Benefit of different pools

[fisch_std]

I am unexperienced with freenas so my question might sound stupid to many of you.
I am not sure of the benefit of having multiple Pools instead of one pool with many redundant vdevs.
In my use case I have a raidZ1 vdev for my samba shares (precious data) then 2 pools with single disks (transmission and nextcloud)

My idea was to separate what was exposed to internet from the local stuff to make it more "secure".
I ended not using nextcloud a lot because of the absence of redundancy.

My question is : Would having nextcloud jail installed on the same pool as my local samba make it less "secure" ?

Thank you for your help.... :)

 

[sretalla]

Pool separation gives an opportunity to differ the pool layout (using striped mirrors vs RAIDZ2 VDEVs or a pool of SSDs, etc.)

If your aim is segregation, datasets already deliver that, so pool1/dataset1 and pool1/dataset2 is no real diference to pool1/datsaset1 and pool2/dataset2 from a "security" perspective if all of your security is done properly.

 

[fisch_std]

Thank you very much for the answer.
Is there a guide somewhere in the doc listing good security practice to "separate" datasets safely ?

 

[Heracles]

I have a raidZ1 vdev for my samba shares (precious data)

Raid-Z1 and precious data should never be together.

Raid-Z1 is not strong enough to protect your data and will betray you down the road. You should go for Raid-Z2 at least. Also, because you mentioned these data are precious, do you have backups ? Did you successfully restored that backup at least once ? Remember that no single server, either FreeNAS or other, can be more than a single point of failure. A complete backup plan requires the 3 copies rule explained in my signature.

Different pool is mostly for different pool-level options like encryption (that I discourage you to use) deduplication (as bad as encryption and to be avoided too but for different reasons) and similar.

 

[fisch_std]

Thank you for your feedback.
I have double local backup and 1 distant.
I take your comment on raidz1 into account but my financial are not very enthusiastic for raidz2.
Thanks again