Power Loss and Data Integrity in Military SSDs

For the defense industry, NAND Flash, with its lack of moving parts, has made it the common storage medium for a variety of field applications. With its small size, low power usage, high performance and robustness in extreme environments, choosing solid state storage has been a clear choice from the beginning.

Performance wise, SSDs are superior as well. Traditional rotating hard drives access data sequentially via a magnetic head which has to physically move to the location where data is stored. In contrast, data on a solid state NAND flash can be accessed randomly across the entire medium. With no "seek" times, access speeds to any part of the disk are identically fast.

While superior in almost all performance characteristics to hard drives, the random access nature of NAND Flash means that unexpected power loss can threaten data integrity. Temporary data stored in DRAM buffers as well as metadata will be lost when power cuts out unexpectedly if the proper mechanisms are not in place.

Military buyers need to be aware that the MIL-STD-810F/G spec is not enough. SSDs intended for use in harsh environments must not only be ruggedized for shock, vibration and temperature resistance, but also have robust power loss protection mechanisms built-in.

The Challenge

Differences in the behavior of flash vs. rotating media under power loss are a result of the differences in the way the storage medium is accessed. As flash cannot be overwritten in place like hard drives, a firmware layer is needed to simulate a virtual block device and provide overwrite functionality.

Program Erase Cycles

iCell Technology allows temporary data in DRAM buffers to be fully flushed to flash in the event of power failure
Traditional software level I/O operations expect a block level device which can be overwritten in place. However with flash, write operations are more complex. Data can only be written, or "programmed" on a clean block. If the block already contains data, it must be erased before it is written to.

Flash memory can only be erased in blocks much larger than it can be written to. To maximize service life and I/O speeds, as data is updated it will be written to new physical locations rather than inefficiently erasing a large "erase block" and programming a smaller "write block" of data to the same physical location. These new locations are not selected at random, but spread across the disk to balance wear and optimize SSD endurance. This technique is known as wear-leveling.

The Flash Translation Layer

To map logical data addresses to the physical addresses, which change as data is updated, firmware known as the Flash Translation Layer (FTL) is needed. This firmware not only handles address remapping but also implements wear-leveling and makes sure there are enough clean blocks to write to so I/O performance remains high. Because of the abstraction of the FTL and its proprietary nature, firmware from different flash vendors varies considerably and can make a huge difference on flash reliability and performance.

DRAM Buffers

A key technical aspect of a modern SSD is the use of volatile memory buffers for temporary data. DRAM is used by the firmware to hold address remapping data until it is flushed to flash. The other role of the DRAM is to act as temporary data storage until it is time for a write operation. By caching I/O operations in DRAM until blocks of non-volatile flash are ready to be written to, IOPS are increased and physical P/E cycles are reduced, enhancing SSD performance and service life.

While the DRAM buffers are essential to modern flash's high performance and durability, as a volatile memory technology their contents need to be flushed to non-volatile flash storage at regular intervals. If a power failure occurs during this transitory period, data will be permanently lost or corrupted.

Power Protection

While ordinary SSDs flush volatile data to non-volatile memory regularly, if a power-down happens during an intermediate state they have only 2ms worth of residual power to flush multiple megabytes of data, which is not enough to prevent data loss. iCell technology from Innodisk is a comprehensive power protection technology which detects power loss early on and then takes necessary actions using residual power sources to save volatile DRAM data into non-volatile Flash.

When voltage detectors sense a voltage drop from regular 5V to low voltage, the SSD immediately goes into abnormal power-down status. iCell's high-density on-board capacitors then provide up to 60ms of continual operation after power loss, during which 6MB of data can be written to flash, providing complete data protection.

Summary

NAND Flash based SSDs outperform traditional storage media in almost all military scenarios but are vulnerable to serious data loss without power management protection. SSDs for military use and anywhere power is not 100% available need to have comprehensive power loss management schemes in place for data security.

Through additional capacitors on the IC, early voltage drop detection, and specialized power loss data flush schemes, iCell technology is able to protect against data loss from power interruptions. Military buyers are keenly aware of MIL-STD-810F/G requirements for shock and vibration resistance, wide operating temperature range, thermal protection, and other environmental hazards, but power loss protection is not always considered. For data integrity, power loss protection is a mandatory technology for SSDs operating in military applications and wherever power availability is not guaranteed.

This article was written by C.C. Wu, Vice President, Innodisk Flash Business Unit (Fremont, CA). For more information, Click Here .