Synology DS2015xs Review: An ARM-based 10G NAS
by Ganesh T S on February 27, 2015 8:20 AM EST- Posted in
- NAS
- Storage
- Arm
- 10G Ethernet
- Synology
- Enterprise
Encryption Support Evaluation
Consumers looking for encryption capabilities can opt to encrypt a iSCSI share with TrueCrypt or some in-built encryption mechanism in the client OS. However, if requirements dictate that the data must be shared across multiple users / computers, relying on encryption in the NAS is the best way to move forward. Most NAS vendors use the industry-standard 256-bit AES encryption algorithm. One approach is to encrypt only a particular shared folder while the other approach is to encrypt the full volume. Synology supports only folder-level encryption for now in DSM.
On the hardware side, encryption support can be in the form of specialized hardware blocks in the SoC (common in ARM / PowerPC based NAS units). In x86-based systems, accelerated encryption support is dependent on whether the AES-NI instruction is available on the host CPU. On the Annapurna Labs Alpine platform, we have a dedicated crypto block.
The graphs above show that there is a performance impact only for writes to encrypted volumes. The impact is not as bad as that of software encryption, but the slowdown is definitely noticeable. This indicates an imbalance between the cryptography engine's encryption rate and the the rate at which data can be written to the storage media.
49 Comments
View All Comments
chrysrobyn - Friday, February 27, 2015 - link
Is there one of these COTS boxes that runs any flavor of ZFS?SirGCal - Friday, February 27, 2015 - link
They run Syn's own format...But I still don't understand why one would use RAID 5 only on an 8 drive setup. To me the point is all about data protection on site (most secure going off site) but that still screams for RAID 6 or RAIDZ2 at least for 8 drive configurations. And using SSDs for performance fine but if that was the requirement, there are M.2 drives out now doing 2M/sec transfers... These fall to storage which I want performance with 4, 6, 8 TB drives in double parity protection formats.
Kevin G - Friday, February 27, 2015 - link
I think you mean 2 GB/s transfers. Though the M.2 cards capable of doing so are currently OEM only with retail availability set for around May.Though I'll second your ideas about RAID6 or RAIDZ2: rebuild times can take days and that is a significant amount of time to be running without any redundancy with so many drives.
SirGCal - Friday, February 27, 2015 - link
Yes I did mean 2G, thanks for the corrections. It was early.JKJK - Monday, March 2, 2015 - link
My Areca 1882 ix-16 raid controller uses ~12 hours to rebuild a 15x4TB raid with WD RE4 drives. I'm quite dissappointed with the performance of most "prouser" nas boxes. Even enterprise qnaps can't compete with a decent areca controller.It's time some one built som real NAS boxes, not this crap we're seeing today.
JKJK - Monday, March 2, 2015 - link
Forgot to mention it's a Raid 6vol7ron - Friday, February 27, 2015 - link
From what I've read (not what I've seen), I can confirm that RAID-6 is the best option for large drives these days.If I recall correctly, during a rebuild after a drive failure (new drive added) there have been reports of bad reads from another "good" drive. This means that the parity drive is not deep enough to recover the lost data. Adding more redundancy, will permit you to have more failures and recover when an unexpected one appears.
I think the finding was also that as drives increase in size (more terabytes), the chance of errors and bad sectors on "good" drives increases significantly. So even if a drive hasn't failed, it's data is no longer captured and the benefit of the redundancy is lost.
Lesson learned: increase the parity depth and replace drives when experiencing bad sectors/reads, not just when drives "fail".
Romulous - Sunday, March 1, 2015 - link
Another benefit of RAID 6 besides 2 drives being able to die, is the prevention of bit rot. In Raid 5, if i have a corrupt block, and one block of parity data, it wont know which one is correct. However since RAID 6 has 2 parity blocks for the same data block, its got a better chance if figuring it out.802.11at - Friday, February 27, 2015 - link
RAID5 is evil. RAID10 is where it's at. ;-)seanleeforever - Friday, February 27, 2015 - link
802.11at:cannot tell whether you are serious or not. but
RAID 10 can survive a single disk failure, RAID 6 can survive a failure of two member disks. personally i would NEVER use raid 10 because your chance of losing data is much greater than any raid that doesn't involve 0 (RAID 0 was a afterthought, it was never intended, thus called 0).
RAID 6 or RAID DP are the only ones used in datacenter for EMC or Netapp.