NVMe and Self-Encrypting Drives – The Perfect Match

NVMe technology had a big presence at the Intel Developer Forum (IDF), held in San Francisco of September this year. There were products and demonstrations from about a dozen leading vendors including Intel and Micron. I also attended quite a few sessions, but the one on NVMe was the only one that was overflowing with people.

The NVM Express specification defines an optimized register interface; command set and feature set for PCI Express (PCIe®)-based Solid-State Drives (SSDs). The goal of NVM Express is to unlock the potential of PCIe SSDs now and in the future, and standardize the PCIe SSD interface.

From a client platform (e.g. PCs, notebooks, etc.) perspective, people buy SSDs for the performance boost it can give their systems. There are other advantages too, but performance is often the main motivator. It is most common for today’s SSDs to attach to the PC via the SATA (Serial ATA) bus. SATA was just fine for the older and slower spinning magnetic drives but has become the performance bottle neck when connecting today’s supper fast SSDs. That is where NVMe comes in to remove this bottle neck in a standard way.

Below are a few takeaways from Amber Huffman’s – Senior Principal Engineer, Intel Corporation “NVM Express*: “Going Mainstream and What’s Next

Presentation on the benefits of NVMe at IDF:

  • Lower latency
  • Performance (4 or more times faster than SATA SSD’s depending on what is measured.)
  • Less CPU cycles per IO
  • Less power consumed per IO (very important for mobile devices that run off batteries)
  • Support for “Security protocols: Trusted Computing Group Opal”.

 

It is that last point that I want to stress. If you have a security or compliance requirement for full disk encryption (FDE) then you are going to want your new NVMe SDD to be a SED (Self-Encrypting Drive). The alternative, software FDE, doesn’t impact performance much at all on the slower SATA connected mechanical hard drives because the CPU can keep up.   However, with SATA SSDs there is a noticeable impact on performance with software encryption even when the CPU’s advanced crypto instructions (AES-NI) are utilized. Now with NVMe, the SATA bottle neck for SSDs is eliminated so the relative performance hit of software encryption on NVMe drives is going to be even greater than on SATA SSDs. That is why I am happy to see that the Trusted Computing Group (TCG) has been on top of this technology for some time now, first adding NVM Express support to the TCG Storage Interface Interactions Specification (SIIS) almost 3 years ago.

 

If the prediction comes true, NVM Express will have more than 70% of the client SSD market by 2018. While this may seem optimistic, given the advantages of the technology and the focus the industry is applying, it just might happen. Meanwhile, we are doing our part to ensure they are SEDs and will be enterprise manageable by SecureDoc.

Previous Post
Safeguarding Transactions
Next Post
Risks Long After Breach

Related Posts

Encryption Alphabet Soup

Learning a multiplicity of acronyms is pretty much a requirement for navigating any discipline. Every field has its own set of acronyms and the sequence of 3 or 4 letters that usually make up the acronym most likely has a…

An offer you can’t refuse

This post is going to be a lot of shameless self-promotion for WinMagic but it’s something we think is important as it’s tied directly to the recent launch of SecureDoc 6.1. (more…)

WinMagic Certified Secure Validation

Today SanDisk announced their new SSD offering, the X300s – it’s their first drive to feature encryption capabilities. As part of this announcement, WinMagic also announced that SanDisk is the first drive partner we work with to complete the WinMagic…
Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu