Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Intel Locks Down New Enterprise SSDs

23 Jul 2014   #1
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 
Intel Locks Down New Enterprise SSDs

Quote:
Intel's latest enterprise-class solid state drives (SSDs) pack some powerful security and management features to give businesses better protection against data breaches without compromising performance, the chip giant said Tuesday.

The new Intel SSD Pro 2500 Series drives are available in 2.5-inch and M.2 (60mm and 80mm) form factors, with storage capacities ranging from 120GB to 480GB, the company said. The latest professional-class SSDs from Intel are self-encrypting drives (SEDs) that bake in hardware-based 256-bit encryption, while offering policy controls that comply with the Trusted Computing Group's OPAL 2.0 standard and Microsoft eDrive, like crypto erase capability.

All of the new SSDs offer sequential read speeds of 540 Mbps and sequential write speeds of 490 Mbps, while random 4KB read/write speeds vary by form factor and capacity.
Source

A Guy


My System SpecsSystem Spec
.
24 Jul 2014   #2
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

I see one problem (self encrypting)
You better have a non self encrypting backup.
If the SSD ever breaks you will never get into to it to save your info.
My System SpecsSystem Spec
24 Jul 2014   #3
jimbo45

Linux CENTOS 7 / various Windows OS'es and servers
 
 

Hi there

You can actually have "Too much" security -- what happens on a corporate laptop if the SSD needs to get replaced.

Things like encryption need to be USER controlled -- where it can be turned off and on at the users choice.
Wait until we see a few posts appearing -- My encrypted drive is going defective -- how can I recover my data.

If it's only the OS stored on the SSD (probably would be in the case of smaller capacities anyway) why would you need to encrypt it. Corporate passwords etc are usually store remotely on the server and not on the client's machine anyway.

Thinks like Bitlocker are decent enough anyway -- I'm against this "self encryption".

Cheers
jimbo
My System SpecsSystem Spec
.

24 Jul 2014   #4
Cr00zng

Windows 7 64-bit, Windows 8.1 64-bit, OSX El Capitan, Windows 10 (VMware)
 
 

Recovering from hard drive going bad is a shot in the dark with or without Self Encrypting Drives, or SED. The SED does prevent recovering the data with recovery software in the lab.

For individuals, the SED might be an overkill; however, for enterprises with software solution to manage the SED will simplify data protection and sanitizing data on the recycled disks. Please keep in mind that within an enterprise, data protection should be managed centrally instead of by the end user for obvious reasons.

The Self Encrypting Drive (SED), based on Opal standards, is a hardware based encryption that poses no performance impact to the system. It has been available for quite a few years for both HDD and SSD. You maybe using one already, just don't know it...

A new SED drive, meaning both HDD and SSD, receive a randomly generated encryption key in the factory. The hardware based encryption utilizes this key to encrypt everything written to the disk by default. In another word, when you install Windows on one of this drive, the "C" drive will be fully encrypted. Neither you, nor the OS are aware of the encrypted data. Provided that you didn't know anything about the SED drives...

That in itself does not provide security, since anyone can start up the system and/or mount the drive in an other system. To activate protection, you'd need to set a BIOS HDD password, based on ATA specification, that in return controls access the the drive and indirectly to the encryption key. Alternatively, you could use third-party software that manages the SED, including the HDD password, within the operating system. All major OEMs offer SED option with a third-party software. So, this isn't anything new...

For enterprises, the SED based drives are great for all systems, such as laptop, desktops, servers, etc., especially when one has third-party software that capable to manage SEDs at the enterprise level. Any stolen/lost drive is encrypted and the data is not accessible when access is controlled to the encryption key. When the drive is being sent out for recycling, simply issue a "crypto erase" command and/or do the same in the GUI. Once command executed, less than 30 seconds on a single drive, the the factory encryption key is regenerated on the drive, effectively making the data on the drive encrypted with the factory encryption key unreadable, even for the company. There's no need to further sanitize the disk, which is great for businesses especially with large size drives.
My System SpecsSystem Spec
24 Jul 2014   #5
msgerbs

Windows 7 Professional x64
 
 

I guess I don't understand why this is useful. The key has to be stored on the drive, right? So what use is it to encrypt it if the encryption key is right there and you just have to ask the drive to unencrypted itself?
My System SpecsSystem Spec
24 Jul 2014   #6
ThrashZone

Win-7-Pro64bit 7-H-Prem-64bit
 
 

Yea give the new rebranded Intel security "Mcafee" to enterprise victims
My System SpecsSystem Spec
25 Jul 2014   #7
jimbo45

Linux CENTOS 7 / various Windows OS'es and servers
 
 

Quote   Quote: Originally Posted by Cr00zng View Post
Recovering from hard drive going bad is a shot in the dark with or without Self Encrypting Drives, or SED. The SED does prevent recovering the data with recovery software in the lab.

For individuals, the SED might be an overkill; however, for enterprises with software solution to manage the SED will simplify data protection and sanitizing data on the recycled disks. Please keep in mind that within an enterprise, data protection should be managed centrally instead of by the end user for obvious reasons.

The Self Encrypting Drive (SED), based on Opal standards, is a hardware based encryption that poses no performance impact to the system. It has been available for quite a few years for both HDD and SSD. You maybe using one already, just don't know it...

A new SED drive, meaning both HDD and SSD, receive a randomly generated encryption key in the factory. The hardware based encryption utilizes this key to encrypt everything written to the disk by default. In another word, when you install Windows on one of this drive, the "C" drive will be fully encrypted. Neither you, nor the OS are aware of the encrypted data. Provided that you didn't know anything about the SED drives...

That in itself does not provide security, since anyone can start up the system and/or mount the drive in an other system. To activate protection, you'd need to set a BIOS HDD password, based on ATA specification, that in return controls access the the drive and indirectly to the encryption key. Alternatively, you could use third-party software that manages the SED, including the HDD password, within the operating system. All major OEMs offer SED option with a third-party software. So, this isn't anything new...

For enterprises, the SED based drives are great for all systems, such as laptop, desktops, servers, etc., especially when one has third-party software that capable to manage SEDs at the enterprise level. Any stolen/lost drive is encrypted and the data is not accessible when access is controlled to the encryption key. When the drive is being sent out for recycling, simply issue a "crypto erase" command and/or do the same in the GUI. Once command executed, less than 30 seconds on a single drive, the the factory encryption key is regenerated on the drive, effectively making the data on the drive encrypted with the factory encryption key unreadable, even for the company. There's no need to further sanitize the disk, which is great for businesses especially with large size drives.

Hi there

I'm sure I'm not using SED's -- I have one or two INTEL SSD's as well as SAMSUNG's - and I'm often swappimg them between machines or even using as external drives for things like Windows to GO or VM's. If these were SED's I'm sure I'd get some warning about trying to access data on these when they are swapped to different machines - often running DIFFERENT HOST OS'es too.

OK at the hardware level the SSD's own microcode will handle the encryption - so what's the point if I can just switch these drivres to totally different hardware and OS'es. So have I misunderstood how these work -- for example is it a BIOS feature enabling the SED, or an application program / service running under control of the OS or what. ?.

If it's factory activated or embedded in the OS with the HDD (SSD) then this would imp;ly that the SSD is forever LOCKED to that specific machine -- not a GOOD idea.

Cheers
jimbo
My System SpecsSystem Spec
25 Jul 2014   #8
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

I really don't see any good in the idea of SED.
My System SpecsSystem Spec
Reply

 Intel Locks Down New Enterprise SSDs




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Intel SSDs - Configured for Intel CPUs or Excellent with AMDs too?
Hi all Yes, that's about it really... Advice in a previous thread (many thanks) has got me leaning towards Intel. So sorry for the silly question, but are they excellent with AMDs too? I have a X4 965 3.4 GHz and it's running great (for me anyway).
Hardware & Devices
Intel and Hitachi Showcase New Enterprise SSDs at CES 2011
More...
News
Intel Readies 25 nm NAND-based X25-M and X25-V SSDs for Q4 2010
Source...
News
Intel brings back TRIM support on X25-M G2 SSDs
more.. Intel® SATA Solid-State Drive Firmware Update Tool
News
Super Talent’s RAIDDrive SSDs Targeted for Enterprise S
Read The Full Scoop Here...:Super Talent’s RAIDDrive SSDs Targeted for Enterprise Servers, Workstation and Gaming Segments » My Digital Life
Hardware & Devices
Intel bundles CPUs with SSDs for discount
more:TechSpot - PC Technology News and Analysis
Chillout Room


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 02:05.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App