Three vendors of network-attached storage, Qnap, Synology, and Thecus, sent over Intel Atom-based NAS servers to test the effects of protecting your data via encryption. But performance and configuration options are not identical, as our testing shows.
The Qnap TS-459 Pro also comes with a dual-core Intel Atom D510 CPU, 1 GB DDR2-RAM, iSCSI functionality, and four hard drive bays that can be used in the RAID modes 0, 1, 5, and 6. The NAS device offers good sequential data transfer rates of about 100 MB/s under normal operation, depending a bit on the RAID mode.
Encryption: Password or Key File
Just like the Thecus device, Qnap also uses partition-level encryption using standard tools like Linux dm-crypt and cryptsetup. You do not have to rely on the command prompt to set it up though, as this can be done easily via the Web-based interface. You cannot enable encryption for existing RAID partitions; it has to be done at the time of creation.
The setup process is rather similar to activating encryption on the Thecus NAS.
You have to activate the encryption feature and select a password when creating a RAID array with encryption enabled. The option “Save Encryption Key” saves the password on the NAS device, which means that the encrypted partition will be automatically opened and integrated into the system configuration after rebooting. Anyone who recognizes the potential vulnerability in this can disable the option and instead unlock the encrypted partition by entering the password manually in the Web administration interface after rebooting the NAS.
We also get the usual warning that confirming the action will erase all data on the hard drives.
After the encrypted RAID array has been created, changes to the encryption configuration can be made through the menu item “Encrypted File System.” It is possible to delete a stored key from the configuration or to change the password of an encrypted RAID array.
If the encryption password is not saved, it must be input manually via the Web interface, or you can use a key file instead.