-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 05/28/2014 08:00 AM, [email protected] wrote: > Send tech-chat mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.linuxmoose.com/mailman/listinfo/tech-chat or, via > email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more > specific than "Re: Contents of tech-chat digest..." > > > Today's Topics: > > 1. data security ssd features you need, but aren't cheap (Ron > Frazier (TECHC)) > > > ---------------------------------------------------------------------- > > Message: 1 Date: Tue, 27 May 2014 19:38:03 -0400 From: "Ron > Frazier (TECHC)" <[email protected]> To: Tech Chat > List <[email protected]> Subject: [tech-chat] data security > ssd features you need, but aren't cheap Message-ID: > <[email protected]> > Content-Type: text/plain; charset=UTF-8 > > Hi all, > > (Also posting on DC404) > > I've been watching the SSD market evolve for a while, and wishing I > could buy one of decent size. I periodically study the market, > product, specs, and prices to see how things are going. > > Being an engineer who's paranoid about the security, longevity, and > reliability of my data storage; I believe that the devil is in the > details, and some of the details of SSD failure modes have always > bugged me. > > In my latest review of the state of affairs, I've noted that SSD > prices have dropped to very attractive ranges in the sub $ 0.50 / > GB range. But, I've also discovered that the really cheap drives > are missing some key features that I'd personally want to see in my > drives. These are things you have to pay extra for. For the mix > of features I'd like to see, I've come to realize that I'll have to > pay $ 1 - $ 2 / GB (in current market conditions). This either > means I wait and save up longer, or buy smaller, or both. I wanted > to share what I've found. > > While at least two of these features are security specific, in my > mind, they're almost all related to data security, in that, if your > drive doesn't reliably store your data for the time period that you > need it to, then your data is not very secure. > > Caveat 1, almost everything here is my opinion. I will talk about > some facts, design options, specs, etc. But, what you want to do > about those facts, what you think about whether one particular > design element is there or not, is up to you. Only you can say > what kind of risk factors or implications you think that has for > you. > > Caveat 2, this is not meant to be a rigorously documented white > paper. It's meant to be a synopsis of my observations after > reading a fair number of ads, articles, and data sheets. As far as > I know, everything I'm saying is true. > > Here are 23 important or critical features or specs that I would > want to see in my SSD, if not all of them, at least most of them. > The main point is that you just won't get most of these on a cheap > drive. And, you won't necessarily get them on an expensive drive. > You have to read the spec sheets and reviews to find out. Many of > these things are described in Wikipedia, should you be inclined to > look. > > Here's what's discussed below, is substantial detail: > > 01) Data Endurance Some folks say don't use more than 75% of a ssd for optimal performance > 02) Data Retention 03) SLC or MLC, not TLC flash cells 04) 5 Year > Warranty 05) Overprovisioning 06) TRIM Command Some say using TRIM with crypto weakenss it. > 07) Background Garbage Collection 08) Power Loss Protection 09) > SMART - Self-Monitoring, Analysis and Reporting Technology 10) Wear > Indicator, Life Remaining, Data Written 11) Exotic Diagnostic Data > 12) Wear Leveling 13) NCQ - Native Command Queuing 14) Full Drive > Encryption I have a Intel 180 GB running FreeBSD 10 setup with UFS and geli. The cpu is a intel atom not the fastest but I have noticed a bottleneck. aesni helps with the speed. Have not done any benchmarks but I run AES-XTS 256 for system and AES-XTS 128 for swap. I've switched to Arch on my home computers and have setup encrypted LLVM with dm-crypt. I like FreeBSD's system better if I had to pick. The trick here is having a unencrypted /boot and using a symlink. You might want to look at BTRFS also you can use a single btrfs partiton with subvolumes. Speaking about crypto alot of chatter about truecrypt today. http://truecrypt.sourceforge.net/? I don't have anything sensitive to protect. Just worried about a junkie borrowing mine without asking. > 15) Extra Robust ECC (Error Correction Code) 16) Compressible and > Uncompressible Performance 17) Secure Erase /dev/random or /dev/urandom with dd? > 18) Data Center Design 19) SATA 3 - 6 Gbps Interface 20) Data > Cloning Software (4K Sector Support) 21) Physical Size - 2.5" x > 7mm 22) 3.5" Mounting Adapter If you buy a desktop ssd "kit" they have adapters. > 23) Intel or Samsung Preferably I own a Intel and Samsung I'd pot more money on Intel pushing upstream drivers. I just looked at newegg and feel sick. I paid the price for my 180GB they are asking for a 1TB SSD now. Tosshiba bought OCZ after they went under, maybe they will come out with some cool new stuff. Don't know much about the other points. One of the resons I swtiched to Arch is the wiki. https://wiki.archlinux.org/index.php/disk_encryption PS. Ron are you still mining crypto coins? I have a 5gh/s running 24/7 it makes a couple pennies a day... :) > > Here are the details: > > 01) Data Endurance - This is the rated life of the flash memory > cells. How many writes can they handle without excessive > degradation? Sometimes, this data is hard to find. You want to > look for the TBW or Total Bytes Written spec. This tells you the > total amount of data you can write to the drive. There is also a > DWPD or Drive Writes Per Day spec. This tells you how many times > you can completely write the drive's capacity per day. Finally, > there is a GB / Day of data written spec. None of the per day > specs mean anything unless you know how many days are under > consideration. That number may or may not be the same as the > warranty. Consumer drives are typically rated for 20 - 30 GB of > writes per day for 3 to 5 years. Prosumer and entry level data > center drives are usually rated for 50 - 70 GB of writes per day. > Having your system cache on the SSD, using it as a scratch drive or > temp drive, or doing things like continuously rewriting video files > you're editing will use up the quota faster. > > So, how much data endurance is enough? Well, short of running some > detailed analytics software to track your data writing (reading is > not a problem), it's hard to say. As a consumer, and someone who > pushes pc components hard at times and likes to run them till they > drop, I'd rather err on the side of a prosumer type of device. One > option is to deploy SSD's which have built in analytics on a test > machine and see how fast the usage quota gets used. > > All SSD's have a data endurance spec. Some manufacturers and spec > sheets may make it hard to find. If you get a drive that is > dramatically too low, you may find your data at risk much sooner > than you thought. > > 02) Data Retention - This is a whole different animal. This spec > is VERY hard to find. It refers to the time that the drive will > retain your data with power off. When the drive is new, this can > be many years, even a decade. However, when the drive has reached > its write endurance limit, this number can drop to as little as 3 > months. You want this number to be as high as possible for as long > as possible. > > Tech report has been doing some data endurance testing and data > retention testing on several drives since August 2013. At this > point, they have stored 600 TB of data (which is about double most > drives' rated lifespan). The very popular Samsung 840 (which uses > TLC flash, see below) showed some data retention problems after 300 > TB of storage and after being left powered down for only a week. > The Samsung also showed over 2000 reallocated sectors after 600 TB > of storage. For these reasons, I would not buy that drive. > > See this article: > > http://techreport.com/review/26058/the-ssd-endurance-experiment-data-retention-after-600tb > > One thing this means to me is that I would not want to use an SSD > as an archival backup that might sit on the shelf for months or > years. > > 03) SLC or MLC, not TLC flash cells - Every cell of a flash memory > device is essentially a capacitor. An SLC (Single Level Cell) > device stores one voltage in the capacitor which can represent one > binary bit. An MLC (Multi Level Cell) device stores 4 voltages (or > possibly 3 plus zero) which can represent two binary bits. A TLC > (Triple Level Cell, a bit of a misnomer) device stores 8 voltages, > which can represent three binary bits. So, theoretically, with > TLC, you can store triple the data in the same space on the silicon > chip (more or less). As such, you can make bigger drives much > cheaper, hence the appeal. The drives that Tech Report is testing > are all MLC except for the Samsung 840 (which is not the same as > the 840 Pro). The 840 uses TLC, although Samsung tries to avoid > using that verbiage. In the test, the 840 was the only one > documented to have retention problems and had FAR more reallocated > sectors than the other drives. This is why I say to avoid TLC. > SLC is the most reliable technology, but the prices for those > really are sky high. MLC represents a good compromise between > reliability and price. > > 04) 5 Year Warranty - Almost every drive you'll find on retail > store shelves, and many at online sellers, will have a 2 - 3 year > warranty. If you search at higher price levels, around $ 1 / GB, > you'll start to find drives with 5 year warranties. This is my > preference. If I'm going to go to the trouble to move all my stuff > to an SSD, or especially if I have to go to the trouble of > splitting things among two drives, or reinstalling the OS; then I > don't want to mess with it too often. So, I'd go for the longer > warranty. However, warranties are not simple. They're often tied > to the data endurance rating, and the warranty will expire sooner > timewise if you exceed the stated quota. Sometimes, warranties > include tech support for the warranty period. Sometimes, they > don't. > > 05) Overprovisioning - The drive makers often include extra space > in the flash memory, compared to the rating of the drive. So, it > may actually have 128 GB of flash, but the rated capacity may be > 120 GB. So, they've actually reserved 6 - 7% for spare space. > This is a good thing. The drive uses this space for managing it's > wear leveling activities, garbage collection, trimming unused > sectors, and other housekeeping things. One very important thing > it uses this for is to provide spare sectors to put into usage when > it reallocates one that's not reading or writing properly. So, in > the case of the Samsung 840 I mentioned above that had 2000+ > reallocated sectors, assuming the drive has that much or more > overprovisioned area, then the usable capacity of the drive will > not have been decreased. Having to USE that many spare sectors > still makes me nervous. Even if you can buy a drive without > overprovisioning, or even if you an configure it to eliminate > overprovisioning, I woul dn't do that. If you're looking at a > drive that has a capacity that's an even multiple of 2, such as 128 > GB or 256 GB, as opposed to 120 GB or 240 GB, I would question to > see if it is overprovisioned. > > 06) TRIM Command - This is a fairly common but not universal (as > far as I know) feature that you definitely want. If both the OS > and the drive are TRIM compatible, then the OS can tell the drive > what sectors are no longer needed. Flash memory has to be erased > in large chunks before it can be reused. By allowing the OS to > tell the drive what chunks are not needed, it can do this erasure > in the background so that, when a write is required, it will have > erased flash cells ready and waiting. This means write performance > is improved, particularly if the drive is fairly full. > > 07) Background Garbage Collection - This allows the drive to > recover unneeded sectors and prepare them for reuse in the > background while the drive is doing other things. Background > Garbage Collection and TRIM interact, but are not the same. You > may have TRIM, but not Background Garbage Collection, for example. > TRIM helps the garbage collector know what to zone in on, but the > drive with garbage collection may be able to do more on its own > even when it's not getting TRIM requests from the OS. > > 08) Power Loss Protection - This is a very important feature. It > is rare on most low end drives. SSD's have ram (volatile) caches > just like HDD's. Sometimes, writes are queued up in the ram prior > to being written to flash. If the power fails abruptly, those > pending writes can be lost, which can corrupt files and data. > Power Loss Protection provides capacitors on the power bus in the > drive. This maintains the drive long enough to clear the write > cache and commit all pending writes to flash in the event of a > power failure. > > 09) SMART - Self-Monitoring, Analysis and Reporting Technology - > Most hard drives have SMART, and most SSD's do too, but not > necessarily all. This subsystem allows the computer to monitor > various aspects of the health and status of the drive. Reallocated > sectors is one thing typically monitored by the SMART system, along > with many other parameters. You definitely want your SSD to have > SMART. > > 10) Wear Indicator, Life Remaining, Data Written - Most of these > attributes are passed through the SMART system, although some > drives use proprietary software to monitor this. This, > essentially, tells you in various ways how much of the drive's > endurance rating you've used up and how much drive life is left. A > very desirable feature. > > 11) Exotic Diagnostic Data - (That's my term for it.) Some drives > can monitor and report more exotic and less frequently used, but > still useful, data. This might include write amplification > statistics, wear leveling statistics, compression statistics, and > temperature, etc. This data can be valuable to more advanced users > or enterprise users. > > 12) Wear Leveling - Pretty much all flash storage systems have > this. It distributes the writes to the drive fairly evenly amongst > all available memory cells. This prevents any one cell or group of > cells from wearing out substantially before the others. There are > variations in the way this is accomplished, and some manufacturers > rave on about how their way is better. > > 13) NCQ - Native Command Queuing - (I'll just copy from Wikipedia > here.) "NCQ is also used in newer solid-state drives where the > drive encounters latency on the host, rather than the other way > around. For example, Intel's X25-E Extreme solid-state drive uses > NCQ to ensure that the drive has commands to process while the host > system is busy processing CPU tasks. NCQ also enables the SSD > controller to complete commands concurrently (or partly > concurrently, for example using pipelines) where the internal > organisation of the device enables such processing." > > Bottom line, it improves performance, which is always good. > > 14) Full Drive Encryption - This feature automatically encrypts all > data written to the drive, and decrypts it on the fly when needed. > This is generally 128 bit or 256 bit AES encryption. This is > similar to what you can do with something like TrueCrypt, but is > faster and more seamless. If the drive or PC is stolen, and the > password or passphrase or other key is not known to the attacker, > the drive just looks like gibberish. I don't know, and have not > explored, how this is accessed by the user. I'm assuming you need > a compatible bios and that it pops up during boot and asks for a > password. I also don't know if there are some computers that > cannot use an encrypted drive. > > 15) Extra Robust ECC (Error Correction Code) - All storage drives > include error correction codes in the data stream to compensate for > one or multiple single bit errors in a row due to flaky storage > media. Sometimes they can correct for more continuous errors, > sometimes less. Some manufacturers like to rave on about their > more extensive error correction in certain product lines. > > 16) Compressible and Uncompressible Performance - Almost all, if > not all, SSD's compress data for storage to allow a given amount of > flash cells to do more and thus reduce the cost of the drive. > That's great if your data is compressible, like a text file. > However, it's not so great if the data is not compressible, like > executables, or already compressed data. Sometimes, the > performance of the drive will greatly decrease when fed > incompressible data. You want a drive that maintains good > performance regardless. > > 17) Secure Erase - This feature allows you to completely and > securely erase the SSD in preparation for new usage, > decommissioning, or sale, etc. This is better than running > something like DBAN on it for two reasons. First, it's probably > much faster. Second, if the drive has reallocated sectors, you > won't be able to access them from the normal api and interface. > This function SHOULD include those sectors which are no longer > accessible to the user. While I know that secure erase has been in > the ATA spec for some time, I don't know if all SSD's support this. > You would want to verify it if it's important to you. > > 18) Data Center Design - This is a sort of nebulous thing that some > manufacturers and some reviewers rave on about with some products. > An example would be the Intel 730 series of SSD's. While this > doesn't have a specific meaning, it probably means the drive has > more of the features I've been discussing. It also probably means > the drive is more expensive. > > 19) SATA 3 - 6 Gbps Interface - This is an almost universal feature > on SSD's. The simple reason is that if you make the drive with a > SATA 2 - 3 Gbps Interface, you won't get anywhere near its maximum > performance. So, when you read data transfer specs in the 550 MBps > range, then you're getting close to saturating the SATA 3 bus. > That's one reason the max data transfer speed on most drives is > similar. If you put a SATA 3 drive into a SATA 2 or USB 2 > enclosure, you'll severely cripple it. > > 20) Data Cloning Software (4K Sector Support) - You're going to > have to get your data from your old drive to your new one somehow, > probably including the OS, the registry (for Windows), user files, > etc. Many SSD packages include or include a link to download Data > Cloning Software, such as Acronis. This is a handy feature. You > must use newer software which fully supports drives with 4K > sectors. If you use older software which only supports 512 byte > sectors, and your partitions are misaligned, your performance could > suffer dramatically. I know this applies to newer hard drives and > believe it applies to SSD's. There is some debate about it, and I > couldn't prove it while writing this. I'm assuming SSD's > partitions have to be aligned on 4K boundaries. > > 21) Physical Size - 2.5" x 7mm - This is obviously not mandatory > for some applications. However, this size of SSD is the most > versatile and universal. This form factor allows the drive to fit > in almost anything that will accept a SATA drive. This includes > almost all notebook / laptop computers. Some won't take a 9mm > thickness. Very very small devices might need an mSATA drive or > memory card. As far as I know, most memory cards don't include > most of these features I've discussed. > > 22) 3.5" Mounting Adapter - Many drives include this, and it's a > handy addition to allow mounting in desktop drive bays. Some > desktop cases include drive cages which automatically adapt to > either a 2.5" or 3.5" drive. I've seen some youtube pc building > videos where someone just velcros the drive to the computer case. > Since it's not mechanical, I guess that could be an option, > although it might create static, which would be bad. > > 23) Intel or Samsung Preferably - Finally, while I would consider > any major brand name of drive, I've found overwhelmingly in my > reading that Intel and Samsung drives are supposed to be the most > reliable. So, I would have a potential preference for one of > those, if my other criteria were met. > > I hope you find this info helpful. I know I'm going to be > revisiting this list when I finish saving enough money to buy an > SSD. Unfortunately, I also know I won't be buying the cheapest > thing in town. > > Sincerely, > > Ron > > > > -- > > Sent from my Android Acer A500 tablet with bluetooth keyboard and > K-9 Mail. Please excuse my potential brevity if I'm typing on the > touch screen. > > (PS - If you email me and don't get a quick response, you might > want to call on the phone. I get about 300 emails per day from > alternate energy mailing lists and such. I don't always see new > email messages very quickly.) > > Ron Frazier 770-205-9422 (O) Leave a message. linuxdude AT > techstarship.com > > > > ------------------------------ > > _______________________________________________ tech-chat mailing > list [email protected] > http://lists.linuxmoose.com/mailman/listinfo/tech-chat > > > End of tech-chat Digest, Vol 7, Issue 5 > *************************************** > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJThl3MAAoJEO3lEi5rdGxQ4zgH/26TyztCbkZt3S4Zk4urAD5s PRGLadIpRE3ZD05SoNAnqDxtfznD8dUb0v1ZkKFwo2+Im+PLfiR8cyvREjr7mx16 r7fd7f2CS3aBOWTBNadpwE5KjtgwVgovXq21oMgnzTOnVEM+pB2U2IXyXn5U/VZF IzguQqC8NHuyDDMUYItEVLd8GlhfSIS2W/cqinerbPUX0/wMGUW4lEYRTjXZKXqn XLm1PR168RU9rV8yWgBp/esXY6hfjX73DY1tZz+OCO1pJBYmmEdDRFkOAYL14ho/ BGl0Tyj+PVT3Z2DjaFmjUpX5xDl7zXw8ZSokaXzEuiNP6XLUFgtzRSwn+nfZZxk= =41Mx -----END PGP SIGNATURE----- _______________________________________________ tech-chat mailing list [email protected] http://lists.linuxmoose.com/mailman/listinfo/tech-chat
