TDE is encryption. Adding encryption means that a step is added, which means
response time will increase.
As Tim said, gather statistics from execution on a SQL basis to first be sure
what you are talking about, and to make sure plans haven’t changed.
TDE encryption specifically is special in the sense that data on disk is
encrypted but lives unencrypted in the buffer cache. This means that if you can
get your active data set to remain in the buffer cache, you don’t get the
en/decryption penalty.
The hard part of diagnostics is that there are no wait events capturing
encryption time, nor is cpu time as being en/decryption time.
You could create a perf report or flame graph to see in which functions time is
spend, and see if these are used with en/de cryption to prove that that is
responsible for the time increase.
Just remember that nothing ever comes for free.
Verstuurd vanaf mijn iPhone
Op 7 jun. 2018 om 07:21 heeft Arun Chugh <arun.chugh1610@xxxxxxxxx> het
volgende geschreven:
Local wallet is being used for storing the key.
Regards,
Arun
On Thu, Jun 7, 2018, 10:43 Givens, Steven <sgivens@xxxxxxxx> wrote:
Also are you using an HSM to store the encryption key or local wallet? Just
curious whether you might be having latency issues with an external key
store.
________________________________
From: Arun Chugh <arun.chugh1610@xxxxxxxxx>
Date: June 6, 2018 at 11:38:05 PM CDT
To: tim.evdbt@xxxxxxxxx <tim.evdbt@xxxxxxxxx>
Cc: Oracle Mailing List <oracle-l@xxxxxxxxxxxxx>
Subject: [External] Re: Database Encryption
We are using TDE for encryption and also getting the wait event "CPU+wait
for CPU" ... As an evidence we decrypt the database and it behaviour back to
normal as it was prior to encryption.
On Thu, Jun 7, 2018, 09:31 Tim Gorman
<tim.evdbt@xxxxxxxxx<mailto:tim.evdbt@xxxxxxxxx>> wrote:
What evidence do you have that TDE has affected performance 40-50%?
Can you prove that there has not been a change in execution plans?
On 6/6/18 21:51, Arun Chugh wrote:
All,
We have encrypted almost all the datafiles of the database, post that the
performance of the database degraded to almost 40-50%
Could anyone suggest what is the other alternative method that we can use in
order to secure data with bit performance impact.
Regards,
Arun