The Intel SSD 320 Review: 25nm G3 is Finally Here
by Anand Lal Shimpi on March 28, 2011 11:08 AM EST- Posted in
- IT Computing
- Storage
- SSDs
- Intel
- Intel SSD 320
Spare Area and Redundant NAND
Intel's controller is a 10-channel architecture and thus drive capacities are still a little wonky compared to the competition. Thanks to 25nm NAND we now have some larger capacities to talk about: 300GB and 600GB.
Intel sent a 300GB version of the 320 for us to take a look at. Internally the drive has 20 physical NAND devices. Each NAND device is 16GB in size and features two 64Gbit 25nm 2-bit MLC NAND die. That works out to be 320GB of NAND for a drive whose rated capacity is 300GB. In Windows you'll see ~279GB of free space, which leaves 12.8% of the total NAND capacity as spare area.
Around half of that spare area is used to keep write amplification low and for wear leveling, both typical uses of spare area. The other half is for surplus NAND arrays, a RAID-like redundancy that Intel is introducing with the SSD 320.
As SandForce realized in the development of its controller, smaller geometry NAND is more prone to failure. We've seen this with the hefty reduction in rated program/erase cycles since the introduction of 50nm NAND. As a result, wear leveling algorithms are very important. With higher densities however comes the risk of huge amounts of data loss should there be a failure in a single NAND die. SandForce combats the problem by striping parity data across all of the NAND in the SSD array, allowing the recovery of up to a full NAND die should a failure take place. Intel's surplus NAND arrays work in a similar manner.
Instead of striping parity data across all NAND devices in the drive, Intel creates a RAID-4 style system. Parity bits for each write are generated and stored in the remaining half of the spare area in the SSD 320's NAND array. There's more than a full NAND die (~20GB on the 300GB drive) worth of parity data on the 320 so it can actually deal with a failure of more than a single 64Gbit (8GB) die.
Sequential Write Cap Gone, but no 6Gbps
The one thing that plagued Intel's X25-M was its limited sequential write performance. While we could make an exception for the G1, near the end of the G2's reign as most-recommended-drive the 100MB/s max sequential write speed started being a burden(especially as competing drives caught up and surpassed its random performance). The 320 fixes that by increasing rated sequential write speed to as high as 220MB/s.
You may remember that with the move to 25nm Intel also increased page size from 4KB to 8KB. On the 320, Intel gives credit to the 8KB page size as a big part of what helped it overcome its sequential write speed limitations. With twice as much data coming in per page read it's possible to have a fully page based mapping system and still increase sequential throughput.
Given that the controller hasn't changed since 2009, the 320 doesn't support 6Gbps SATA. We'll see this limitation manifest itself as a significantly reduced sequential read/write speed in the benchmark section later.
AES-128 Encryption
SandForce introduced full disk encryption starting in 2010 with its SF-1200/SF-1500 controllers. On SandForce drives all data written to NAND is stored in an encrypted form. This encryption only protects you if someone manages to desolder the NAND from your SSD and probes it directly. If you want your drive to remain for your eyes only you'll need to set an ATA password, which on PCs is forced by setting a BIOS password. Do this on a SandForce drive and try to move it to another machine and you'll be faced with an unreadable drive. Your data is already encrypted at line speed and it's only accessible via the ATA password you set.
Intel's SSD 320 enables a similar encryption engine. By default all writes the controller commits to NAND are encrypted using AES-128. The encryption process happens in realtime and doesn't pose a bottleneck to the SSD's performance.
The 320 ships with a 128-bit AES key from the factory, however a new key is randomly generated every time you secure erase the drive. To further secure the drive the BIOS/ATA password method I described above works as well.
A side effect of having all data encrypted on the NAND is that secure erases happen much quicker. You can secure erase a SF drive in under 3 seconds as the controller just throws away the encryption key and generates a new one. Intel's SSD 320 takes a bit longer but it's still very quick at roughly 30 seconds to complete a secure erase on a 300GB drive. Intel is likely also just deleting the encryption key and generating a new one. Without the encryption key, the data stored in the NAND array is meaningless.
The Test
| CPU |
Intel Core i7 965 running at 3.2GHz (Turbo & EIST Disabled) Intel Core i7 2600K running at 3.4GHz (Turbo & EIST Disabled) - for AT SB 2011, AS SSD & ATTO |
| Motherboard: |
Intel DX58SO (Intel X58) Intel H67 Motherboard |
| Chipset: |
Intel X58 + Marvell SATA 6Gbps PCIe Intel H67 |
| Chipset Drivers: |
Intel 9.1.1.1015 + Intel IMSM 8.9 Intel 9.1.1.1015 + Intel RST 10.2 |
| Memory: | Qimonda DDR3-1333 4 x 1GB (7-7-7-20) |
| Video Card: | eVGA GeForce GTX 285 |
| Video Drivers: | NVIDIA ForceWare 190.38 64-bit |
| Desktop Resolution: | 1920 x 1200 |
| OS: | Windows 7 x64 |
Facebook
Twitter
RSS
194 Comments
View All Comments
piquadrat - Monday, March 28, 2011 - link
But is it true that on most of todays mobos and their bioses you can't set ATA password with more than 8 characters? I've read about this in many places.Anand says that passwords used to encrypt Intel's ssd are generated automatically during each secure erase. So user can define ATA pass only during secure erasing the drive? Every change of ATA pass require secure erase?
I thought that ATA pass is defined in bios and changed in bios. It means outside operating system and any soft toolbox Intel provides.
There are so many places in the net and even commertial companies that offer unlocking ATA secured deviced. Mostly they use non-official unlocking codes (manufacturers implemented them in firmware!!!). Can we trust that no such codes for 320 series surfaced in the near future? To sum up: is this secure on the enterprise level?
Is there any independent secure certificate Intel can give us at the moment?
overzealot - Tuesday, March 29, 2011 - link
The user doesn't supply a key - the drive generates one itself.The data can be accessed by ANY computer if you're accessing it by SATA, the point is to secure the data on the NAND (pro hackers attach a controller to the memory chips and read it directly).
Using previous SSD's, you could format the drive and just read the data straight off the chips. On these drives, erased data is inaccessible this way.
If you want secure data, use TrueCrypt or Bitlocker.
piquadrat - Tuesday, March 29, 2011 - link
Truecrypt and bitlocker are not suitable for ssds as they contradict internal wear-leveling mechanisms and kill performance of compression based controllers (like all SandForces).To sum up all this AES thing in intel's 320 is no different then in SF based drives (like Vertex 2)?
If keys are internal and not linked to ATA password in bios, when someone steal my drive (bios not supporting ATA pass or ATA pass bypassed/hacked) he has full access to it. So tell me:
Why anybody would BOTHER with "attaching a controller to memory chips and read it directly"? WHAT FOR? He has full access to drive without all that hassle.
overzealot - Thursday, March 31, 2011 - link
I'm sorry I wasn't clear.When you format or delete data from an SSD without internal encryption, data is still accessible directly from the chips. This encryption is to stop that.
Also, the performance of Sandforce drives does not drop handling compressed data! It just can't compress it any more, so really it's still throwing the exact same amount of data around!
You would see an improvement in throughput on drives that don't natively compress, but from the data I've seen they'd still be slower than Sandforce.
piquadrat - Saturday, April 2, 2011 - link
Just like in conventional HDDs, you can always do secure erase even without internal AES. It only adds max 1-2 to the live counter of each cell. On the other end how often does typical user need that kind of maintenance.Yes, they are dropping in performance vs typical statistical compression ratio. They drop from 250 to around 100 MB/s in writes.
Encrypting ssd drive with truecrypt means that effectively wear leveling algorithms see the drive as fully loaded. Spare area is used much more intensively. The drive starts to have problems with trimming and Garbage Collector. Additional empty partition required.
To sum up for Vertex2 with truecrypt and intel NI AES supported processor: read: 140MB/s, write: 70MB/s. 4K reduced by 50-60%. These are facts.
MeanBruce - Monday, March 28, 2011 - link
Intel's plan was to give us a little bump in performance every two years just to keep us happy and keep us buying and maybe go to 6GB/s by 2015 after their sata 2 drives had showed a slow yet incremental speed increase just enough to apease the masses. They never saw SandForce coming! I thought Intel would simply pull more performance out of their hat to meet the challenge, I never thought the hat would be empty!Drag0nFire - Monday, March 28, 2011 - link
Dear Anand,Given the switch to a new generation of NAND, any comments on the expected longevity of these new drives? How long will one last in a normal usage scenario?
Thanks,
--Jonathan
Drag0nFire - Monday, March 28, 2011 - link
Also, would it be possible to report the physical dimensions of the drive? I believe I may need a 2.5in drive with a height of 7mm for my next laptop, but it is difficult to find information on the height of SSDs.Thanks!
y.a.k - Tuesday, March 29, 2011 - link
Intel drives come with a spacer that makes them 9.5mm high. Removing this makes them 7mm high.B3an - Monday, March 28, 2011 - link
This has been commented on other recent SSD articles.