Synology DS1812+ 8-bay SMB / SOHO NAS Review

Encryption Support Evaluation

Consumers looking for encryption capabilities can opt to encrypt a iSCSI share with TrueCrypt or some in-built encryption mechanism in the client OS. However, if requirements dictate that the data must be shared across multiple users / computers, relying on encryption in the NAS is the best way to move forward. Most NAS vendors use the industry-standard 256-bit AES encryption algorithm. One approach is to encrypt only a particular shared folder while the other approach is to encrypt the full volume. Some NAS vendors have support for both approaches in their firmware, but Synology only opts for the former. Details of Synology's encryption key management mechanism and other caveats are available here.

On the hardware side, encryption support can be in the form of specialized hardware blocks in the SoC (common in ARM / PowerPC based NAS units). In x86-based systems, encryption support is dependent on whether the AES-NI instruction is available on the host CPU (not considering units based on the Intel Berryville platform). Unfortunately, the Atom D2700 used in the Synology DS1812+ doesn't support AES-NI. Encryption is done in software and we can expect the impact to be pretty brutal.

We enabled encryption on a CIFS share and repeated our Intel NASPT / robocopy benchmarks on it. The results are presented in the graph below (with the unencrypted volume numbers for comparison purposes).

As expeced, enabling encryption carries a major performance hit. Depending on the type of workload, the penalty varies between 17% and 76%. Berryville-based platforms (with a hardware encryption engine) should improve this aspect, but NAS units based on that are restricted to a maximum of four bays. Unless we get a platform refresh for this market segment (or NAS vendors opt to go in for a AES-NI enabled Core-series part), it looks like performance with encryption enabled will leave consumers unsatisfied.