May 6, 2016 at 10:05 am
I am planning to enable Transparent Data Encryption (TDE) on SQL.
How to measure performance impact while enabling TDE on Large SQL DB [EX:2 TB in size]
and also time estimation to enable TDE on large SQL DB
Thank you,
May 9, 2016 at 9:26 am
Its been a while since I enabled TDE on anything outside of DEV. Its a CPU intensive operation so there is no way to guess at how long its going to take or what impact it will have on your system as there is far to many variables.
I don't have the figures from when I implmented it in prod at a previous company, but I do have the performance lab stats. Overall CPU utilisation whilst encrypting the data was a 6% increase, however that was on a 64 core server with 512GB of Ram and fibre channel SAN storage. The database in question was 4.5TB in size. It took a long long time if memory severs me well it was about 36 hours.
MCITP SQL 2005, MCSA SQL 2012
May 9, 2016 at 12:55 pm
The initial encryption can be a considerable hit, so depending on the db and application it supports you may want to do this outside of business hours.
Another couple of things to consider:
- A db with TDE turned on cannot take advantage of instant file initialization; all bits have to be zeroed out before use. This makes db file sizes and growths important to plan and monitor
- The same is true for backups
One of the things I am looking forward to in SQL Server 2016 is MS is finally taking advantage of AES-NI. This should add a performance boost to TDE encryption/decryption actions that can be offloaded to AES-NI enabled chips. Things like Oracle Database and event BitLocker have been able to take advantage of this for a while now.
Joie Andrew
"Since 1982"
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply