Arun,
Which encryption algorithm are you using?
Best regards,
Nenad
http://nenadnoveljic.com/blog
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On ;
Behalf Of frits.hoogland@xxxxxxxxx
Sent: Donnerstag, 7. Juni 2018 07:40
To: arun.chugh1610@xxxxxxxxx
Cc: Givens, Steven; tim.evdbt@xxxxxxxxx; Oracle Mailing List
Subject: Re: Database Encryption
TDE is encryption. Adding encryption means that a step is added, which means
response time will increase.
As Tim said, gather statistics from execution on a SQL basis to first be sure
what you are talking about, and to make sure plans haven’t changed.
TDE encryption specifically is special in the sense that data on disk is
encrypted but lives unencrypted in the buffer cache. This means that if you can
get your active data set to remain in the buffer cache, you don’t get the
en/decryption penalty.
The hard part of diagnostics is that there are no wait events capturing
encryption time, nor is cpu time as being en/decryption time.
You could create a perf report or flame graph to see in which functions time is
spend, and see if these are used with en/de cryption to prove that that is
responsible for the time increase.
Just remember that nothing ever comes for free.
Verstuurd vanaf mijn iPhone
Op 7 jun. 2018 om 07:21 heeft Arun Chugh
<arun.chugh1610@xxxxxxxxx<mailto:arun.chugh1610@xxxxxxxxx>> het volgende
geschreven:
Local wallet is being used for storing the key.
Regards,
Arun
On Thu, Jun 7, 2018, 10:43 Givens, Steven
<sgivens@xxxxxxxx<mailto:sgivens@xxxxxxxx>> wrote:
Also are you using an HSM to store the encryption key or local wallet? Just
curious whether you might be having latency issues with an external key store.
________________________________
From: Arun Chugh <arun.chugh1610@xxxxxxxxx<mailto:arun.chugh1610@xxxxxxxxx>>
Date: June 6, 2018 at 11:38:05 PM CDT
To: tim.evdbt@xxxxxxxxx<mailto:tim.evdbt@xxxxxxxxx>
<tim.evdbt@xxxxxxxxx<mailto:tim.evdbt@xxxxxxxxx>>
Cc: Oracle Mailing List <oracle-l@xxxxxxxxxxxxx<mailto:oracle-l@xxxxxxxxxxxxx>>
Subject: [External] Re: Database Encryption
We are using TDE for encryption and also getting the wait event "CPU+wait for
CPU" ... As an evidence we decrypt the database and it behaviour back to normal
as it was prior to encryption.
On Thu, Jun 7, 2018, 09:31 Tim Gorman
<tim.evdbt@xxxxxxxxx<mailto:tim.evdbt@xxxxxxxxx><mailto:tim.evdbt@xxxxxxxxx<mailto:tim.evdbt@xxxxxxxxx>>>
wrote:
What evidence do you have that TDE has affected performance 40-50%?
Can you prove that there has not been a change in execution plans?
On 6/6/18 21:51, Arun Chugh wrote:
All,
We have encrypted almost all the datafiles of the database, post that the
performance of the database degraded to almost 40-50%
Could anyone suggest what is the other alternative method that we can use in
order to secure data with bit performance impact.
Regards,
Arun
____________________________________________________
Please consider the environment before printing this e-mail.
Bitte denken Sie an die Umwelt, bevor Sie dieses E-Mail drucken.
<html xmlns="http://www.w3.org/1999/xhtml";>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">p { font-family: Arial;font-size:9pt }</style>
</head>
<body>
<p>
<br>Important Notice</br>
<br />
This message is intended only for the individual named. It may contain
confidential or privileged information. If you are not the named addressee you
should in particular not disseminate, distribute, modify or copy this e-mail.
Please notify the sender immediately by e-mail, if you have received this
message by mistake and delete it from your system.<br />
Without prejudice to any contractual agreements between you and us which shall
prevail in any case, we take it as your authorization to correspond with you by
e-mail if you send us messages by e-mail. However, we reserve the right not to
execute orders and instructions transmitted by e-mail at any time and without
further explanation.<br />
E-mail transmission may not be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or incomplete. Also
processing of incoming e-mails cannot be guaranteed. All liability of Vontobel
Holding Ltd. and any of its affiliates (hereinafter collectively referred to as
"Vontobel Group") for any damages resulting from e-mail use is excluded. You
are advised that urgent and time sensitive messages should not be sent by
e-mail and if verification is required please request a printed version.</br>
Please note that all e-mail communications to and from the Vontobel Group are
subject to electronic storage and review by Vontobel Group. Unless stated to
the contrary and without prejudice to any contractual agreements between you
and Vontobel Group which shall prevail in any case, e-mail-communication is for
informational purposes only and is not intended as an offer or solicitation for
the purchase or sale of any financial instrument or as an official confirmation
of any transaction.<br />
The legal basis for the processing of your personal data is the legitimate
interest to develop a commercial relationship with you, as well as your consent
to forward you commercial communications. You can exercise, at any time and
under the terms established under current regulation, your rights. If you
prefer not to receive any further communications, please contact your client
relationship manager if you are a client of Vontobel Group or notify the sender.
Please note for an exact reference to the affected group entity the corporate
e-mail signature.
For further information about data privacy at Vontobel Group please consult <a
href="https://www.vontobel.com";>www.vontobel.com</a>.<br />
</p>
</body>
</html>
