The onslaught of digital devices—from mp3 players to phones to iPads—has created a huge commercial market for flash memory components. As a result, flash memory technology exploded with low-cost, high-density products and has made possible data collection and storage on a scale never before affordable in mil-aero systems. Implementing that technology on mil-aero industry standard form factors such as VME and VPX allows the resulting systems to tackle the challenging environment of airborne data storage.

To tackle airborne data storage applications, mil-aero applications require a challenging mix of attributes. They need data storage systems that are rugged, maintainable and reliable on one hand—while at the same time they must offer the performance and capacity to serve the mission. On top of all that they need SATA interface options like 4-port JBOD or optional single-port HW RAID0 (OpenVPX compliant). And because security is an issue, DAR Encryption is also a must. Each of those attributes is important to today’s applications, and future capabilities are moving rapidly as the commercial demand for flash memory continues to grow exponentially.

Rugged Storage Designs

Rugged design and construction means that the standard form factor products can survive and continue to operate effectively in the environmental extremes of airborne platforms. These extremes generally begin with rail temperatures of -40° to +85°C and continue on to high shock and vibration. Condensing humidity, rain, fluid contamination, fungus, salt fog, sand and dust all collude to force the circuit boards into an air tight protective chassis. Inside the rugged chassis, the boards must now be effective at conduction cooling as no air is moving in the densely packed interior chamber. In addition, altitude, acceleration, acoustic noise, gunfire, EMI, EMC and many more environments must be tested to verify ruggedization claims. MIL-STD-810F has long been the bible for standard test methods. Because the boards are a standard form factor, the same rugged chassis and board designs can be reused to create systems of many differing features and functions. A related issue is reliability. In airborne applications, reliability means the data downloaded for analysis is consistently provided with no lapses or holes in the data collected. The sidebar “Ensuring Reliability in Storage Systems” takes a detailed look at these challenges.

One might worry that components designed and developed for low-cost commercial products are not tough enough to take on the airborne environment. However, these handheld products must endure the abuse of being dropped kicked and left in the sun for hours. Certainly the electronic storage components placed in VME and VPX form factors specifically tailored for the airborne environment are up to the task. An example airborne platform making heavy use of solid state storage are the subsystems used in the Network File Server (NFS) for the U.S. Air Force Air Combat Command’s HC/MC-130J Super Hercules special mission aircraft (Figure 1).

Maintainable Features Are Key

Maintainability is a quality measure that a product has for being repaired or replaced within a pre-determined amount of time or mean time to repair (MTTR). MTTR is the basic measure of maintainability in military and airborne platforms. Generally the lower the MTTR, the more maintainable the device is considered to be. In some cases, MTTR is measured from the time a fault is discovered to the point at which the faulty component has undergone corrective action and the system is again fully operational. However, in airborne platforms a fault may be discovered some non-deterministic distance from a repair location. For airborne platforms MTTR is then more reasonably defined as the elapsed time starting with when the repair action has actually begun.

By using standard VME and VPX form factors for airborne storage designs, the product inherits the fundamental maintainability of those standards. Especially important to airborne platforms is the VPX VITA 48 Ruggedized Enhanced Design Implementation (REDI) standard. This mechanical standard for design enhancements allows a two-level maintenance strategy at the board level. Being able to repair in the field at the board level rather than transport the system to a repair depot can dramatically reduce the MTTR of that system.

For airborne storage systems, there is often the need to rapidly and safely remove and replace the storage module. At the end of a flight, large amounts of mission and sensor data need to be transferred to analysis locations. For this reason, users desire the storage be located behind an easy to open door and removal of the VPX memory module without tools. An example of this type of design is shown in Figure 2, which shows the Compact Network Storage with terabyte 3U VPX modules and includes toolless loosening of the wedge locks and ejector for easy removal. In addition, the flash storage module has the hot swap capability of the VPX standard and can be removed and replaced with power on the system.

High Throughput Using Switched Fabrics

The VME and VPX standards community has standardized on a set of high-throughput communication signals and protocols that provide basic throughput and scale easily to meet even the most demanding speed application. These include PCI Express and Serial Rapid IO between boards internal to the chassis and Serial Front Panel Data Port (sFPDP) at 2.5 Gbits/s, Fibre Channel at up to 8 Gbits/s, Gigabit Ethernet at 1 Gbit/s, and in the most demanding applications, 10 Gigabit Ethernet.

Flash storage devices supported 40 Mbytes/s or less only a few years ago and many devices had to be striped in order to reach the several hundreds of megabytes per second required by airborne intelligence, surveillance and reconnaissance (ISR) applications. Today flash devices have added more internal controllers and striping to increase the device throughput to 100 Mbytes/s and some are above 200 Mbytes/s. This allows fewer devices to accomplish the same throughput resulting in space, weight and power reductions and/or an increase in capacity.

Capacity on the Rise

As with throughput, flash memory devices have greatly increased capacity in recent years. It is now common for a single SATA flash controller to handle 16 x 16 Gbyte flash chips for single SATA lane capacity of 256 Gbytes. Double density 32 Gbyte SLC flash chips will soon be sampling to early adopters, proving that flash densities will continue to grow as the demand for higher resolution devices continues to explode.

One issue that has actually lowered the user accessible capacity specifications is termed “over-provisioning.” As storage device suppliers learned to incorporate wear leveling and bad-block management into their devices for reliability, there was the realization that not all of the flash memory being specified was actually available to the user and that some amount of the flash memory had to be reserved for internal use. Since the product specifications are warranted for many years, provisions must be made for some initial number of bad-blocks and also those blocks that will fail over time. Over-provisioning can take up to 23 percent of the total flash memory and is required to meet the warranted capacity specifications. That level of over-provisioning means that a device with 256 Mbytes of flash memory will only provide 200 Gbytes of user capacity. This leads to confusion in the market place. Specifying both the amount of flash memory in the device and also the amount that is user accessible provides clarity for a user.

The primary interface to large capacity flash storage devices today is SATA. Unlike Fibre Channel that is designed to be a Storage Area Network (SAN), the SATA is a point-to-point connection between the drive and the host. With Fibre Channel, one host interface could easily connect and operate with up to 126 drives. Not so with SATA. A host computer would need 126 SATA ports in order to operate up to 126 SATA drives, which causes a big challenge for storage systems in VME and VPX environments. Most VME or VPX SBCs include only one to three SATA host ports. This host port limit imposes severe limits on performance due to the low number of drives being striped and the aggregate drive capacity.

Multiple SSDs Aggregated

One way to help mitigate this problem in the VME or VPX environment is the approach Curtiss-Wright took on its 3U VPX Flash Storage Module (FSM). This approach places 4 x 256 Gbyte SATA SSDs on a single board along with a hardware RAID0 chip. This allows the four drives to be seen on a single SATA host port; performance is maintained with hardware disk striping and the capacity is 1 Tbyte of flash memory. The onboard physical layer switch allows the SATA ports to be switched to either of the two OpenVPX lanes on P1 or up to four user lanes on P2. The SATA RAID0 chip can be bypassed and all four SATA lanes brought to the backplane. This approach allows each of the four SATA drives to be routed to different SBCs so that up to four SBCs can be supported from a single slot of the FSM storage device. Figure 3 shows the Vortex Flash Storage Module.

For large arrays of storage, a “port multiplier” connects multiple SATA devices, usually up to 15 drives. The port multiplier allows multiple drive access to a single host and the host stripes the drives to increase performance up to that of the single SATA link. However, many common SATA host ports do not support this capability because it is not a requirement of the SATA standard.

Data-at-Rest (DAR) Encryption

While Communications Security (COMSEC) has always been a high-priority issue in defense systems, its importance has greatly increased as a result of the military engagements resulting from 9/11. COMS and digital data security have taken on renewed and urgent importance because of the ready availability of technology that enables adversaries to easily intercept and exploit communications (Data in Transit) as well as gain access to restricted data retained on storage devices (Data at Rest). Data at Rest is a relatively new and increasingly critical problem driven by the explosive growth of low-cost, high-capacity storage devices.

Protecting Data at Rest is a different challenge due to the way that cryptographic key management can be done. In COMSEC, both ends of the communications can change keys as often as the user chooses. As long as both the transmitter and receiver change to the same key at the same time the communication is not interrupted and the adversary’s task to intercept and decode is far more difficult. Data at Rest is encoded by a key and then stored to the drive. The data is not decoded until sometime later usually after the mission and in a different location.

The same key used to encode the data must be used to decode the data from the drive. Thus, the key must be protected and transported to the location where decoding will take place. To accomplish this, the key may occur via one of several methods. It may be stored on the drive itself and zeroized immediately on emergency command, deterministically derived from an ID and password, or via other approved methods depending on the level of sensitivity for the data to be stored. Products for encryption of Data at Rest are emerging in the rugged storage market.

Understanding the Details

The challenge of VME and VPX rugged storage for airborne applications may at first seem like a very simple task. However, there are actually many intricate and detailed traits and characteristics of the flash memory technology that make these boards possible. Each attribute must be understood and acknowledged for the system to perform as expected. In particular, providing multiple levels of security for Data at Rest encryption on huge volumes of non-volatile memory has become the new frontier for VME and VPX data storage in airborne and ground vehicle environments.

Curtiss-Wright Controls Electronic Sytems

Santa Clarita, CA.

(937) 252-5601.

[www.cwcelectronicsystems.com].