Wednesday, June 8, 2011

Transparent Data Encryption and Impact on Performance

Transparent Data Encryption (TDE), at first blush, appears to be a great solution for real-time encryption of databases and database backups with little administrative effort.  Applications do not have to be modified to access data while using this feature. 

A good overview showing implementation of TDE is found here.

What are the performance implications?  Are there any performance issues related to other non-encrypted databases on the same SQL Instance as the encrypted database?  What is the effect on page/row compression and backup compression?

DatabaseJournal.com posts an excellent review of TDE and performance tests.  Summerizing their listed caveates with TDE:
  • TDE is a SQL Server 2008 Enterprise-only feature.
  • Performance hit is largely dictated by the application workload, in some of the testing, the overhead was measured to be less than 5%.
  • When you turn on TDE for one database in an instance, tempdb is encrypted for all databases on that instance.
  • Encrypted data compresses significantly less than equivalent unencrypted data; using TDE and backup compression together is not recommended.
  • While a re-encryption scan for a database encryption operation is in progress, maintenance operations to the database are disabled.

No comments:

Post a Comment