A couple of days ago on 5th January, Dell announced support for quad-level cell (QLC) self-encrypting (SED) flash media for PowerScale. Specifically, the F900 and F600 all-flash NVMe platforms are now available with 15.4TB and 30.7TB QLC SED NVMe drives.
These new QLC SED drives offer a compelling blend of security, capacity, performance, reliability and affordability – and will be particularly beneficial for sensitive workloads and datasets requiring at-rest encryption.
The details of the new QLC SED drive options for the F600 and F900 platforms are as follows:
PowerScale Node | Chassis specs
(per node) |
Raw capacity
(per node) |
Max Raw capacity (252 node cluster) |
F900 | 2U with 24 NVMe SSD drives | 737.28TB with 30.72TB QLC
368.6TB with 15.36TB QLC |
185.79PB with 30.72TB QLC
92.83PB with 15.36TB QLC |
F600 | 1U with 8 NVMe SSD drives | 245.76TB with 30.72TB QLC
122.88TB with 15.36TB QLC |
61.93PB with 30.72TB QLC
30.96PB with 15.36TB QLC |
This allows a PowerScale F900 cluster with the 30.7TB QLC SED drives to grow up to 185.79PB of raw encrypted data capacity in a single volume, coupled with predictable linear performance scaling!
The new QLC SED drives double the all-flash capacity footprint for encrypted data, as compared to previous generations – while delivering robust environmental efficiencies in consolidated rack space, power and cooling. What’s more, PowerScale F600 and F900 nodes containing QLC SED drives can deliver the same level of performance as TLC SED drives, thereby delivering vastly superior economics and value.
QLC-based F600 and F900 SED nodes can easily be rapidly and non-disruptively integrated into existing PowerScale clusters.
Before we get into the details, a quick terminology review:
Term | Details |
DARE | Data-at-rest encryption |
FIPS | Federal Information Processing Standard 140 (currently at version 3: FIPS 140-3) |
ISE | Instant Secure Erase (Drives that support crypto erase but are not SEDs) |
Non-FIPS | SED drive that supports data-at-rest encryption, but has not yet been FIPS 140-3 certified. |
QLC | Quad-level cell, high capacity SSD (4 bits per cell). |
SED | Self-encrypting drive that supports data-at-rest encryption (includes both FIPS and non-FIPS drives). |
SSD | Solid State Drive, using flash memory for storage rather than spinning magnetic media. |
TLC | Tri-level cell SSD (3 bits per cell). |
With the introduction of a new version of the FIPS 140 standard (FIPS 140-3), these new QLC SED drives fall under the ‘non-FIPS’ category above, and are currently intended for customers that need data-at-rest encryption but do not explicitly require US FIPS certification. That said, FIPS 140-3 certification of these QLC SED SSD drives is in porgess and will be completed later this year.
Under the hood, PowerScale support for these new drives requires the addition of a new ‘QLC SED-Non-FIPS’ OneFS drive category. Since the overall data-at-rest protection provided by a cluster is determined by the lowest protection offered by any component in the cluster, if a cluster contains any SED-Non-FIPS drives, it cannot claim to provide FIPS-certified protection. As such, actions that would reduce the protection level provided by a cluster are blocked.
OneFS 9.4.0.8 now recognizes the following drive types with their corresponding SED compliance level:
SED Drive Type | Compliance Level |
SED-NON-FIPS | 0 |
SED-FIPS | 1 |
SED-FIPS-140-2 | 2 |
SED-FIPS-140-3 | 3 |
For the curious, the compliance level can be queried via a SED node’s drives-psi.conf file. For example:
# cat /etc/psi.conf.d/drives-psi.conf | grep -i compliance compliance_level = 0;
From the WebUI, the ‘drive details’ pop-up window in OneFS 9.4.0.8 is extended to display the drive’s compliance status via a new ‘SED Compliance Level’ field. This can be viewed by navigating to Hardware configuration > Drives and selecting ‘View details’ for the desired drive:
The ‘isi device drive view’ CLI command in OneFS 9.4.0.8 also reports the ‘SED Compliance Level’ field:
# isi device drive view 10 Lnn: 1 Location: Bay 10 Lnum: N/A Device: /dev/nvd2 Baynum: 10 Handle: 364 Serial: PHAC2044006Y15PHGN Model: Dell Ent NVMe SED P5316 RI 15.36TB Tech: NVME Media: SSD Media Class: QLC SED Compliance Level: SED-NON-FIPS Blocks: 30001856512 Logical Block Length: 512 Physical Block Length: 512 W WN: 01000000010000005CD2E4B110325551 State: WRONG_TYPE Purpose: UNKNOWN Purpose Description: A drive whose purpose is unknown Present: Yes Percent Formatted: 0
Or from the ‘isi status –node’ CLI command, which is also enhanced to display a new node-level ‘SED Compliance Level’ attribute:
# isi status --node 1 Node LNN: 1 Node ID: 1 Node Name: tme-1 Node IP Address: 10.9.24.76 Node Health: -A— Node Ext Conn: C Node SN: 8QMKR33 SED Compliance Level: SED-NON-FIPS Member of Node Pools: n/a Member of Tiers: n/a Node Capacity: 19.0T Available: 19.0T (> 99%) Used: 1.1G (< 1%)
Similarly, the node compliance level is reported in the OneFS 9.4.0.8 WebUI for each drive in Hardware Configuration->Nodes->Node Details. For example:
Additionally, PowerScale F600 and F900 nodes must be running OneFS 9.4.0.8 and DSP v1.43.2 or later in order to support QLC SED drives. In the event of a QLC SED drive failure, it must be replaced with another QLC SED drive. More specifically:
Node Type | Drive Type | Drive Supported |
ISE | ISE | Yes |
ISE | SED-Non-FIPS | No |
ISE | SED-FIPS | No |
SED-Non-FIPS | ISE | No |
SED-Non-FIPS | SED-Non-FIPS | Yes |
SED-Non-FIPS | SED-FIPS | Yes |
SED-FIPS | ISE | No |
SED-FIPS | SED-Non-FIPS | No |
SED-FIPS | SED-FIPS | Yes |
If the wrong type of drive is inadvertently added to a node, the ‘SYS_DISK_WRONGTYPE’ CELOG event will provide a detailed description of why the drive is incorrect.
Also, per the OneFS compatibility rules, joins of SED-Non-FIPS nodes to SED-FIPS clusters are also blocked.
Minimum Node in Cluster | Joining Node Type | Join Supported |
SED-Non-FIPS | ISE | No |
SED-Non-FIPS | SED-Non-FIPS | Yes |
SED-Non-FIPS | SED-FIPS | Yes |
SED-FIPS | ISE | No |
SED-FIPS | SED-Non-FIPS | No |
SED-FIPS | SED-FIPS | Yes |
Finally, any attempts to downgrade a QLC SED node to a version prior to OneFS 9.4.0.8 will be blocked.