Sign in with
Sign up | Sign in

Is Data Encryption Worth Destroying Your NAS' Performance?

Is Data Encryption Worth Destroying Your NAS' Performance?
By

Three vendors of network-attached storage, Qnap, Synology, and Thecus, sent over Intel Atom-based NAS servers to test the effects of protecting your data via encryption. But performance and configuration options are not identical, as our testing shows.

Once you start getting into higher-end networked storage devices for SMBs, you often see value-added features like the ability to encrypt stored data to improve security. There are different ways to achieve this, which depend on the vendor. Some employ encryption at the partition level, while others encrypt at the file level.

Since these features generate a lot of interest from professional users concerned about protecting sensitive information, we decided to take a closer look at the encryption capabilities of several NAS devices: the TS-459 Pro by Qnap, Synology’s DS1010+ Synology, and Thecus' N4200.

Acceleration Through a Dedicated Cryptography Unit?

The NAS devices in this roundup all use the symmetric-key encryption AES (Advanced Encryption Standard) with a key length of 256 bits. The encryption standard is generally considered very safe and is used industry-wide, as well as by authorities in various fields (it is approved by the U.S. government for encrypting documents, for example). It is not uncommon for USB flash drives or hard drives to employ AES, and because of the high computational cost of data encryption, these often come with dedicated encryption/decryption processors, greatly accelerating the cryptography process.

Intel’s addition AES-NI to its 32 nm Clarkdale-based Core i5 desktop CPUs, six-core Gulftown processors, and second-gen Core i5 and Core i7 chips impressively demonstrates how much dedicated acceleration hardware can increase the speed of the encryption/decryption process. More information about this can be found in the article AES-NI Performance Analyzed; Limited To 32 nm Core i5 CPUs.

Inevitable Performance Degradation Through Intel’s Atom?

Unfortunately, none of the tested devices from Synology, Thecus, or Qnap have a dedicated hardware cryptography unit for encrypting/decrypting data, revealing a huge potential drawback of data encryption directly on the network storage device. As a result, if you actually plan to use encryption, that functionality must be handled by the NAS device's host processor. In all three of our test cases, that's a meagre Intel Atom D510, which of course lacks the AES-NI support that'd be needed to accelerate encryption in hardware.

The dual-core Atom processor is also tasked with handling XOR operations for the NAS devices’ RAID arrays. It is partly responsible for the data transfer rates of 100 MB/s and more (in gigabit Ethernet networks). Its network performance suffers once you apply the additional demands of compute-intensive cryptographic calculations, though. Just how much network performance do you lose when you trade throughput for security? Let's find out!

Ask a Category Expert

Create a new thread in the UK Article comments forum about this subject

Example: Notebook, Android, SSD hard drive

Display 2 comments.
This thread is closed for comments
  • 0 Hide
    Anonymous , 22 May 2011 21:30
    Interesting review. I'm wondering why you tested the Synology on such an old version of its firmware - 2.3-1161. The current version is DSM 3.1-1613 and the DSM 3.0-1334 version was released in September last year, so I would have thought soon enough for this review. Sometimes the performance difference between the firmwares can be dramatic and the change from the 2 series to the 3 of DSM was fairly major. As anyone who buys one of these boxes is likely to get one with a newer firmware than that reviewed and it is hard (read unsupported) to downgrade the firmware it seems that it makes the results less realistic of what someone can expect now.
  • 0 Hide
    Anonymous , 24 May 2011 19:22
    VIA Nano is the way to go when encryption is a must have in a low power envelope, or slightly further up an Intel core i5 (2390T based system should clock in below 15 W idle, and give screaming encryption performance, if my i5 650 is anything to go by). Atom + encryption is only useful in low-throughput scenarios. With the i5 650 encryption is performance-transparent, even with other processes hogging a core.
    Using a pre-built NAS-box just won't cut it for dm-crypt.