Arun,
Which encryption algorithm are you using?
Best regards,
Nenad
http://nenadnoveljic.com/blog
From: oracle-l-***@freelists.org [mailto:oracle-l-***@freelists.org] On Behalf Of ***@gmail.com
Sent: Donnerstag, 7. Juni 2018 07:40
To: ***@gmail.com
Cc: Givens, Steven; ***@gmail.com; Oracle Mailing List
Subject: Re: Database Encryption
TDE is encryption. Adding encryption means that a step is added, which means response time will increase.
As Tim said, gather statistics from execution on a SQL basis to first be sure what you are talking about, and to make sure plans havenât changed.
TDE encryption specifically is special in the sense that data on disk is encrypted but lives unencrypted in the buffer cache. This means that if you can get your active data set to remain in the buffer cache, you donât get the en/decryption penalty.
The hard part of diagnostics is that there are no wait events capturing encryption time, nor is cpu time as being en/decryption time.
You could create a perf report or flame graph to see in which functions time is spend, and see if these are used with en/de cryption to prove that that is responsible for the time increase.
Just remember that nothing ever comes for free.
Verstuurd vanaf mijn iPhone
Op 7 jun. 2018 om 07:21 heeft Arun Chugh <***@gmail.com<mailto:***@gmail.com>> het volgende geschreven:
Local wallet is being used for storing the key.
Regards,
Arun
On Thu, Jun 7, 2018, 10:43 Givens, Steven <***@fnni.com<mailto:***@fnni.com>> wrote:
Also are you using an HSM to store the encryption key or local wallet? Just curious whether you might be having latency issues with an external key store.
________________________________
From: Arun Chugh <***@gmail.com<mailto:***@gmail.com>>
Date: June 6, 2018 at 11:38:05 PM CDT
To: ***@gmail.com<mailto:***@gmail.com> <***@gmail.com<mailto:***@gmail.com>>
Cc: Oracle Mailing List <oracle-***@freelists.org<mailto:oracle-***@freelists.org>>
Subject: [External] Re: Database Encryption
We are using TDE for encryption and also getting the wait event "CPU+wait for CPU" ... As an evidence we decrypt the database and it behaviour back to normal as it was prior to encryption.
On Thu, Jun 7, 2018, 09:31 Tim Gorman <***@gmail.com<mailto:***@gmail.com><mailto:***@gmail.com<mailto:***@gmail.com>>> wrote:
What evidence do you have that TDE has affected performance 40-50%?
Can you prove that there has not been a change in execution plans?
On 6/6/18 21:51, Arun Chugh wrote:
All,
We have encrypted almost all the datafiles of the database, post that the performance of the database degraded to almost 40-50%
Could anyone suggest what is the other alternative method that we can use in order to secure data with bit performance impact.
Regards,
Arun
____________________________________________________
Please consider the environment before printing this e-mail.
Bitte denken Sie an die Umwelt, bevor Sie dieses E-Mail drucken.
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">p { font-family: Arial;font-size:9pt }</style>
</head>
<body>
<p>
<br>Important Notice</br>
<br />
This message is intended only for the individual named. It may contain confidential or privileged information. If you are not the named addressee you should in particular not disseminate, distribute, modify or copy this e-mail. Please notify the sender immediately by e-mail, if you have received this message by mistake and delete it from your system.<br />
Without prejudice to any contractual agreements between you and us which shall prevail in any case, we take it as your authorization to correspond with you by e-mail if you send us messages by e-mail. However, we reserve the right not to execute orders and instructions transmitted by e-mail at any time and without further explanation.<br />
E-mail transmission may not be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete. Also processing of incoming e-mails cannot be guaranteed. All liability of Vontobel Holding Ltd. and any of its affiliates (hereinafter collectively referred to as "Vontobel Group") for any damages resulting from e-mail use is excluded. You are advised that urgent and time sensitive messages should not be sent by e-mail and if verification is required please request a printed version.</br>
Please note that all e-mail communications to and from the Vontobel Group are subject to electronic storage and review by Vontobel Group. Unless stated to the contrary and without prejudice to any contractual agreements between you and Vontobel Group which shall prevail in any case, e-mail-communication is for informational purposes only and is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction.<br />
The legal basis for the processing of your personal data is the legitimate interest to develop a commercial relationship with you, as well as your consent to forward you commercial communications. You can exercise, at any time and under the terms established under current regulation, your rights. If you prefer not to receive any further communications, please contact your client relationship manager if you are a client of Vontobel Group or notify the sender.
Please note for an exact reference to the affected group entity the corporate e-mail signature.
For further information about data privacy at Vontobel Group please consult <a href="https://www.vontobel.com">www.vontobel.com</a>.<br />
</p>
</body>
</html>