Three vendors of network-attached storage, Qnap, Synology, and Thecus, sent over Intel Atom-based NAS servers to test the effects of protecting your data via encryption. But performance and configuration options are not identical, as our testing shows.
Once you start getting into higher-end networked storage devices for SMBs, you often see value-added features like the ability to encrypt stored data to improve security. There are different ways to achieve this, which depend on the vendor. Some employ encryption at the partition level, while others encrypt at the file level.
Since these features generate a lot of interest from professional users concerned about protecting sensitive information, we decided to take a closer look at the encryption capabilities of several NAS devices: the TS-459 Pro by Qnap, Synology’s DS1010+ Synology, and Thecus' N4200.
Acceleration Through a Dedicated Cryptography Unit?
The NAS devices in this roundup all use the symmetric-key encryption AES (Advanced Encryption Standard) with a key length of 256 bits. The encryption standard is generally considered very safe and is used industry-wide, as well as by authorities in various fields (it is approved by the U.S. government for encrypting documents, for example). It is not uncommon for USB flash drives or hard drives to employ AES, and because of the high computational cost of data encryption, these often come with dedicated encryption/decryption processors, greatly accelerating the cryptography process.
Intel’s addition AES-NI to its 32 nm Clarkdale-based Core i5 desktop CPUs, six-core Gulftown processors, and second-gen Core i5 and Core i7 chips impressively demonstrates how much dedicated acceleration hardware can increase the speed of the encryption/decryption process. More information about this can be found in the article AES-NI Performance Analyzed; Limited To 32 nm Core i5 CPUs.
Inevitable Performance Degradation Through Intel’s Atom?
Unfortunately, none of the tested devices from Synology, Thecus, or Qnap have a dedicated hardware cryptography unit for encrypting/decrypting data, revealing a huge potential drawback of data encryption directly on the network storage device. As a result, if you actually plan to use encryption, that functionality must be handled by the NAS device's host processor. In all three of our test cases, that's a meager Intel Atom D510, which of course lacks the AES-NI support that'd be needed to accelerate encryption in hardware.
The dual-core Atom processor is also tasked with handling XOR operations for the NAS devices’ RAID arrays. It is partly responsible for the data transfer rates of 100 MB/s and more (in gigabit Ethernet networks). Its network performance suffers once you apply the additional demands of compute-intensive cryptographic calculations, though. Just how much network performance do you lose when you trade throughput for security? Let's find out!