Full Drive Encryption with Samsung Solid State Drives



Similar documents
FDE Performance Comparison. Hardware Versus Software Full Drive Encryption

Evaluation Report: Supporting Microsoft Exchange on the Lenovo S3200 Hybrid Array

HP Z Turbo Drive PCIe SSD

Workstation Virtualization Software Review. Matthew Smith. Office of Science, Faculty and Student Team (FaST) Big Bend Community College

SSD Old System vs HDD New

Hard Disk Drive vs. Kingston SSDNow V+ 200 Series 240GB: Comparative Test

Understanding the Performance of an X User Environment

AP ENPS ANYWHERE. Hardware and software requirements

Enterprise Class SSD: A Business Benefit Analysis

Gain Complete Data Protection with SanDisk Self-Encrypting SSDs and Wave Systems

Introducing Intel Small Business Advantage

Anti-Virus Comparative

Embedded Operating Systems in a Point of Sale Environment. White Paper

Operating System Windows Vista, Windows 7, Windows 8. VGA Video Output (or an appropriate conversion adapter to VGA)

Solid State Drives (SSD) with Self Encryption: Solidly Secure Michael Willett Storage Security Strategist Independent Consultant

Analysis of VDI Storage Performance During Bootstorm

Content. PCKeeper Live. 1. Introduction. 2. Test Environment. 3. Tests Description. 4. Test Machines Specifications

S E A h a w k C r y p t o M i l l CryptoMill Technologies Ltd.

Podcomplex Guides. Going Mobile: Laptop Buying Guide

1. System Requirements

Evaluation Report: Accelerating SQL Server Database Performance with the Lenovo Storage S3200 SAN Array

SSD Deployment Replaces 4,600 HDDs in SanDisk Employee Laptops

Virtuoso and Database Scalability

Consumer Internet Security Products Performance Benchmarks (Sept 2011)

Navigating Endpoint Encryption Technologies

Quantifying Hardware Selection in an EnCase v7 Environment

SOLUTION BRIEF. Resolving the VDI Storage Challenge

Samsung SED Security in Collaboration with Wave Systems

Optimizing SQL Server Storage Performance with the PowerEdge R720

Dell Compellent Storage Center SAN & VMware View 1,000 Desktop Reference Architecture. Dell Compellent Product Specialist Team

VDI Appliances Accelerate and Simplify Virtual Desktop Deployment

Built for Business. Ready for the Future.

MedInformatix System Requirements

Windows 7. Qing Liu Michael Stevens

DIABLO TECHNOLOGIES MEMORY CHANNEL STORAGE AND VMWARE VIRTUAL SAN : VDI ACCELERATION

Windows Imaging and Deployment Software Comparison

White Paper. Educational. Measuring Storage Performance

Accelerating Enterprise Applications and Reducing TCO with SanDisk ZetaScale Software

Keep Your Data Secure: Fighting Back With Flash

Power Benefits Using Intel Quick Sync Video H.264 Codec With Sorenson Squeeze

WinMan. Utilizing Terminal Services. Quick Results. Summer, ver a d v a n c e d s y s t e m s

Hypervisor-based Background Encryption

INTRODUCTION TO WINDOWS 7

Distribution One Server Requirements

Symantec Endpoint Protection Small Business Edition vs. Five Competitors July 2014

Factory-Installed, Standards-Based Hardware Security. Steven K. Sprague President & CEO, Wave Systems Corp.

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Samsung Magician v.4.5 Introduction and Installation Guide

How To Improve Write Speed On An Nand Flash Memory Flash Drive

Protecting Your Business from Costly Data Theft: Why Hardware-Based Encryption Is the Answer

MoversSuite by EWS. System Requirements

Modernizing Servers and Software

Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives

Norton Internet Security vs Windows Defender on Windows 8 (Edition 1)

Druva insync: Simplified, Robust Endpoint Data Protection Date: August 2011 Author: Tony Palmer, Senior Lab Engineer /Analyst

Solid-State Drives with Self-Encryption: Solidly Secure

Section 1.0 Getting Started with the Vālant EMR. Contents

Yale Software Library

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows

Revised February 17, 2008 Page 1 of 7

Acronis True Image 2015 REVIEWERS GUIDE

A Comprehensive Plan to Simplify Endpoint Encryption

What are Hosted Desktops?

The I.T. Experience Service and Pricing List 2015

Sage CRM Technical Specification

Overhead and Performance Impact when Using Full Drive Encryption with HP ProtectTools and SSD

CONTENTS. Windows To Go: Empower And Secure The Mobile Workforce

Microsoft Office 365 from Vodafone. Do business virtually anywhere

Computer Storage. Computer Technology. (S1 Obj 2-3 and S3 Obj 1-1)

QUESTIONS & ANSWERS. ItB tender 72-09: IT Equipment. Elections Project

Using End User Device Encryption to Protect Sensitive Information

Self Encrypting Drive Market & Technology Report

Solid Security: The Rise of Self-Encrypting. Solid State Drives. Thomas Coughlin

Anti Virus Comparative Performance Test (AV Products) November 2011

Seeking Fast, Durable Data Management: A Database System and Persistent Storage Benchmark

Samsung Data Migration v.3.0 Introduction and Installation Guide

Backup and Recovery. Backup and Recovery. Introduction. DeltaV Product Data Sheet. Best-in-class offering. Easy-to-use Backup and Recovery solution

VDI can reduce costs, simplify systems and provide a less frustrating experience for users.

SecureD Technical Overview

Storage Architecture in XProtect Corporate

Remote Network Accelerator

Computer Information & Recommendations

V300 Benchmark Brief. Overview of Consumer SSD Offering. HyperX: Designed for enthusiasts and gamers, HyperX 3K SSD is Kingston s fastest SSD product.

SOLID STATE DRIVES AND PARALLEL STORAGE

Best Practices for Optimizing SQL Server Database Performance with the LSI WarpDrive Acceleration Card

Attix5 Pro Storage Platform

Performance Test Report: Novell iprint Appliance 1.1

VMware Horizon FLEX User Guide

Sage CRM Technical Specification

Intel Solid-State Drives Increase Productivity of Product Design and Simulation

7 Real Benefits of a Virtual Infrastructure

Maximizing Your Server Memory and Storage Investments with Windows Server 2012 R2

2011 DASM Tablet Computer Systems Benchmark Report

MFR IT Technical Guides

PC computer configurations & Windows optimizations (Updated November 2012)

GUARD1 PLUS SE Administrator's Manual

Virtual Desktops Security Test Report

AVLOR SERVER CLOUD RECOVERY

System Requirements. Version 8.2 November 23, For the most recent version of this document, visit our documentation website.

The Data Placement Challenge

Transcription:

Full Drive with Solid State Drives A performance and general review of s new selfencrypting solid state drives. Trusted Strategies LLC Author: Bill Bosen November 2010 Sponsored by Electronics

Full Drive Using Solid State Drives The new self-encrypting sold state drives are as fast as their standard SSDs, and offer a much faster and better full drive encryption (FDE) solution than installing software encryption with a traditional, rotating hard disk drive (HDD). One of the big trends in cybersecurity is encrypting sensitive data on laptops and other portable devices. As our world becomes increasingly mobile, we take more and more of our sensitive data with us where it is subject to loss or theft. of that data is the best defense and the technology is gaining wide acceptance and adoption. In some industries or applications, government or industry regulations, such as breach notification laws, are progressively mandating that data must be encrypted. These regulations, along with the ever-growing security vulnerabilities and threats, are driving this important trend. For many years, it has been possible to use software tools to encrypt hard drive data. Storage drives capable of automatic encryption within their own hardware are relatively new, but have many advantages over software implementations. At Trusted Strategies, we have been heavily involved in drive encryption technologies for 20 years, and it is exciting to see the recent advancements and developments in hardware-based drive encryption. In an earlier paper, we studied and reported on using self-encrypting hard drives for full drive encryption (see Trusted Strategies FDE Performance Comparison Hardware Versus Software Full Drive ). That report was focused on traditional selfencrypting rotating hard disk drives. However, in this report, we are presenting the findings of an additional study regarding self-encrypting SSDs (solid state drives). In particular, we obtained and tested the new 128GB SSD with FDE (Full Drive ). We were very eager to have this new state-of-the-art technology in our hands and put it through our series of tests. Objectives Our analysis had several objectives. requires a great deal of processing, and because FDE products encrypt everything on the device, including the operating system, the encryption performance is extremely important. So, our initial objective was to evaluate the performance of the device. Since most FDE implementations to date have used software encryption products like Microsoft s BitLocker, McAfee Endpoint, TrueCrypt, or others, we wanted to compare how the selfencrypting SSD performed when compared with a typical software-encrypting product. Of course, we also wanted to compare how the self-encrypting SSD compared with their own standard, non-encrypting SSD. We were intent on determining what performance penalties, if any, one would encounter by going with the self-encrypting SSD over the standard SSD. Full Drive with Solid State Drives Page 2

Another objective was to take a look at the security, deployment issues, manageability, and user experience of the device. While performance is a critical component to evaluate, if an organization s full drive encryption project is too difficult to deploy or manage, the entire effort will suffer or perhaps fail altogether. So, this was another area we wanted to explore. Products Tested The self-encrypting hardware products we evaluated included: 2.5 128GB Standard SSD, Model MZ-5PA1280/0D1. The performance of this device was tested as-is with no encryption, and then again with software encryption added. 2.5 128GB SSD with FDE, Model MZ-5PA1280/0D7 with FDE 1034. This is s self encrypting SSD. Although certainly not an apples to apples comparison, to establish some sort of a performance baseline, we also tested the standard, non encrypting 2.5 rotating 7200 RPM HDD (hard disk drive) that came stock in our test platform. The performance of this stock hard disk drive was tested as-is with no encryption, and then again with software encryption added. For the software encrypting products, we tested 4 industry leaders. Although there were big differences in the management and deployment issues of these various products (especially in the time it took to do the initial drive encryption), once installed, the performance among the different software contenders was relatively similar for most operations. Ultimately, for our comparison with the SSD alternatives, we elected to report on the software encryption product that was most representative of the lot. It was consistently one of the best software performers in most areas, and tended to have our favorite features and options. Since our objective was to evaluate the performance of SSD encryption against software encryption performance in general and not to single out the weaknesses of any particular product, we have opted not to name the software vendor. But you can take at least some comfort in the knowledge that it was one of the leading software products. We could have reported on any of the software products and the performance results would not have varied enough to make much difference when compared with the performance of the SSD devices. Test Platforms and Procedures For our test platforms, we used identical Dell Latitude E6410 laptops, running Microsoft Windows 7 Professional - 64 bit. These machines were equipped with Intel Dual Core vpro i5-540m Processors running at 2.53GHz with 4 GB of RAM. This platform was, of course, outfitted with the different drives we tested. Full Drive with Solid State Drives Page 3

When testing the software FDE products, we tested both the standard 250 GB 7200 RPM drive that came stock on the Latitude along with software encryption added, and the standard non-encrypting SSD with software encryption added. For the hardware-based FDE tests, we used s self-encrypting SSD as noted above. All in all, we tested the performance of 5 different platform configurations: 1. The stock Dell Latitude E6410 with its traditional rotating hard disk drive. No encryption whatsoever. 2. The Dell Latitude E6410 configured with s standard non-encrypting SSD. Again, no encryption whatsoever. 3. The Dell latitude E6410 with its traditional rotating hard disk drive plus software full disk encryption. 4. The Dell Latitude E6410 configured with s standard non-encrypting SSD plus software full drive encryption. 5. The Dell Latitude E6410 configured with s self encrypting SSD Our performance test objectives included determining the data throughput of commonly used applications like those within Microsoft Office, Internet browsing, picture viewing, and the like. We also wanted to test throughput for drive intensive procedures like system backups, virus scanning, audio and video editing, and opening, reading, and writing large 100MB+ files used with data-intensive applications. Finally, we wanted to know how encryption might affect the performance of drive-heavy system processes such as startup, shutdown, and hibernation. In addition to our own test procedures, we used PassMark s Performance Test 7 benchmarking software to test and measure the throughput performance of the different encryption solutions. We found PassMark s drive test suite exceptionally well-designed for our needs. While we ran performance tests on the entire system, including the CPU, memory, and graphics, we concentrated on the drive test suites. Our test procedures included freshly imaging and restoring the operating system and applications before each and every specific test. We also repeated each of the tests at least three times, and included the mean of the three or more tests. The specific tests conducted for each of the platform configurations included the following: Application Loading: This test measured the data throughput from disk activities incurred by opening and closing the following applications - Microsoft Word, Adobe Acrobat Reader, Windows Media Player, Leadtek Winfast DVD, and Mozilla Internet Browser. The test involved 83% read operations and 17% write operations. Full Drive with Solid State Drives Page 4

Modest Size File Test: This test, consisting of 60% reads and 40% writes, measures drive activities of several common but modest size applications and files. Test activities included: o Opening a Microsoft Word document, performing grammar check, saving and closing o Compression and decompression using Winzip o Encrypting and decrypting files using PowerCrypt o Playing WAV, MP3, and WMV files with Windows Media Player o Playing a DivX video using DivX codec and Windows Media Player o Viewing pictures using Windows Picture Viewer o Browsing Internet files using Microsoft Internet Explorer o Loading, playing and exiting a game using Ubisoft Tom Clancy s Ghost Recon Large Scale Data Read: This test measures throughput while reading 2 GB of files. This test is 99.5% read activity. This test is also an effective way to test the performance of data backup procedures. Large Scale Data Write: Measures throughput while writing 2 GB of data onto the drive. No read operations were involved in this test. System Startup: Elapsed time, throughput, and activities that occur during Windows startup procedures. The test is 90% reading and 10% writes, and contains no user activity. System Shutdown: Measures how long it takes to perform a system shutdown. Hibernation Time Measures how long it takes for the system to hibernate and power back up. Performance Results: Our baseline tests used no encryption at all on either the traditional HDD, or on the nonencrypting SSD. When comparing these two test results, as expected, the SSD was significantly faster than a traditional rotating hard disk drive. In fact, it was more than twice as fast as the HDD for large scale read/write operations, 7 times faster for modest sized files, and up to 13 No : HDD vs. SSD times faster for highly 200 150 178 171 randomized read/write activity. See Full Drive Throughput 85 Tests Table 1. MB / Second 100 50 0 Large Read/Write 80 Modest Read/Write Performance Tests 4 55 Random Read/Write HDD SSD The differences were startling. The SSD was significantly faster than we expected. Full Drive with Solid State Drives Page 5

Full Drive Throughput Tests Table 1 Stock HDD No SSD No Stock HDD with Software SSD with Software Self Encrypting SSD Startup Throughput (MB/second) 7.90 82.50 6.97 47.90 95.33 Application Loading (MB/second) 7.03 48.33 5.77 30.77 60.37 Modest Size File Test (MB/second) 6.13 41.13 5.00 26.77 50.40 Large Scale Data Read (MB/second) 84.67 178.00 52.88 70.23 169.33 Large Scale Data Write (MB/second) 79.60 170.80 49.50 63.60 164.50 Random R/W (MB/second) 4.07 54.77 2.51 29.57 54.50 PassMark Overall Disk Rating 608.53 1457.50 380.10 590.70 1404.23 Self-encrypting SSD as fast as standard SSD Next we examined the results to see how the self-encrypting SSD compared with the standard non-encrypting SSD. Other than the hardware encryption, these two devices appear to be exactly the same model. The self-encrypting SSD has the added hardware to accelerate the encryption and provide robust security, but otherwise the specs of the two drives are indistinguishable. Our tests showed that the self-encrypting SSD had nearly identical performance when compared with the non-encrypting SSD. So, organizations choosing the selfencrypting hardware will see virtually no degradation in performance over the nonencrypting device. For large scale data reading, the encrypting SSD achieved an impressive 169.33 megabytes per second. This was nearly as fast as the non-encrypting SSD which achieved 178.0 MB per second. Large scale writing throughput was also very similar at 164.50 MB/second for the encrypting SSD vs. 170.80 for the standard SSD. This performance consistency was also true for heavily randomized read/write activity where the encrypting SSD scored 54.50 MB/second and the standard SSD was measured at 54.77 MB/second. It is interesting that the optimization and hardware acceleration of the self-encrypting SSD performs so well that it is actually slightly faster in a couple of areas. Although probably not noticeable in typical use, the self-encrypting SSD outperformed the standard SSD during startup, application loading, and working with small to modest files. In our tests, shutting down the system configured with encryption did take a little over 2 seconds longer than shutting down the non-encrypting system. See Full Drive System Startup/Shutdown Tests Table 2. Overall, the selfencrypting SSD performed as well as the standard SSD. Full Drive with Solid State Drives Page 6

Full Drive System Startup/Shutdown Tests Table 2 Stock HDD No SSD No Stock HDD with Software SSD with Software Self Encrypting SSD Startup Time (seconds) 56.02 42.53 58.88 47.71 42.92 Shutdown Time (seconds) 14.50 8.66 15.18 12.12 11.25 Hibernate Time (seconds) 18.95 14.15 19.25 15.68 15.64 Hibernate Recover Time (seconds) 35.27 32.60 38.08 39.42 31.43 If using software encryption - SSD is significantly faster than HDD With the performance advantages of hardware encryption, we believe most enterprises will migrate to hardware-based full drive encryption during the next 3 years. However, some organizations might be contemplating a continuation of their software encryption programs for a period of time, wondering when the correct time to convert to hardware encryption will be. So, to help answer that question, we tested the performance options of using software full drive encryption with SSDs, versus doing so with traditional HDDs. As one might expect, software encryption turned out to be much faster when installed on a PC with a SSD instead of a traditional hard disk drive (HDD). The throughput for large scale data reading was clocked at 70.23 MB/second for the standard SSD plus software encryption versus 52.88 MB/second for the PC with a traditional hard drive and software encryption. Large scale data writes showed a similar advantage for the SSD configuration at 63.50 MB/second versus 49.50 MB/second. MB / Second Software : HDD vs. SSD 70 60 50 40 30 20 10 0 53 70 Large File Read 5 27 Performance Tests 2.5 29.5 Random Read/Write HDD SSD The SSD advantages become even more pronounced when considering the performance of random read/write activities or the throughput for smaller file sizes. For these operations, the SSD was at least 5 times faster than the HDD, and sometimes as high as 11 times faster. Our test machine configured with a traditional HDD and software encryption ran the random read/write test at 2.51 MB/second. When the SSD with software encryption added was tested, it achieved 29.57 MB/second. That s better than 11 times faster than with the traditional hard disk drive configuration. Full Drive with Solid State Drives Page 7

Self-encrypting SSD over 3 times faster than HDD with software encryption As noted previously, most implementations of full drive encryption today rely on software encryption packages installed on platforms with traditional rotating hard disk drives. We wanted to examine the performance gains an organization might see if they upgraded to hardware-based encryption using self-encrypting SSD technology. So, we analyzed the performance difference between systems doing encryption in software on a traditional HDD, and those performing encryption within the hardware of self encrypting SSDs. The results of our tests showed obvious performance advantages of the self-encrypting SSD configuration over software encryption on a traditional HDDbased PC. The HDD platform using software encryption achieved 52.88 MB/second throughput in our large scale data read test. The self-encrypting SSD ran over 3 times faster, clocking in at 169.33 MB/second throughput. For random 180 160 140 120 100 MB / Second 80 60 40 20 0 HDD+Software vs. Self Encrypting SSD 53 169 Large File Read 5 50 2.5 55 Modest File Random Read/Write Read/Write Performance Tests HDD+Software FDE SSD read/write operations, the system with a HDD and software encryption ran at a meager 2.51 MB/second, whereas the self-encrypting SSD was over 21 times faster at 54.50 MB/second. And the self-encrypting SSD was 10 times faster doing operations with modest file sizes. Overall, the SSD-based system significantly out-performed the software-based solution in every test, including system startup and shutdown, hibernation and recovery, application loading, and all other operations. PassMark, one of the benchmarking systems we used, calculated an overall score for all drive performance tests it conducted. The HDD system with software encryption scored 380. The system equipped with the self-encrypting SSD scored 1404, well over 3 times faster than a software approach with traditional rotating disk drives. Self-encrypting SSD - Fastest overall encryption When compared with the other alternatives tested, our results showed that the fastest encryption was achieved by the self-encrypting SSD. 1600 1400 1200 1000 PassMark 800 Score 600 400 200 0 Overall Data Drive Performance Full Drive with Solid State Drives Page 8 380 591 HDD + Software Standard SSD + Software 1404 Self Encrypting SSD

The traditional HDD with software encryption scored 380 on our overall PassMark drive performance test. The SSD with software encryption was almost twice as fast with a score of 591. The self-encrypting SSD achieved the highest score of 1404. Security, Implementation, and other Issues As important as performance is when selecting a full drive encryption solution, the relative security and costs to implement and maintain an organization s full drive encryption program is very important. Here again, the new drives we evaluated in this report have distinct benefits over software approaches. One major advantage of hardware-based security over software-based solutions is the way the authentication and encryption keys are protected. Self-encrypting drives perform all cryptography within the hardware-protected drive controller. Unlike software FDE, the drive encryption keys are not present in the computer s CPU or memory where they are subject to theft. Another nice feature of hardware-based security as implemented in the self-encrypting SSD and associated management software is that the encryption is always on, even when an equipped laptop is first purchased. And, there is no way for users to disable or remove the protection. This not only helps ensure data is encrypted at all times, but makes it much easier to prove compliance with encryption regulations. Additionally, the time it takes to install and deploy a full drive encryption solution can be very significant, especially if hundreds or even thousands of PCs are involved. Softwarebased encryption takes hours to install on a typical laptop with a 128GB or larger drive. We installed one software encryption package on a 500GB drive that took almost 24 hours to complete the installation. Multiply that by the number of laptops in a large organization and the implementation hassles become very significant. Contrast that with the thought of purchasing a laptop with an encrypting drive already installed. In this latter case, all one needs to do is add authentication credentials and they are all set. Summary The performance advantages of self-encrypting drives, particularly solid state devices, are very compelling. The self-encrypting SSD we tested from was just as fast as their non-encrypting SSD, so there is no performance penalty for protecting the enterprise s laptops with encryption. And, when compared with the alternative of using full drive encryption software on a platform equipped with a traditional rotating hard disk drive, the SSD is faster by far. Another advantage of using laptops equipped with self-encrypting drives as opposed to addon software encryption packages is the savings in time it takes to deploy the system. It is not Full Drive with Solid State Drives Page 9

necessary to initially encrypt the contents of the drive like software solutions require, a process that took us anywhere from 3 ½ hours to 24 hours per laptop. Organizations struggling to decide if it is more cost effective to use software solutions to encrypt existing laptops, or to upgrade to new laptops equipped with self-encrypting drives need to carefully consider the time involved and loss of performance when deploying software solutions. We came away very impressed with the SSDs. About Trusted Strategies Trusted Strategies is the premier advisory, consulting, and market intelligence firm focused solely on the information technology (IT) security industry. Offering a unique, business-oriented perspective, Trusted Strategies provides accurate, expert, and concise market research and consulting for setting strategy and building business. Trusted Strategies is privately held, and located in Pleasanton, Calif. Trusted Strategies LLC Pleasanton, CA (925) 461-1002 www.trustedstrategies.com Full Drive with Solid State Drives Page 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information