Synology DS1812+ 8-bay SMB / SOHO NAS Review
by Ganesh T S on June 13, 2013 4:00 PM EST- Posted in
- NAS
- Storage
- Synology
- Enterprise
Encryption Support Evaluation
Consumers looking for encryption capabilities can opt to encrypt a iSCSI share with TrueCrypt or some in-built encryption mechanism in the client OS. However, if requirements dictate that the data must be shared across multiple users / computers, relying on encryption in the NAS is the best way to move forward. Most NAS vendors use the industry-standard 256-bit AES encryption algorithm. One approach is to encrypt only a particular shared folder while the other approach is to encrypt the full volume. Some NAS vendors have support for both approaches in their firmware, but Synology only opts for the former. Details of Synology's encryption key management mechanism and other caveats are available here.
On the hardware side, encryption support can be in the form of specialized hardware blocks in the SoC (common in ARM / PowerPC based NAS units). In x86-based systems, encryption support is dependent on whether the AES-NI instruction is available on the host CPU (not considering units based on the Intel Berryville platform). Unfortunately, the Atom D2700 used in the Synology DS1812+ doesn't support AES-NI. Encryption is done in software and we can expect the impact to be pretty brutal.
We enabled encryption on a CIFS share and repeated our Intel NASPT / robocopy benchmarks on it. The results are presented in the graph below (with the unencrypted volume numbers for comparison purposes).
As expeced, enabling encryption carries a major performance hit. Depending on the type of workload, the penalty varies between 17% and 76%. Berryville-based platforms (with a hardware encryption engine) should improve this aspect, but NAS units based on that are restricted to a maximum of four bays. Unless we get a platform refresh for this market segment (or NAS vendors opt to go in for a AES-NI enabled Core-series part), it looks like performance with encryption enabled will leave consumers unsatisfied.
Facebook
Twitter
RSS
93 Comments
View All Comments
SirGCal - Friday, June 14, 2013 - link
Ohh, and you could do it with ZFS, I just like RAID and am more familiar with it over ZFSSirGCal - Friday, June 14, 2013 - link
Or you're talking ZFS compression over RAID? I was thinking about something completely different... haven't slept in 36 hours... Twins teething... fun... sorry. But that should work fine on any of these RAID cards.Peroxyde - Friday, June 14, 2013 - link
@SirGCal Thank you for all the info you gave. Coincidentally, I have decided to go with the Fractal Define R4 for silence, exactly as you stated. Regarding ZFS, I think this article might be of your interest, in particular the section "What ZFS Gives You that Controllers Can't"http://constantin.glez.de/blog/2010/01/home-server...
SirGCal - Friday, June 14, 2013 - link
I have two of those cases myself. Three in the office. It's so quiet. Love it. Mine has windows too. Still very silent and cool with 8 drives running 24'7 (add more fans).As for the RAID-Z, they only compare it in that article to RAID5. while I agree in that case sure it's better. Much is. They don't compare it to RAID 6 where I think it's performance and failover won't keep up. But this particular method I'm not familiar with so I'd have to play with it to know for sure to run comparisons. I am not a RAID 5 fan at all since arrays have grown beyond the 4 TB range overall size to be honest. In those cases, this would likely be my choice.
JDG1980 - Friday, June 14, 2013 - link
The appropriate comparison would be RAID-Z vs RAID-5, and RAID-Z2 vs RAID-6. In each case, ZFS wins if you're dedicating the same amount of space to parity data.SirGCal - Sunday, June 16, 2013 - link
I'll check out RAID-Z2. My only immediate pause would be moving it to another RAID card from a card failure... That is something worth considering if you run a large array. But other then that. When I get ready to build this next array, if possible I will run some tests.danbi - Monday, June 17, 2013 - link
You could also look at raidz3 which is triple parity.ZFS works file for small number of disks, but it really shines with larger numbers. Avoid "RAID controllers" as much as possible -- "simple" HBA is way better choice -- performance wise.
Hakker9nl - Friday, June 14, 2013 - link
god glad I made a ZFS server. This thing is expensive, slow and more power hungry than my system.For reference I built mine for a third of the prices. Reach internally 300 MB+ speeds externally limited to the 1 Gbit port and uses 60 watt when resilvering.
SirGCal - Friday, June 14, 2013 - link
EXACTLY my point above. Thanks for help me illustrate it. I tend to be long winded trying to explain things completely...t-rexky - Friday, June 14, 2013 - link
A word of caution for Mac users. I researched a NAS "to death" before purchasing the DS1512+ about six months ago. I have a large number of computer systems including vintage Unix based machines, OS X, Linux and Windows. SAMBA and NFS appear to work reasonably well with the Synology DSM, but there is a fundamental issue with AFP support that remains uncorrected in the latest DSM 4.2 build - the support for Unix style file permissions is broken and DSM overrides the OS X permissions with default values.Synology did improve the behaviour in DSM 4.2 and at least the execute bit can now be correctly set on the remote mounts, but the read and write permissions still do not work. I was extremely disappointed to find such a fundamental issue with a system that is advertised as fully OS X compatible and also widely recommended for Mac users.
For anyone interested in more details, here is the full story: http://forum.synology.com/enu/viewtopic.php?f=64&a...