Synology DS1812+ 8-bay SMB / SOHO NAS Review
by Ganesh T S on June 13, 2013 4:00 PM EST- Posted in
- NAS
- Storage
- Synology
- Enterprise
Encryption Support Evaluation
Consumers looking for encryption capabilities can opt to encrypt a iSCSI share with TrueCrypt or some in-built encryption mechanism in the client OS. However, if requirements dictate that the data must be shared across multiple users / computers, relying on encryption in the NAS is the best way to move forward. Most NAS vendors use the industry-standard 256-bit AES encryption algorithm. One approach is to encrypt only a particular shared folder while the other approach is to encrypt the full volume. Some NAS vendors have support for both approaches in their firmware, but Synology only opts for the former. Details of Synology's encryption key management mechanism and other caveats are available here.
On the hardware side, encryption support can be in the form of specialized hardware blocks in the SoC (common in ARM / PowerPC based NAS units). In x86-based systems, encryption support is dependent on whether the AES-NI instruction is available on the host CPU (not considering units based on the Intel Berryville platform). Unfortunately, the Atom D2700 used in the Synology DS1812+ doesn't support AES-NI. Encryption is done in software and we can expect the impact to be pretty brutal.
We enabled encryption on a CIFS share and repeated our Intel NASPT / robocopy benchmarks on it. The results are presented in the graph below (with the unencrypted volume numbers for comparison purposes).
As expeced, enabling encryption carries a major performance hit. Depending on the type of workload, the penalty varies between 17% and 76%. Berryville-based platforms (with a hardware encryption engine) should improve this aspect, but NAS units based on that are restricted to a maximum of four bays. Unless we get a platform refresh for this market segment (or NAS vendors opt to go in for a AES-NI enabled Core-series part), it looks like performance with encryption enabled will leave consumers unsatisfied.
Facebook
Twitter
RSS
93 Comments
View All Comments
MadMan007 - Thursday, June 13, 2013 - link
AES-NI support would be a great addition for a real SMB NAS...even SMB's should be concerned with security. What are the chances NAS manufacturers will come out with devices based on AMD Kabini? AMD does a lot less feature segmentation in their chips and Kabini has AES-NI so it seems like a better solution until Intel matches that with Atoms (low TDP Haswells will be too expensive.)JDG1980 - Thursday, June 13, 2013 - link
The two features I look for in off-the-shelf NASes are ECC RAM, and the ZFS file system. Unfortunately, it seems that none so far have saw fit to include them.pwr4wrd - Friday, June 14, 2013 - link
I completely agree with you, Even for home/SOHO use, what good is a NAS unit if you dont have data integrity.Samus - Saturday, June 15, 2013 - link
This will change with the Atom family supporting ECC. I don't know of any real advantages ZFS has over ext4 for home/soho.phoenix_rizzen - Monday, June 17, 2013 - link
Instantaneous near-unlimited number of snapshots, end-to-end checksums, integrated raid features without requiring RAID controllers, integrated volume management, storage pooling, etc, etc, etc.Once you get beyond 1 harddrive, using anything other than ZFS (or other pooled storage system) is heavenly. There's just no comparison to ext*+LVM.
Jeff7181 - Thursday, June 13, 2013 - link
I wonder how multi-user performance would scale if it had a 10 Gbps uplink to a 1 Gbps access switch. Maybe I'm out of touch with arrays of this size, but those numbers seem low for an 8-disk array. Maybe it has to do with the Atom CPU? Maybe the RAID controller has no cache? Honestly I'd be highly disappointed if I spent $1000 on the chassis and another $1000-2000 on hard drives and could barely reach 1 Gbps under the best circumstances.DigitalFreak - Thursday, June 13, 2013 - link
There is no RAID controller. The SATA ports are either off of the Intel embedded ports, or more likely off of a 3rd party controller.SirGCal - Thursday, June 13, 2013 - link
Try again, They used 8x WD4000FYYZ, They run $410 each... If you get a deal on them. Upwards of $500 if you go to a brick and mortar store... at 400 each, that's $3200 just for the drives for their enterprise class drives for this test. Most people aren't going to use them.Gigaplex - Thursday, June 13, 2013 - link
That just backs up their point even more. Spending $1k-2k instead isn't likely to get you faster drives.SirGCal - Friday, June 14, 2013 - link
No, you missed my other point... The 8-drive RAID 5 is a failure waiting to happen, enterprise class or not. When a drive does fail, you'll have to repair it. During that 38+ hours... That is the MOST likely time (also when all the drives are old, warn, and getting their tails kicked in doing massively hard reads) that another one is going to fail... Then you lose the entire array and all of your data. That was the point I was trying to make.