June 19th, 2012 by Josh Linden
WiebeTech ToughTech Secure mini-Q Review
WiebeTech’s ToughTech Secure mini-Q offers 128bit or 256bit encryption in a portable 2.5” SATA enclosure that uses key fobs to grant access to encrypted volumes, avoiding common social hacks that can compromise passphrase-based encryption. The mini-Q provides whole disk encryption to protects the entire drive, including boot sector, file allocation tables, and swap files.
The ToughTech Secure mini-Q integrates a hardware processor that handles encryption and decryption at full disk bandwidth, which should translate into full performance regardless of whether accessing encrypted or unencrypted volumes. This also means that the encryption engine works independently of the operating system, enabling users to use the enclosure without special software and to boot directly from an encrypted volume.
The ToughTech Secure mini-Q is made of aluminum for thermal exchange and durability, weighing in at approximately 2lbs without a drive installed. The encryption key is smaller than many thumb drives and is designed to fit on a keychain or lanyard.
ToughMount strips are located between the drive and the enclosure to protect mechanical drives from shock and reduce enclosure noise. An Oxford 934 chipset offers native SATA support and allows the ToughTech Secure mini-Q to provide dual FireWire 800 ports in addition to the combination eSATA/USB2 port.
Most FireWire ports should have adequate power to operate ToughTech Secure mini-Q, but 4-pin FireWire ports, eSATA ports, and some USB ports will require users to fall back on the included AC adapter or secondary USB host connection to power the unit.
Our review unit, the 26040-2510, offers FIPS-197 certified 128bit AES encryption (WiebeTech also offers a line of mini-Q enclosures with 256bit encryption). With the enclosure is connected to the host computer, you insert the encryption key into a micro-USB port on the front-right. The next step is to power on the mini-Q and wait for the green LED next to the key port to illuminate, confirming that the key has been accepted.
Once the drive has been unlocked you can remove the encryption key until the power is cycled, making it easier to keep your physical key safe. Replacement key sets can be ordered from WiebeTech, and according to the manual the re-keying process is not very different from the first use -- the drive will pair with the new key during a power cycle and, once complete, the host computer will display the attached storage as an unformatted volume. WiebeTech’s stated policy is not to retain key codes or to offer replacement keys with the same code as a previous key set.
For large-scale ToughTech Secure deployments or for customers with security protocols that require control over the entire encryption process or time-limited key access, WiebeTech offers an AES Encryption Key Programmer device. The Encryption Key Programmer can create or copy WiebeTech’s AES keys to add flexibility or additional keys to ToughTech Secure mini-Q deployments.
To measure the performance of the WiebeTech ToughTech Secure mini-Q, we installed a 240GB Intel SSD 520 into the enclosure and tested performance over eSATA. The drive attaches to the system with a connection speed of 1.5Gb/s, versus the drives native speed of 6.0Gb/s. Using CrystalDiskMark we measured a sequential transfer speed of 96MB/s read and 94MB/s write. This compared to the drive's potential of 486MB/s read and 290MB/s write with incompressible data. For most users this level of performance should be more than adequate, and if you are connecting over FireWire-800, the interface should be the limiting factor, not the enclosure performance.
Encryption protocols are an area that challenges users at all scales, from home office to enterprise. WiebeTech’s key-based encrypted storage makes a compelling case for deploying hardware-based encryption almost anywhere by demonstrating that high security does not necessarily mean disrupting existing workflows.
When looking at the performance when encrypted, there was a drop in speed versus what our SSD was capable of native over SATA. Some of that came in from the Oxford chipset, which limited the SATA connection to 1.5Gb/s with the rest coming from the encryption itself. Overall though, the drive was still able to push 96MB/s read and 94MB/s write, which would saturate FireWire-800 and provide plenty of speed for moving files around.