EFDE and EEE both slow down the disk speed dramatically.

[PAACIT-Richard 2]

Hi,

 

We have been using ESET for over 10 years, and adopted Deslock when it was first introduced to the ESET ecosystem.  Over the years we have noticed Encryption adversely affecting system performance - primarily in the read and write speeds.  With some hard drives, this has been up to a 70% drop in speed.  We see this on SSD's and NVMEs'.  By upgrading a faster drive get and improvement, but once you decrypt it, you realise just how fast it could have been.

 

ESET technical support are getting us to setup test cases, logs and examples to prove this.  We have seen this across many clients, many workstations and disk drives.

Is this performance draining something other ESET partners have noticed?

Is this hit to performance something that we have to live with if we want ESET Encryption?

Does ESET even recognize this is an issue - or is it just us?

 

Feedback from community and ESET very welcome!

 

Thanks,

Richard.

 

[AAndrejko 9]

Hi Richard,

This is such a tricky subject due to a variety of factors so I'll do my best to explain it. 

One of the key factors to be aware of when performing read and write tests on encrypted drives is that encrypted data cannot be compressed. With a lot of drives today they use technology which compresses the data, makes it smaller on the disk, so when it is read/written, the end result is basically increase R/W speeds of the disk because it's reading less data. However since encrypted data cannot be compressed, this technology cannot be used at all, therefore the true speeds of the disk are more evident.

Performance when encrypted using software encryption can vary massively from drive to drive, depending on how the manufacturer has implemented compression and how fast the actual hardware of the SSD is without any firmware technology.

In our own testing we have not seen a massive affect to the users experience when using the hardware we have at our disposal. However as I've stated before every drive can behave differently, performance measured by a benchmarking application may show a difference in speed but Windows load times and general use of the system may be in fact totally acceptable. 

We believe these issues relating to software encryption are true across all other encryption products, not just ours. However if you do have evidence that shows there is a dramatic difference then please get in touch via ESET technical support with the relevant evidence. 

These problems are related solely to software encryption (including software & TPM encryption), however we do have another method of encryption called OPAL. One of the main benefits of OPAL encryption is that it uses hardware based encryption, this means there is no performance loss to the drive either when using benchmarking tools or the users general Windows experience. However to use OPAL the drive and the system in question must support OPAL and if using EEE, the system must be managed by an Encryption Server. 

Here's a quick guide to use OPAL in EEE - https://help.eset.com/eee_server/3/en-US/full-disk-encrypt-a-client-worstation-using-opal.html

If there's any other questions, please let me know.

Kind regards,

Ashley 

[PAACIT-Richard 2]

Hi Ashley,

The read and write speed is what we are using to provide a specific, measurable bench mark.  In actual fact the user experiences the slow down across the machine, including but not limited to, start-up, opening file explorer, navigating between folders, opening applications, opening files, coping files.  If we ship a new laptop already encryption the user doesn't know any different.  However if we ship them something new and encrypt once they have started using it, this is when they notice the difference and complain.  If we onboard new customers and push out encryption, we get many complaints that our systems and ESET has adversely affected their computers.

We have noticed these affects over all manor of devices and drives.  We see it on Dell Laptops with hi-speed NVME using RAID, and using ACHI.  We see it on Lenovo laptops with old hard drives and new SSD's.  The age and drive performance will dictate the extent of the slow down - however the slow down is always present to some extent.

Our primary comparison is EFDE vs BitLocker vs No Encryption.  For the most part we are not including EEE as it has been our intention to migrate the reaming clients to EFDE so we can utilize a single pane of glass for management (ESET Protect on-prem).

If customers perceive bitlocker to be faster, cheaper and deliver the same grade encryption, it places us in a difficult position as to why we are still using ESET Encryption.

Is this an issue that ESET acknowledges and is there some commitment to improving?

or

Is this an issue with "Software Encryption" and it is what it is!

The answer makes quite a big difference to us.  If I am to commit time and resources in setting up test machines, test hardware and reporting differences between EFDE vs BitLocker vs No Encryption, I would need some assurance that ESET would be taking that information with a quest to improve the product.

If there isn't a commitment, and our efforts are not going to contribute to change, then I'd rather not lose the resource time.  We would need to learn to live in the "It is what it is" world.

To what degree have other partners found the slow down across their IT estates?

Best wishes,

 

Richard.

 

 

 

 

[JPritchard 11]

Hello Richard,

While I cannot comment on the development plans for the encryption products, I would like to offer my team's help to investigate this issue.

In your previous post you said,

Quote

In actual fact the user experiences the slow down across the machine, including but not limited to, start-up, opening file explorer, navigating between folders, opening applications, opening files, coping files.

If your users are noticing a considerable performance impact performing the actions above, then please can you submit a support case and request that the case is escalated to HQ so my team can investigate the issue?

Please note that due to the nature of the problem, we will ask you to perform and record your findings doing various tasks on a system that has already experienced performance related issues. These tasks will need to be completed while the computer is encrypted and then again while not encrypted. This will help paint a clear picture of the scope of the issue.

I'd like to add a little more background information. Using software-based Full Disk Encryption will always have a performance overhead. This is true of all encryption vendors, not just ESET. How much of a performance impact can vary from system to system, as there are multiple factors involved. However, we expect that a computer used in a "normal" office setting will operate with little to no discernible difference to the user after Full Disk Encryption has been completed (we expect performance to be more highly impacted while encryption is in progress, but this impact will subside after encryption has completed). However, depending on the nature of the work the user does, they may notice more of an impact, such as using 3-D rendering software or during video editing and rendering.

Perhaps this ties in with your statement here:

Quote

However if we ship them something new and encrypt once they have started using it, this is when they notice the difference and complain

Could it be the user is experiencing a performance impact while encryption is currently in progress?

Regardless, in instances where a user needs the best disk performance available, EEE/EFDE supports OPAL 2.0 self-encrypting drives. This hardware-level encryption has no performance impact at all to the drive.

Have you explored this with your customers as a solution to their concerns?

Please let me know if you submit a support case, as I want to be personally involved in the investigation.

All the best,

Jay Pritchard

Technical Support Engineer III / Tier 3 Encryption Support Team Lead