The Synology DiskStation DS415+ is the first of a new breed of Network Attached Storage based upon a new generation of Intel Atom processors; this new generation of processors is intended to meet to the needs of today’s computing world, with processors for mobile devices, embedded desktops/tablets, network and communications infrastructure, and embedded server and storage applications. Synology designed the DS415+ to take advantage of this new Intel Atom processor for embedded server applications, which had one key advantage: hardware-accelerated encryption. Supporting encryption technology is necessary for today’s environment, for “Health Insurance Portability and Accountability Act” (HIPAA) environments, or storing Protected Health Information (PHI), or Personally Identifiable Information (PII), or conducting remote file syncing. This article will discuss the key advantages of this new platform, and how to apply for today’s business needs.
During the month of September 2014, the Synology DiskStation DS415+ was released; a new 4-bay high-end SOHO or SME NAS was released unto an eager market. This new DiskStation utilized a brand new Intel Atom Quad-Core platform, a platform that is specifically designed for Embedded Server Applications. The DS415+ is the first Synology product to utilize this new Intel Atom Quad-Core, and I imagine that this platform will become quite popular in the future.
As this platform is designed for embedded server applications for small businesses and small enterprises, it brings forth a strong foundation where future versions of the Synology DSM, and new software technologies can take advantage of this platform. Alternatively, additional services, versatility, or capabilities can be supported within a single DiskStation. An example of this is Surveillance Station, a 37% improvement in capability over the DS412+, supporting 480 FPS at 1080p resolution. It’s exciting to observe the computer processor industry – increasing processing power in a smaller and more energy efficient chip.
But I want to discuss one key advantage with this new platform: hardware-accelerated encryption.
What is hardware-accelerated encryption?
Hardware-accelerated encryption on Synology products is where there is an “application specific co-processor” used to aid the main processor to off-load the processing duties when accessing an Encrypted Shared Folder. This can be imagined as a Turbo-Charger being added to an Internal Combustion Engine. In this analogy, the turbo-charger helps the engine produce more horse-power; the hardware accelerator helps the main processor access encrypted shared folders faster resulting in improved office productivity.
The previous generation model, the DS412+, while it offered a lot of performance (akin to V6 Engine) when accessing non-encrypted folders, it didn’t feature hardware-accelerated encryption. The DS412+ typically achieves around 20-30 MB/Sec when accessing encrypted folders. It was an obvious dilemma for customers to that used the DS412+ as there was a choice to be made: either access data with high performance, or significantly degrade performance for strengthening data security. For security conscious customers, sacrificing performance for data security is the choice to be made.
Enter the DS415+, with its new platform, supporting hardware-accelerated encryption! Using the previous analogy, it’s now a V6 Engine with a turbo-charger. The benefits are immediate as the DS415+ effortlessly exceeds what the DS412+ can perform with encryption performance. With a single 1GbE link, the DS415+ performs at 82 MB/sec writing, 112 MB/Sec reading accessing encrypted folders. Double the network links and we see close to 206 MB/Sec writing and 232 MB/Sec reading of aggregate performance, all with encryption.
(Click to Enlarge)
The DS415+ brings hardware-accelerated encryption to a more affordable level, making this technology more accessible for today’s small businesses. At 232 MB/Sec accessing encrypted folders, this level of performance nearly saturates both of the 1GbE links on the DS415+, a level of performance that is more than enough for today’s business applications.
Hardware-accelerated encryption for HIPAA Environments
The need of network data storage is very much prevalent in the health industry. Within the United States – Protected Health Information (PHI) must be stored in accordance to Health Insurance Portability and Accountability Act (HIPAA), where this data can be secured, managed, and audited to ensure that data is not accessed from unauthorized users. The DS415+ with hardware-accelerated encryption greatly benefits those who want to deploy the DiskStation for HIPAA environments. Accessing encrypted medical imagery, such as MRIs, X-Rays, can now occur at near saturated performance of two 1GbE links. This technology can be applied to various dental, vision offices, small medical clinics, or even medical research labs.
One such case of medical research labs (who asked not be identified) was handling MRI images of the human body. Each scanned patient required at least 7GB of storage capacity to handle the raw, unprocessed data. Scanning many hundreds of patients, this lab needed a “robust, redundant, simple to manage, and sharable storage solution for this project that could grow as their storage needs changed.”
To address these concerns, this lab deployed the DS1512+ to handle their storage needs. The DS1512+ is a 5-bay scalable version of the DS412+, and it has been proven reliable through their daily usage, and ease of management for storing data, and allowing who has access to the raw MRI images.
As the DS1512+ is designed to be a turnkey solution, this lab found it was rather effortless to manage the resources and security of the DiskStation, requiring minimal overhead to manage. This allowed the researches to maintain focus on their research projects instead of worrying about storage maintenance.
(Click to Enlarge)
- Accessing the Synology DiskStation can require unique user/password combinations
- Data can be encrypted in transit (SSL or SSH)
- Data can be encrypted at rest (AES 256-bit)
- NTFS-Style ACLs are supported granular file control to manage access control to specific files or folders
- The DSM supports File Access Logging for Windows Protocol (SMB/CIFS), the following items are recorded
- User Name
- File Accessed
- Date/Time of Access
- Event Occurred, such as “Create, Delete, Move, Read, Rename, Delete, Write”
- Size of data changes
Hardware-accelerated encryption for a Secure Private Cloud
(Click to Enlarge)
In DSM 5.1 – additional improvements are being added to Cloud Station, one of which allows syncing of encrypted shared folders with workstations. The new platform that the DS415+ is utilizing supports hardware-accelerated encryption, effectively saturating 2x1GbE Links for encrypted shared folders. Combining all of these technologies allows any business to deploy a secure private cloud, as data on the DiskStation is encrypted “at rest” and “in transit”, without any lost in performance in accessing the encrypted data.
Combining DSM 5.1 with the platform that the DS415+ is based upon, supporting hardware-accelerated encryption to access encrypted “at rest” data, while concurrently “in transit” brings forth a new standard of Network Attached Storage. Data security concerns are prevalent, which necessitated the need of making high performance encryption technologies more accessible for SMEs. The DS415+ is Synology’s first new product based upon this new Intel Atom platform, a modern platform that is designed for embedded server applications. This new platform is designed to meet the needs of today’s business, with hardware-accelerated encryption being part of the forefront of today’s standards.
- Synology Help File – How to create shared folders, please refer to “Encrypt this shared folder”
- HIPAA.com – HIPAA ‘Protected Health Information’: What Does PHI Include?
- U.S. Dept. of Health and Human Services – Health Information Privacy
- U.S. Government Printing Office – HR 104-736 – Health Insurance Portability and Accountability Act of 1996
- Synology KB – How to create user accounts and groups on Synology NAS
- Synology KB – How to manage Windows ACL permissions from DSM
- Synology DSM Help – Windows File Service Management Document