Skip the navigation

New SandForce SSD controllers offer better security, speed

The controller encrypts data twice to thwart hacking attempts

October 7, 2010 09:31 AM ET

Computerworld - Solid-state processor maker SandForce today announced a new line of controllers for enterprise-class drives that promise to double I/Os per second (IOPS) for those products.

SandForce's new SF-2000 family of solid-state drive (SSD) processors use 6Gbit/sec SATA II connectivity, which offers up to 500MB/sec sequential read and write performance. The company said it also doubled the number of IOPS from 30,000 to 60,000 over its previous SF-1500 family of controllers.

SandForce's SF-2000 controller
SandForce's SF-2000 controller

SandForce is shipping samples of the new controller family to storage manufacturers this quarter and expects to ramp up production of the new processors in the first and second quarter of 2011. The new controller is aimed at SSDs for data center servers and storage arrays.

As the amount of stored data grows -- and the size of flash memory continues to shrink -- data bit error rates are increasing, requiring more sophisticated error correction code (ECC). For example, Micron and Intel recently released flash memory using circuitry only 25 nanometers (nm) in width with three bits per cell. That compares to two-bits-per-cell 30nm and 40nm technology that Micron and its competitors have been using.

SandForce has moved from ECC to a BCH (Bose-Chaudhuri-Hocquenghem) algorithm because it is more efficient at correcting both highly concentrated and widely scattered bit errors on flash memory.

"Going down to 25nm and less is going to make it harder and harder, because there are fewer atoms to hold that charge," said Kent Smith, senior director of product marketing at SandForce. "So that means the error rate goes up. ...It's up to the controller to keep that under control."

The new SandForce processors also change how data is encrypted as a host system sends it an SSD.

SandForce's family of SF-1500 controllers used the 128-bit AES algorithm to encrypt data as it was written to the flash memory. The new processor encrypts data with the 256-bit AES algorithm in the processor first and then encrypts the data again using the 128-bit AES algorithm as it writes it to memory.

"Essentially, I'm more secure than the [National Security Agency] requires me to be," Smith said. "Now we encrypt data coming into the controller, so no one has to worry about someone taking over the chip and being able to get at the data."

The SF-2000 family includes a controller -- the SF-2600 -- that supports non-512 byte sectors for serial-attached SCSI (SAS) SSDs. The controller allows SAS hosts that send larger byte sectors through a bridge to a SATA drive to do it without a read-modify-write process, which can system performance in half, Smith said. SATA drives use 512-bytes sectors.

The problem with a controller that only allows a 512-byte write is that it can't move data from a host system to the drive without having to perform a read-modify-write function, which eats CPU cycles and can cut I/O performance in half, Smith said.

"If the host uses 528-byte sectors, then the drive will also use 528 byte sectors. Now any writes from the host will result in a single write through the bridge to the drive keeping the performance at its maximum," Smith said. "So with this controller, the performance stays high."

Lucas Mearian covers storage, disaster recovery and business continuity, financial services infrastructure and health care IT for Computerworld. Follow Lucas on Twitter at Twitter @lucasmearian or subscribe to Lucas's RSS feed Mearian RSS. His e-mail address is lmearian@computerworld.com.

Read more about Data Storage in Computerworld's Data Storage Topic Center.



Our Commenting Policies