Three vendors of network-attached storage, Qnap, Synology, and Thecus, sent over Intel Atom-based NAS servers to test the effects of protecting your data via encryption. But performance and configuration options are not identical, as our testing shows.
Once you start getting into higher-end networked storage devices for SMBs, you often see value-added features like the ability to encrypt stored data to improve security. There are different ways to achieve this, which depend on the vendor. Some employ encryption at the partition level, while others encrypt at the file level.
Since these features generate a lot of interest from professional users concerned about protecting sensitive information, we decided to take a closer look at the encryption capabilities of several NAS devices: the TS-459 Pro by Qnap, Synology’s DS1010+ Synology, and Thecus' N4200.
Acceleration Through a Dedicated Cryptography Unit?
The NAS devices in this roundup all use the symmetric-key encryption AES (Advanced Encryption Standard) with a key length of 256 bits. The encryption standard is generally considered very safe and is used industry-wide, as well as by authorities in various fields (it is approved by the U.S. government for encrypting documents, for example). It is not uncommon for USB flash drives or hard drives to employ AES, and because of the high computational cost of data encryption, these often come with dedicated encryption/decryption processors, greatly accelerating the cryptography process.
Intel’s addition AES-NI to its 32 nm Clarkdale-based Core i5 desktop CPUs, six-core Gulftown processors, and second-gen Core i5 and Core i7 chips impressively demonstrates how much dedicated acceleration hardware can increase the speed of the encryption/decryption process. More information about this can be found in the article AES-NI Performance Analyzed; Limited To 32 nm Core i5 CPUs.
Inevitable Performance Degradation Through Intel’s Atom?
Unfortunately, none of the tested devices from Synology, Thecus, or Qnap have a dedicated hardware cryptography unit for encrypting/decrypting data, revealing a huge potential drawback of data encryption directly on the network storage device. As a result, if you actually plan to use encryption, that functionality must be handled by the NAS device's host processor. In all three of our test cases, that's a meager Intel Atom D510, which of course lacks the AES-NI support that'd be needed to accelerate encryption in hardware.
The dual-core Atom processor is also tasked with handling XOR operations for the NAS devices’ RAID arrays. It is partly responsible for the data transfer rates of 100 MB/s and more (in gigabit Ethernet networks). Its network performance suffers once you apply the additional demands of compute-intensive cryptographic calculations, though. Just how much network performance do you lose when you trade throughput for security? Let's find out!
http://www.via.com.tw/en/initiatives/padlock/hardware.jsp
http://www.tomshardware.com/charts/multi-bay-nas-charts-2011/benchmarks,121.html
already has a performance overview so just add encryption test
Continue this as a series with better CPUs?
The risk of a packet sniffer on the LAN seems a lot higher than someone walking out the door with your NAS array (or a piece of it), so I think you need to weigh your priorities when you choose this type of solution. If you are ready to address the physical security of data on a network attached drive, you should already have taken steps to ensure the security of the data during transmission.
I tested it extensively first and use it now for 2 years on my regular drives, hardly a 'noticable' performance hit compared to the unencrypted drives in the PC and 'zero' errors or problems so far.
It shouldn't be a performance issue, but more a, is it worth the risk issue.
I have no enemies, but the value of knowing my data is private as often as possible, is a battle worth fighting.
BTW, the Thecus has a built in battery backup power supply, an eSata, and 2x10Gb ports. Very pricey, but worth it to me, thanks TH, brilliant concept and review =D
Any Via based solution would stomp the Atom into the ground when it comes to encrypted data. Heck you can throw together your own NAS with all the options you could possible want by building your own Mini-ITX server.
Anyhow Toms has demonstrated in the past that its writers / editors are journalists before their technicians. They go for the shock story rather then get technical and actually test things like a Via platform. Having done my own test with openssl, going from -engine dynamic to -engine padlock yielding over 1000% increase (yes more then 10x) in performance. I'm capable of reading / writing to an encrypted disk at full speed without the CPU taking a hit. For those of you who want to use SSD's Via is the ~only~ option as any other CPU would drag when trying to do the encryption at that speed.
Via Nano L2200 1.6Ghz (or the newer dual core ones)
1~2GB of DDR2 RAM (4 if you want to be adventurous)
JetWay motherboard, or the Via reference one (I prefer Jetway)
80GB SATA HDD (for OS)
Then purchase a MediaSonic four bay eSATA / USB 3.0 external raid enclosure. Connect the enclosure to your server using eSATA and share out whatever drive setup you want. The bonus is you can do RAID-5 and the enclosure has its own circuitry to do the XOR calculations, thus relieving your CPU from having to do this. Use Linux as your OS, or MS SBS with DiskCryptor (Truecrypt refuse's to support Via CPU's, DiskCryptor is a fork from the original TrueCrypt and supports all current HW encryptors). Now you get whatever you want out of this package, use it just for network resource sharing like printers and file shares. If you want you can add OpenVPN style support, OpenSSL now supports the padlock encryption engine and you can specify that inside the OpenVPN configuration. You can add your own DNS server, web server or whatever project you can dream up.
NAS devices like those above are for home "professionals" who don't know how to manage their own server, basically the iApple drones.
Also, your point makes no sense: if for the same amount of money you can build your own, then you are not saving a dime by doing so.
Finally, if you have built one, why don't you publish your own benchmarks, to put some weight behind your statements? Although, seeing how biased you are, I would not necessarily believe the numbers you put out. You have just shot your credibility in the foot (or rather, in the face) with your comment.
I point at encryption as a prime example. These NAS's are all using under powered Atom CPU's and therefor can not handle disk encryption at full speed. If you had built your own then it would of had padlock support and would be able to handle full speed disk encryption.
This makes no sense. The one's who would be spending $600+ for a "NAS" are either professional IT guys and thus would be capable of running their own system, or are iLife heads who think its "cool" to have something like this. These are not some $200 USD grandmother devices, nor are they set-top devices like a WDTV Live, their full up servers hosting an exported file system. Who in the world would be buying these that wouldn't be better served on their own? A power user would be better off building their own feature rich device, especially when it comes to backups and security. A home user wouldn't be using this and would instead use a large USB drive. An enterprise user would be laughing at all of you and using their own solution.
A little more in-depth knowledge about encryption would let you know that encrypting uses CPU power hence why accelerating the storage trough-put would change nothing in the processing bottleneck.
Your car doesn't get more HP by putting bigger tires, for that you need some engine tweaking.
When it will be 800$ including 4x 3TB HDDs, than it will make a bit sense. Now it's a normal rip-off, which is actually quit normal and respected business nowadays.
If you look on a typical supemarket shelves, you can easy see that most products are even not intended to be usefull not for consumer but just designed to make a money for seller. Normally cinsumer doesn't like to buy this goods and that is why there exist multi-billion dollar marketing industry, to make you buy different "brand" trash...
In IT you can at least test yourself...
So just decide yourself, not trust ads at all and make some research before buying -- and you will be reasonably safe to get what you need, not what is marketed...
When it will be 800$ including 4x 3TB HDDs, than it will make a bit sense. Now it's a normal rip-off, which is actually quit normal and respected business nowadays.
If you look on a typical supemarket shelves, you can easy see that most products are even not intended to be usefull not for consumer but just designed to make a money for seller. Normally cinsumer doesn't like to buy this goods and that is why there exist multi-billion dollar marketing industry, to make you buy different "brand" trash...
In IT you can at least test yourself...
So just decide yourself, not trust ads at all and make some research before buying -- and you will be reasonably safe to get what you need, not what is marketed...
Well if they could offer the NAS solution at $200~$250 without drives then that would be acceptable I think. You can get a home SOHO router device that supports USB "file share" for under $100 USD, and honestly this is ~all~ you need for a NAS device. Take the system board, remove the wireless components / routing interfaces, put in a SATA system with an eSATA / USB connector and 2~4 bays for drives. That would be marketable and be within the range of the average home user that doesn't have time / ability to manage their own server. This $600+ cost of drives for what is a non-managed file server ... its just too much for the SOHO world.