R
Rob Fitzpatrick
Guest
Re performance, encryption is block-based and you pay the encryption/decryption cost for application data in two places: when a block is read from disk into a buffer pool and when a modified block is written out to disk. (Note that this isn't the only computational cost of TDE. By default, AI, BI, and probkup data are also encrypted.) Data within the buffer pools is in plain text. So the more efficiently you can cache that data, the less decryption overhead you will incur. If your objects to be encrypted are relatively static, you can leverage the Alternate Buffer Pool to keep them memory-resident. But that may not be enough of a performance bump to matter. I strongly encourage you to benchmark your application once you have developed your plan of what to encrypt and how. I agree with Keith about the performance hit. For us, encrypting one table and two indexes, the difference was in the measurement noise; not statistically significant. Don't encrypt more data than you need to.
Continue reading...
Continue reading...