Back in May SanDisk announced the X300s, which is the company's first SED (Self-Encrypting Drive). The X300s is based on the same Marvell platform as SanDisk's client drives but with the differentiation that the X300s is the only drive that supports encryption via TCG Opal and IEEE-1667 (eDrive) standards. Due to the encryption support the X300s is positioned as a business product since the main markets for encrypted drives are corporations and governments, which handle sensitive and confidential data on a daily basis.

In our Intel SSD 2500 Pro review I talked about the cost of a lost corporate laptop in more detail, but in short a lost unencrypted corporate laptop costs an average of $50,000 to the company through the loss of IP and data breaches. (Obviously not every lost laptop will cost that much -- some might not cost anything more than the hardware, but others could be far more valuable.) Encryption is the easiest way to minimize the loss because without access to the data in the laptop, the only loss is the physical laptop and the possible work hours as a result, but frankly that cost is only in the order of a couple of thousand dollars, whereas the loss of IP could result in millions of dollars in damage.

To provide the ease of encryption to everyone, SanDisk is including a license for Wave's EMBASSY Security Center with every X300s. While Windows 8 provides native support for hardware encryption through eDrive, most corporations are still using Windows 7 and that only provides software based BitLocker encryption. Moreover, eDrive has a rather strict set of hardware and software requirements, which can be a dealbreaker if dealing with older hardware with no UEFI and/or TPM support. In addition to Wave, the X300s has been certified by McAfee, WinMagic, Check Point, Softex, and Absolute for Opal encryption in case you or your company already has security software.

SanDisk X300s Specifications
Capacity 64GB 128GB 256GB 512GB 1TB
Form Factor 2.5" 7mm & M.2 2280
Controller Marvell 88SS9188 Marvell 88SS9187
NAND SanDisk 2nd Gen 64Gbit 19nm MLC
Sequential Read 510MB/s 510MB/s 520MB/s 520MB/s 520MB/s
Sequential Write 140MB/s 300MB/s 460MB/s 460MB/s 480MB/s
4KB Random Read 71K IOPS 85K IOPS 90K IOPS 92K IOPS 94K IOPS
4KB Random Write 37K IOPS 66K IOPS 80K IOPS 80K IOPS 82K IOPS
Idle Power (Slumber/DEVSLP) 90mW / 5.0mW 90mW / 5.0mW 90mW / 5.0mW 90mW / 6.0mW 95mW / 6.0mW
Max Power (Read/Write) 2.9W /
2.6W
2.9W /
3.6W
3.0W /
4.9W
3.1W /
5.0W
3.1W / 5.0W
Endurance 40TB (21GB/day for 5 years) 80TB (43GB/day for 5 years)
Encryption TCG Opal 2.0 & IEEE-1667

The X300s is available in both 2.5" and M.2 2280 form factors. The 2.5" version comes in up to 1TB capacity and uses two different controllers depending on the capacity. 256GB and lower use the 4-channel Marvell 9188 (codename Monet Lite), whereas the 512GB and 1TB models use the full 8-channel Marvell 9187 controller (whose codename is surprisingly just Monet). The M.2 2280 is limited to 512GB due to form factor limitations and uses the Monet Lite controller for all capacities.

The PCB in the X300s is single-sided and features a total of eight NAND packages. It is quite impossible to see the markings on the chips from this angle due to the residue from the thermals pads, so here is a closer shot of the NAND with light coming from a better angle.

Unfortunately SanDisk's part numbers do not tell much and there is no public part number decoder available, but SanDisk told me that the X300s uses 64Gbit 1Ynm (i.e. second generation 19nm) parts, meaning that our 512GB sample features eight octal-die NAND packages.

Test Systems

For AnandTech Storage Benches, performance consistency, random and sequential performance, performance vs transfer size and load power consumption we use the following system:

CPU Intel Core i5-2500K running at 3.3GHz (Turbo & EIST enabled)
Motherboard AsRock Z68 Pro3
Chipset Intel Z68
Chipset Drivers Intel 9.1.1.1015 + Intel RST 10.2
Memory G.Skill RipjawsX DDR3-1600 4 x 8GB (9-9-9-24)
Video Card Palit GeForce GTX 770 JetStream 2GB GDDR5 (1150MHz core clock; 3505MHz GDDR5 effective)
Video Drivers NVIDIA GeForce 332.21 WHQL
Desktop Resolution 1920 x 1080
OS Windows 7 x64

Thanks to G.Skill for the RipjawsX 32GB DDR3 DRAM kit

For Wave EMBASSY Security Center and slumber power testing we used a different system:

CPU Intel Core i7-4770K running at 3.3GHz (Turbo & EIST enabled, C-states disabled)
Motherboard ASUS Z87 Deluxe (BIOS 1707)
Chipset Intel Z87
Chipset Drivers Intel 9.4.0.1026 + Intel RST 12.9
Memory Corsair Vengeance DDR3-1866 2x8GB (9-10-9-27 2T)
Graphics Intel HD Graphics 4600
Graphics Drivers 15.33.8.64.3345
Desktop Resolution 1920 x 1080
OS Windows 7 x64
How SEDs Work and Testing Wave's EMBASSY Security Center
POST A COMMENT

34 Comments

View All Comments

  • Kristian Vättö - Friday, August 22, 2014 - link

    That is not true. Windows 7 is still the dominant OS in the enterprise space with Windows 8 only having a marginal share:

    http://www.sysaid.com/company/press/382-global-win...

    Yes, that is one-year-old data but it shows that enterprises are not very keen on W8 and are adopting it very slowly. That in turn leaves a huge market for solutions like Wave ECS since the BitLocker in Windows 7 does not support Opal.

    Besides, eDrive/BitLocker is the same for every drive. I don't see the need to revisit it with this drive because the process is not any different.
    Reply
  • cbf - Friday, August 22, 2014 - link

    Well, that market share article is from June 2013.

    While, I don't think Windows 8.1 is taking the market by storm, I think it is creeping in. I've deployed it due to things like improved startup/hibernation, BitLocker improvements, etc. The start menu just isn't that big a deal for my users.

    In any event, it looks like we'll see Win 9 in the next six months, which I predict enterprises will deploy as fast as they've ever deployed any new Windows OS, so that should settle the issue.
    Reply
  • jabber - Saturday, August 23, 2014 - link

    Maybe not.

    Windows 9 is too soon. A lot of corps are only two years into their OS refresh, they aren't going to change till maybe 2017 at the earliest and then 10 is round the corner. A lot haven't moved to 7 till this year so they are going to hang around till 2020. Windows 10 will be the one that fits the schedule better.

    9 will bomb probably. Plus anyone knows that 9 is purely a rushed damage limitation excercise.
    Reply
  • devione - Thursday, August 21, 2014 - link

    Hi Kristian,

    Really appreciate your efforts. However would it be possible to see future reviews involving Enterprise-grade SSDs? Thanks for your time.
    Reply
  • Kristian Vättö - Friday, August 22, 2014 - link

    Yeah, we have something in the works :) Reply
  • jay401 - Friday, August 22, 2014 - link

    By the way, the Samsung 840 Evo in 256GB and 512GB sizes just dropped $20 and $50 in price on Amazon. $119 and $199 respectively, though the 500GB did just bump back up slightly to $212. Reply
  • 7amood - Friday, August 22, 2014 - link

    I appreciate the SEDs but I think these aren't open source and can't be audited like TC which is being audited right now. How to know for sure that the SED encryption is secure and doesn't have backdoor code for the spying? Reply
  • fk- - Saturday, August 23, 2014 - link

    I'm still a bit confused about one thing - with all that security software listed in the table, what are the motherboard requirements to use the encryption on this drive? Do I still need a motherboard capable of setting ATA password if I want to password-protect the data on the drive?

    Or, to put it straight, is there any [software] way to use the option to password-protect the drive (and being prompted to enter the password on startup) on an older motherboard without UEFI, without ATA password capabilities and without Opal certification?
    Reply
  • Kristian Vättö - Sunday, August 24, 2014 - link

    Wave's ECS should do that as long as the drive is Opal certified. I tested without UEFI and it worked fine, and ATA password is just a BIOS feature whereas Opal is independent from the rest of the system (i.e. should work with any motherboard or system). Reply
  • mike8675309 - Sunday, August 24, 2014 - link

    I assume that when you use the took to secure erase that when you enter the PSID that the drive is no deactivating the encryption, and then secure erasing the drive. Using that tool and that process must do something more complex so that avoids creating an attack vector. Reply

Log in

Don't have an account? Sign up now