ThinkSystem Kioxia CM6-R Entry NVMe PCIe 4.0 x4 SED SSDs

The ThinkSystem Kioxia CM6-R Entry NVMe PCIe 4.0 x4 solid-state drives (SSDs) are high-performance self-encrypting drives (SEDs) that adhere to the Trusted Computing Group Opal/Ruby Security Subsystem Class cryptographic standards (TCG Opal/Ruby SSC). They use Kioxia NAND flash memory technology with a PCIe 4.0 x4 NVMe interface to provide an high-performance solution for secure read-intensive workloads.

Figure 1. ThinkSystem Kioxia CM6-R Entry NVMe PCIe 4.0 x4 SED SSD

Self-encrypting drives (SEDs) provide benefits by encrypting data on-the-fly at the drive level with no performance impact, by providing instant secure erasure thereby making the data no longer readable, and by enabling auto-locking to secure active data if a drive is misplaced or stolen from a system while in use. These features are essential for many businesses, especially those storing customer data.

The Kioxia CM6 drives have a PCIe 4.0 (Gen 4) host interface, where sequential performance is doubled over the PCIe 3.0 host interface. The drives are also fully compatible with a PCIe 3.0 host interface providing optimal performance and enabling compatibility across server families.

NVMe (Non-Volatile Memory Express) is a technology that overcomes SAS/SATA SSD performance limitations by optimizing hardware and software to take full advantage of flash technology. The use of NVMe drives means data is transferred more efficiently from the processor to the drives compared to the legacy Advance Host Controller Interface (AHCI) stack, thereby reducing latency and overhead. These SSDs connect directly to the processor via the PCIe bus, further reducing latency and TCO.

The following table lists the part numbers and feature codes for ThinkSystem servers.

The part numbers include the following items:

Non-Volatile Memory Express (NVMe) is PCIe high performance SSD technology that provides high I/O throughput and low latency. NVMe interfaces remove SAS/SATA bottlenecks and unleash all of the capabilities of contemporary NAND flash memory. Each NVMe PCI SSD has direct PCIe x4 connection, which provides at significantly greater bandwidth and lower latency than SATA/SAS-based SSD solutions. NVMe drives are also optimized for heavy multi-threaded workloads by using internal parallelism and many other improvements, such as enlarged I/O queues.

The ThinkSystem Kioxia CM6-R Entry NVMe SSDs have the following features:

• Based on the Kioxia KCM61RUL drives (formerly Toshiba)
• 2.5-inch NVMe (U.3, which is backward compatible with U.2) hot-swap drive tray
• Compliant with TCG Opal and TCG Ruby specifications:
  • TCG Storage Security Subsystem Class: Opal Version 2.01 Revision 1.00
  • TCG Storage Security Subsystem Class: Ruby Version 1.00 Revision 1.00

• Supports Sanitize Cryptographic Erase
• 96-layer BiCS FLASH 3D TLC memory
• 1 drive-write-per-day (DWPD) SSD for read-intensive workloads
• PCIe 4.0 x4 host connection for each NVMe drive, resulting in up to 6.9 GBps overall throughput.
• Full Power-Loss-Protection and End-to-End Data Protection
• Low power consumption (maximum 20 W)

The TBW value assigned to a solid-state device is the total bytes of written data (based on the number of P/E cycles) that a drive can be guaranteed to complete (% of remaining P/E cycles = % of remaining TBW). Reaching this limit does not cause the drive to immediately fail. It simply denotes the maximum number of writes that can be guaranteed. A solid-state device will not fail upon reaching the specified TBW. At some point based on manufacturing variance margin, after surpassing the TBW value, the drive will reach the end-of-life point, at which the drive will go into a read-only mode.

Because of such behavior, careful planning must be done to use SSDs in the application environments to ensure that the TBW of the drive is not exceeded before the required life expectancy.

For example, the 3.84TB drive has an endurance of 7,008 TB of total bytes written (TBW). This means that for full operation over five years, write workload must be limited to no more than 3,840 GB of writes per day, which is equivalent to 1.0 full drive writes per day (DWPD). For the device to last three years, the drive write workload must be limited to no more than 6,400 GB of writes per day, which is equivalent to 1.7 full drive writes per day.

The following sections describe the benefits in more details.

When the self-encrypting drive is in normal use, its owner need not maintain authentication keys (otherwise known as credentials or passwords) in order to access the data on the drive. The self-encrypting drive will encrypt data being written to the drive and decrypt data being read from it, all without requiring an authentication key from the owner.

Nearly all drives eventually leave the data center and their owner's control. Corporate data resides on such drives, and when most leave the data center, the data they contain is still readable. Even data that has been striped across many drives in a RAID array is vulnerable to data theft because just a typical single stripe in today’s high-capacity arrays is large enough to expose for example, hundreds of names and bank account numbers.

In an effort to avoid data breaches and the ensuing customer notifications required by data privacy laws, companies use different methods to erase the data on retired drives before they leave the premises and potentially fall into the wrong hands. Current retirement practices that are designed to make data unreadable rely on significant human involvement in the process, and are thus subject to both technical and human failure.

Self-encrypting drives eliminate the need to overwrite, destroy, or store retired drives. When the drive is to be retired, it can be cryptographically erased, a process that is nearly instantaneous regardless of the capacity of the drive.

Self-encrypting drives reduce IT operating expenses by reducing asset control challenges and disposal costs. Data security with self-encrypting drives helps ensure compliance with privacy regulations without hindering IT efficiency. So called "Safe Harbor" clauses in government regulations allow companies to not have to notify customers of occurrences of data theft if that data was encrypted and therefore unreadable.

Using a self-encrypting drive when auto-lock mode is enabled simply requires securing the drive with an authentication key. When secured in this manner, the drive’s data encryption key is locked whenever the drive is powered down. In other words, the moment the self-encrypting drive is switched off or unplugged, it automatically locks down the drive’s data.

When the self-encrypting drive is then powered back on, it requires authentication before being able to unlock its encryption key and read any data on the drive, thus protecting against misplacement and theft.

While using self-encrypting drives just for the instant secure erase is an extremely efficient and effective means to help securely retire a drive, using self-encrypting drives in auto-lock mode provides even more advantages. From the moment the drive or system is removed from the data center (with or without authorization), the drive is locked. No advance thought or action is required from the data center administrator to protect the data. This helps prevent a breach should the drive be mishandled and helps secure the data against the threat of insider or outside theft.

The following table presents technical specifications for the ThinkSystem Kioxia CM6-R Entry NVMe SSDs.

The following tables list the ThinkSystem servers that are compatible.

NVMe PCIe SSDs require a NVMe drive backplane and some form of PCIe connection to processors. PCIe connections can take the form of either an adapter (PCIe Interposer or PCIe extender/switch adapter) or simply a cable that connects to an onboard NVMe connector.

Consult the relevant server product guide for details about required components for NVMe drive support.

The following table lists the supported operating systems.

To effectively manage a large deployment of SEDs in Lenovo servers, IBM Security Key Lifecycle Manager (SKLM) offers a centralized key management solution. Certain Lenovo servers support Features on Demand (FoD) license upgrades that enable SKLM support.

The following table lists the part numbers and feature codes to enable SKLM support in the management processor of the server.

The IBM Security Key Lifecycle Manager software is available from Lenovo using the ordering information listed in the following table.

The following tables list the ThinkSystem servers that are compatible.

The Kioxia CM6-R Entry NVMe SSDs carry a one-year, customer-replaceable unit (CRU) limited warranty. When the SSDs are installed in a supported server, these drives assume the system’s base warranty and any warranty upgrades.

Solid State Memory cells have an intrinsic, finite number of program/erase cycles that each cell can incur. As a result, each solid state device has a maximum amount of program/erase cycles to which it can be subjected. The warranty for Lenovo solid state drives (SSDs) is limited to drives that have not reached the maximum guaranteed number of program/erase cycles, as documented in the Official Published Specifications for the SSD product. A drive that reaches this limit may fail to operate according to its Specifications.

The Kioxia CM6-R Entry NVMe SSDs have the following physical specifications:

Dimensions and weight (approximate, without the drive tray):

• Height: 15 mm (0.6 in.)
• Width: 70 mm (2.8 in.)
• Depth: 100 mm (4.0 in.)
• Weight: 130 g (5.3 oz)

The Kioxia CM6-R Entry NVMe SSDs are supported in the following environment:

• Temperature:
  • Operating: 0 to 70 °C (32 to 158 °F)
  • Transport: -40 to 80 °C (-40 to 176 °F)
• Relative humidity: 5 to 95% (non-condensing)
• Maximum altitude:
  • Operating: 5,486 m (18,000 ft)
  • Non-operating: 12,192 m (40,000 ft)
• Shock: 1,000 G (Max) at 0.5 ms
• Vibration: 2.17 G_RMS (5-800 Hz)

The Kioxia CM6-R Entry NVMe SSDs conform to the following regulations:

• Underwriters Laboratories: UL60950-1
• Canada: CAN/CSA-C22.2 No.60950-1
• TUV: EN 60950-1
• BSMI (Taiwan): CNS 13438 (CISPR Pub. 22 Class B): D33003
• MSIP: KN22, KN24 (CISPR Pub. 22 Class B)
• Australia/New Zealand: AS/NZS CISPR32:2015 Class B
• Canada: ICES-003 Issue 6 Class B
• EMC: EN55022 (2015) Class B
• EMC: EN55035 (2017)
• RoHS 2011/65/EU: EN50581 (2012) Category 3

For more information, see the following documents:

• Lenovo ThinkSystem SSD Portfolio
  https://lenovopress.com/lp1261-lenovo-thinksystem-ssd-portfolio
• Lenovo ThinkSystem storage options product web page
  https://lenovopress.com/lp0761-storage-options-for-thinksystem-servers
• Kioxia product page for the CM6-R product family:
  https://business.kioxia.com/en-us/ssd/enterprise-ssd/cm6-r.html