Optimizing SSD for BitLocker by reducing allocation sizes?

1

My company wants full disk encryption throughout all organizations; however, I have read that there are noticeable impacts to both spindle HDDs and SSDs. The explanation for the SSD slowdown is that it must rewrite entire blocks, rather than intelligently writing within blocks, due to the data being encrypted and in turn affecting the TRIM commands. With that said, would it be beneficial to format disks with a smaller allocation/block size during the imaging process? In theory, wouldn't this reduce the write time for SSDs if it is always rewriting entire blocks?

By trade I am a developer, so this is a new area of learning for me. Please feel free to reference applicable URLs, etc.

I am also aware of SEDs as a potential solution, in the case a particular machine needs optimal RW speeds.

Tucker

Posted 2018-01-31T18:05:31.963

Reputation: 51

3" have read that there are noticeable impacts to both spindle HDDs and SSDs" - Where did you read this? I use Bitlocker on every device I have, on every storage device connected to those devices, and I have not noticed this myself. – Ramhound – 2018-01-31T18:08:40.317

@Ramhound: You haven't noticed it since it's small, at most 5%. It's usually only noticeable in disk tests. – harrymc – 2018-01-31T18:17:05.717

Hi @Ramhound I read various articles on the web, but my context is very limited and I am in no way knowledgeable enough to confirm or deny what any of them say. In your case, what are the hardware specs of your machine(s) and have you done any benchmarks or general comparisons? – Tucker – 2018-01-31T18:17:53.050

@harrymc - Honestly, I consider a 5% performance drop within the margin of error, but I don't often do benchmarks on external drives because the use of Bitlocker is required. – Ramhound – 2018-01-31T18:20:01.030

@Tucker - I am not going to attempt to find the articles you read. Can you supply specifics? – Ramhound – 2018-01-31T18:20:39.637

You do understand that Haswell which is 4th generation, supports AES-NI right? Of course, this assumes that BitLocker is tied the AES-NI instructions. Based on my research only Windows 10 Version 1511+ clients can use Bitlocker AES encryption. It isn't clear that Bitlocker would even use AES-NT to implement AES-XTS though. – Ramhound – 2018-02-01T16:07:32.180

@Ramhound you are correct, I confused the generations.Now that I have my head around it a little more, it seems that there should not be a huge impact with BitLocker- with the greatest bottle neck being spindle HDD vs SSD (which is a typical leap in efficiency anyways). – Tucker – 2018-02-01T16:59:21.557

@Tucker - Which is the reason I pushed back and wanted to read what you read because it didn't match my own experiences. Encryption will encounter some performance loss, but in my experiences, you don't notice it. The performance costs associated with say HTTPS, on the other hand, could be noticed which is the reason it took so to overcome (partially due to optimization but in reality, pure computing power can overcome a great deal). – Ramhound – 2018-02-01T17:35:01.100

Answers

2

You have a misunderstanding - the SSD uses its own page-size for the TRIM, which is usually 4-16KB and is defined in its firmware. This has nothing to do with Windows.

Best results are achieved when the disk is formatted with that same block-size, when the OS and the SSD fully agree on the same page/block size.

Windows writes entire blocks, the SSD writes entire pages, so too much data will be written if the sizes are not equal.

In addition, both the SSD firmware and the OS disk driver have optimizing algorithms, which may conflict when the sizes are not equal.

harrymc

Posted 2018-01-31T18:05:31.963

Reputation: 306 093

Thank you harrymc, that cleared up a lot of my confusion! – Tucker – 2018-02-01T15:55:37.963

Asked: 2018-01-31T18:05:31.963

Viewed: 1 329 times

Active: 2018-01-31T18:35:14.387