Create ASM Diskgroups using NFS/NAS Files*
> <https://support.oracle.com/epmos/faces/DocumentDisplay?id=731775.1>").
> However, I can't find a similar support article describing the same method
> for local filesystems.
>
> Has anyone found such a support article, or perhaps use local filesystem
> files as ASM disk?
>
> Please let me know what you think?
>
> Thanks!
>
> -Tim
>
>
>

-- 
Ilmar Kerm

--
http://www.freelists.org/webpage/oracle-l