Is Data Encryption Worth Destroying Your NAS' Performance?

[MBinder]

Three vendors of network-attached storage, Qnap, Synology, and Thecus, sent over Intel Atom-based NAS servers to test the effects of protecting your data via encryption. But performance and configuration options are not identical, as our testing shows.

Is Data Encryption Worth Destroying Your NAS' Performance? : Read more

 

[und3rsc0re]

You guys should do this test using a few solid state drives, im interested to know the results if encryption affects the performance of them much.

 

[compton]

What about a Core i5 or better based server? You could turn an i5 with aes-ni into a cheap server for the same price as these diskless enclosures. Couldn't it be turned into a Linux based NAS with hardware encryption? I'm not hip to all of the issues, but that was my first thought.

 

[rhangman]

What about a VIA based solution? Low power like an Atom, cheap and has the padlock hardware encryption engine.

http://www.via.com.tw/en/initiatives/padlock/hardware.jsp

 

[Guest]

maybe you could test the other nas´too

http://www.tomshardware.com/charts/multi-bay-nas-charts-2011/benchmarks,121.html
already has a performance overview so just add encryption test

 

[huron]

I like what you guys are doing here at Toms...very interesting article. Any chance you guys can get your hands on a better processor to see what the results would be - I know how resource heavy encryption/decryption can be, and worry these don't really have enough horsepower to handle the job well.

Continue this as a series with better CPUs?

 

[bwcbwc]

The implication for all of these devices is that the data is encrypted/decrypted within the device, which in turn means that the data is transmitted over the network in unencrypted form.

The risk of a packet sniffer on the LAN seems a lot higher than someone walking out the door with your NAS array (or a piece of it), so I think you need to weigh your priorities when you choose this type of solution. If you are ready to address the physical security of data on a network attached drive, you should already have taken steps to ensure the security of the data during transmission.

 

[freggo]

What if one where to use TrueCrypt partitions on these servers instead ?
I tested it extensively first and use it now for 2 years on my regular drives, hardly a 'noticable' performance hit compared to the unencrypted drives in the PC and 'zero' errors or problems so far.

 

[Prey]

In a commercial environment, especially medical, hell yes! Go to the HITECH Act and see the breach list over 500 due to unencrypted files that are stolen or lost.

It shouldn't be a performance issue, but more a, is it worth the risk issue.

 

[Niva]

Definitely a good article, I'd been thinking about buying the Thecus. Tests with TrueCrypt would be appreciated since that's my tool of choice.

 

[tacoslave]

was i the only one thinking of sony?

 

[dangolo]

Bought the Thecus N4200 last year to compliment my system drive, a truecrypted C300 SSD. Windows 7 iSCSI interface makes it cake to use, and I admit, I LOVE this combo. Encryption "slowness" is not noticeable except in the most hurried of situations.
I have no enemies, but the value of knowing my data is private as often as possible, is a battle worth fighting.
BTW, the Thecus has a built in battery backup power supply, an eSata, and 2x10Gb ports. Very pricey, but worth it to me, thanks TH, brilliant concept and review =D

 

[palladin9479]

[citation][nom]rhangman[/nom]What about a VIA based solution? Low power like an Atom, cheap and has the padlock hardware encryption engine.http://www.via.com.tw/en/initiativ [...] rdware.jsp[/citation]

Any Via based solution would stomp the Atom into the ground when it comes to encrypted data. Heck you can throw together your own NAS with all the options you could possible want by building your own Mini-ITX server.

Anyhow Toms has demonstrated in the past that its writers / editors are journalists before their technicians. They go for the shock story rather then get technical and actually test things like a Via platform. Having done my own test with openssl, going from -engine dynamic to -engine padlock yielding over 1000% increase (yes more then 10x) in performance. I'm capable of reading / writing to an encrypted disk at full speed without the CPU taking a hit. For those of you who want to use SSD's Via is the ~only~ option as any other CPU would drag when trying to do the encryption at that speed.

 

[palladin9479]

After looking back over the article I noticed the prices on these items. Guys these things are rip offs. For the same amount you can build your own Via based Mini-ITX server and run whatever features you want on it.

Via Nano L2200 1.6Ghz (or the newer dual core ones)
1~2GB of DDR2 RAM (4 if you want to be adventurous)
JetWay motherboard, or the Via reference one (I prefer Jetway)
80GB SATA HDD (for OS)

Then purchase a MediaSonic four bay eSATA / USB 3.0 external raid enclosure. Connect the enclosure to your server using eSATA and share out whatever drive setup you want. The bonus is you can do RAID-5 and the enclosure has its own circuitry to do the XOR calculations, thus relieving your CPU from having to do this. Use Linux as your OS, or MS SBS with DiskCryptor (Truecrypt refuse's to support Via CPU's, DiskCryptor is a fork from the original TrueCrypt and supports all current HW encryptors). Now you get whatever you want out of this package, use it just for network resource sharing like printers and file shares. If you want you can add OpenVPN style support, OpenSSL now supports the padlock encryption engine and you can specify that inside the OpenVPN configuration. You can add your own DNS server, web server or whatever project you can dream up.

NAS devices like those above are for home "professionals" who don't know how to manage their own server, basically the iApple drones.

 

[house70]

Nobody's asking you to buy one. People that can build their own NAS are NOT interested in this article, hence it was not for them. There are a lot of PC users not familiar with the requirements of building a NAS, especially running Linux. Do not look down on people that do not have the same knowledge about servers as you; they might have a LOT of knowledge about other things that you are clueless. Yo' mama didn't teach you that?
Also, your point makes no sense: if for the same amount of money you can build your own, then you are not saving a dime by doing so.
Finally, if you have built one, why don't you publish your own benchmarks, to put some weight behind your statements? Although, seeing how biased you are, I would not necessarily believe the numbers you put out. You have just shot your credibility in the foot (or rather, in the face) with your comment.

 

[palladin9479]

A "NAS" is just a mini-itx system running a customized linux OS with a managed web front end. You are limited by the "features" the HW manufacturer provided. Build your own (Linux or Windows Server) and not only do you get the exact same thing, but you can then add features or expand it in any way you desire.

I point at encryption as a prime example. These NAS's are all using under powered Atom CPU's and therefor can not handle disk encryption at full speed. If you had built your own then it would of had padlock support and would be able to handle full speed disk encryption.

There are a lot of PC users not familiar with the requirements of building a NAS, especially running Linux.

This makes no sense. The one's who would be spending $600+ for a "NAS" are either professional IT guys and thus would be capable of running their own system, or are iLife heads who think its "cool" to have something like this. These are not some $200 USD grandmother devices, nor are they set-top devices like a WDTV Live, their full up servers hosting an exported file system. Who in the world would be buying these that wouldn't be better served on their own? A power user would be better off building their own feature rich device, especially when it comes to backups and security. A home user wouldn't be using this and would instead use a large USB drive. An enterprise user would be laughing at all of you and using their own solution.

 

[x3style]

[citation][nom]und3rsc0re[/nom]You guys should do this test using a few solid state drives, im interested to know the results if encryption affects the performance of them much.[/citation]
A little more in-depth knowledge about encryption would let you know that encrypting uses CPU power hence why accelerating the storage trough-put would change nothing in the processing bottleneck.
Your car doesn't get more HP by putting bigger tires, for that you need some engine tweaking.

 

[Guest]

I use DNLA to stream media to my Samsung tv. What if I was to use a NAS with encryption. Would that work?.

 

[Guest]

I think it will resolve itself by a market -- this "NAS" are just overpriced, otherwise it's normal low-end solution for lazy user. I am also quit lazy, but after one experience with Buffalo Terastation I prefer to use MediaSonic enclosure connected to my server, similarly as other user adviced...
When it will be 800$ including 4x 3TB HDDs, than it will make a bit sense. Now it's a normal rip-off, which is actually quit normal and respected business nowadays.
If you look on a typical supemarket shelves, you can easy see that most products are even not intended to be usefull not for consumer but just designed to make a money for seller. Normally cinsumer doesn't like to buy this goods and that is why there exist multi-billion dollar marketing industry, to make you buy different "brand" trash...
In IT you can at least test yourself...
So just decide yourself, not trust ads at all and make some research before buying -- and you will be reasonably safe to get what you need, not what is marketed...

 

[palladin9479]

I think it will resolve itself by a market -- this "NAS" are just overpriced, otherwise it's normal low-end solution for lazy user. I am also quit lazy, but after one experience with Buffalo Terastation I prefer to use MediaSonic enclosure connected to my server, similarly as other user adviced...
When it will be 800$ including 4x 3TB HDDs, than it will make a bit sense. Now it's a normal rip-off, which is actually quit normal and respected business nowadays.
If you look on a typical supemarket shelves, you can easy see that most products are even not intended to be usefull not for consumer but just designed to make a money for seller. Normally cinsumer doesn't like to buy this goods and that is why there exist multi-billion dollar marketing industry, to make you buy different "brand" trash...
In IT you can at least test yourself...
So just decide yourself, not trust ads at all and make some research before buying -- and you will be reasonably safe to get what you need, not what is marketed...

Well if they could offer the NAS solution at $200~$250 without drives then that would be acceptable I think. You can get a home SOHO router device that supports USB "file share" for under $100 USD, and honestly this is ~all~ you need for a NAS device. Take the system board, remove the wireless components / routing interfaces, put in a SATA system with an eSATA / USB connector and 2~4 bays for drives. That would be marketable and be within the range of the average home user that doesn't have time / ability to manage their own server. This $600+ cost of drives for what is a non-managed file server ... its just too much for the SOHO world.

 

[g00ey]

But what if you use a proper quad-core computer with lots of RAM as a NAS running Solaris/OpenIndiana? Then the encryption shouldn't be much of a performance issue.

 

[palladin9479]

Ahh but then you've blown past the price point of "NAS" and into entry-level servers. Your going to suck down more power running that setup then any of the smaller solutions. And regardless of the OS, software encryption is still a CPU heavy function. That was the entire reason Via created padlock, so as to provide faster encryption speeds then the larger platforms while still sipping power and being capable of running fanless and in harsh environments.

 

[Guest]

To you dsdsd :
> device that supports USB "file share" for under $100 USD, and honestly this is ~all~ you need for a NAS device

you can already purchase that iConnect adapter
http://stores.tomshardware.com/search_getprod.php/masterid=761605604/search=iomega+iconnect/st=query
The only problem : it's USB 2 and it uses a meager Marvell 88F6281 processor

 

[g00ey]

[citation][nom]palladin9479[/nom]Ahh but then you've blown past the price point of "NAS" and into entry-level servers. Your going to suck down more power running that setup then any of the smaller solutions.[/citation] I tend to disagree here. A whitebox solution can even be cheaper than the NASes that are in this review and there are many different configurations to choose from whether you want to prioritize computing power or low power consumption. The leanest solutions should then be the Atom based motherboards or motherboards with mobile CPUs. Also, both Intel and AMD offer power efficient CPUs for standard form-factors such as e.g. the Phenom II x4 910e.

 

[palladin9479]

I tend to disagree here. A whitebox solution can even be cheaper than the NASes that are in this review and there are many different configurations to choose from whether you want to prioritize computing power or low power consumption. The leanest solutions should then be the Atom based motherboards or motherboards with mobile CPUs. Also, both Intel and AMD offer power efficient CPUs for standard form-factors such as e.g. the Phenom II x4 910e.

Offering any CPU more powerful then an Atom / Via / AMD APU is going to significantly increase your cost, unless your dumpster diving and getting used / openbox components. Its that or your home device is now a full fledged PC using a bigger PSU, something like a $400 eMachine-esqe PC with lots of HDD's thrown inside it. And your'd still be at a lower performance level when doing encryption.
I've built many of these as a side business / project and you always run into the wall that you either want big and cheap, or small and slightly more expensive. Mini-ITX tend to use laptop grade components, they sip power but are a little more expensive.

For the encryption portion, I can attest that going from -engine dynamic to -engine padlock on OpenSSL speed test resulted in a near 1000% increase in performance. My 1Ghz Via C3 (at the time) CPU was crushing everything in its class and beat out every value CPU on the market. The only thing that could compete with it was the $300+ CPU. Of course this was two years ago and I'm now using a Via C7 1.8Ghz in my home router and a Via Nano L2200 1.6Ghz inside my home server. Haven't done speed checks on them yet, maybe I should. Ultimately though using a Via CPU gives you full speed encryption, we're talking less then 1% loss of performance during disk access or packet encryption. It can encrypt internally at several Gb/s, so I think SSD's could even achieve full speed disk encryption. And that is all you need to be able to do, process file I/O requests at max speed over a 1Gb/s connection.