NVMe and Self-Encrypting Drives – The Perfect Match

NVMe technology had a big presence at the Intel Developer Forum (IDF), held in San Francisco of September this year. There were products and demonstrations from about a dozen leading vendors including Intel and Micron. I also attended quite a few sessions, but the one on NVMe was the only one that was overflowing with people.

The NVM Express specification defines an optimized register interface; command set and feature set for PCI Express (PCIe®)-based Solid-State Drives (SSDs). The goal of NVM Express is to unlock the potential of PCIe SSDs now and in the future, and standardize the PCIe SSD interface.

From a client platform (e.g. PCs, notebooks, etc.) perspective, people buy SSDs for the performance boost it can give their systems. There are other advantages too, but performance is often the main motivator. It is most common for today’s SSDs to attach to the PC via the SATA (Serial ATA) bus. SATA was just fine for the older and slower spinning magnetic drives but has become the performance bottle neck when connecting today’s supper fast SSDs. That is where NVMe comes in to remove this bottle neck in a standard way.

Below are a few takeaways from Amber Huffman’s – Senior Principal Engineer, Intel Corporation “NVM Express*: “Going Mainstream and What’s Next

Presentation on the benefits of NVMe at IDF:

  • Lower latency
  • Performance (4 or more times faster than SATA SSD’s depending on what is measured.)
  • Less CPU cycles per IO
  • Less power consumed per IO (very important for mobile devices that run off batteries)
  • Support for “Security protocols: Trusted Computing Group Opal”.

 

It is that last point that I want to stress. If you have a security or compliance requirement for full disk encryption (FDE) then you are going to want your new NVMe SDD to be a SED (Self-Encrypting Drive). The alternative, software FDE, doesn’t impact performance much at all on the slower SATA connected mechanical hard drives because the CPU can keep up.   However, with SATA SSDs there is a noticeable impact on performance with software encryption even when the CPU’s advanced crypto instructions (AES-NI) are utilized. Now with NVMe, the SATA bottle neck for SSDs is eliminated so the relative performance hit of software encryption on NVMe drives is going to be even greater than on SATA SSDs. That is why I am happy to see that the Trusted Computing Group (TCG) has been on top of this technology for some time now, first adding NVM Express support to the TCG Storage Interface Interactions Specification (SIIS) almost 3 years ago.

 

If the prediction comes true, NVM Express will have more than 70% of the client SSD market by 2018. While this may seem optimistic, given the advantages of the technology and the focus the industry is applying, it just might happen. Meanwhile, we are doing our part to ensure they are SEDs and will be enterprise manageable by SecureDoc.

Previous Post
Safeguarding Transactions
Next Post
Risks Long After Breach