SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


TDE (SQL2008R2) in a production environment?


TDE (SQL2008R2) in a production environment?

Poll
Are you using TDE (SQL2008R2) in a production environment?

22.22% - 2 votes Yes - 10 or more databases
22.22% 2 votes
0% - 0 votes Yes - 5-10 databases
0% 0 votes
11.11% - 1 vote Yes - 1-4 databases
11.11% 1 vote
22.22% - 2 votes No - but planning
22.22% 2 votes
0% - 0 votes No - used it before
0% 0 votes
0% - 0 votes No - but use it with SQL2012
0% 0 votes
0% - 0 votes No - but use it with SQL2014
0% 0 votes
33.33% - 3 votes No - I do not need encryption
33.33% 3 votes
11.11% - 1 vote
11.11% 1 vote
Member votes: 9, Guest votes: 0. You don't have permission to vote in this poll
Author
Message
MrAkki
MrAkki
Old Hand
Old Hand (392 reputation)Old Hand (392 reputation)Old Hand (392 reputation)Old Hand (392 reputation)Old Hand (392 reputation)Old Hand (392 reputation)Old Hand (392 reputation)Old Hand (392 reputation)

Group: General Forum Members
Points: 392 Visits: 481
Hello,

I'm wondering if TDE is used in an productive environment.

Thanks for your poll answer.

Cheers,
Akki
SQLRNNR
SQLRNNR
SSC-Dedicated
SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)

Group: General Forum Members
Points: 32529 Visits: 18556
I have a client that has TDE enabled for all databases on specific production servers. There is a fair amount of overhead with that.



Jason AKA CirqueDeSQLeil
I have given a name to my pain...
MCM SQL Server, MVP


SQL RNNR

Posting Performance Based Questions - Gail Shaw

Steve Jones
Steve Jones
SSC Guru
SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)

Group: Administrators
Points: 62985 Visits: 19111
I have a few friends with TDE enabled on large production databases (> 100GB) and fairly low overhead. Around 4-5% for their workload.

Overhead is workload dependent and can impact performance if the encryption load is heavy for your db or tempdb.

I give an encryption talk and in the 20 or so times I've delivered it, I have found about 20-30 people (out of the 250-300 people that have seen the talk) are using TDE. For most the overhead is low and it's a non issue. However, the majority of them have also not experienced a DR event, so they don't know about impacts for restoration under pressure and if their certificate backups are easily obtainable and good.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
SQLRNNR
SQLRNNR
SSC-Dedicated
SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)

Group: General Forum Members
Points: 32529 Visits: 18556
To be fair, this client is running about 1.5TB worth of databases in TDE. The impact is felt in about a 10% rise in cpu, and a 20x increase in number of locks and lock wait time. A lot of that is to do with the SQL workflow for their applications. And another big part of that is the demands it (encryption) places on tempdb.

As the indexes fragment throughout the day, the impact becomes more obvious. We will see continual slowdowns throughout the workday as the indexes get closer to 30% fragmentation.

Defrag the indexes and we are good for a little while. Disable tde and we are good for a long while.



Jason AKA CirqueDeSQLeil
I have given a name to my pain...
MCM SQL Server, MVP


SQL RNNR

Posting Performance Based Questions - Gail Shaw

Steve Jones
Steve Jones
SSC Guru
SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)

Group: Administrators
Points: 62985 Visits: 19111
Not to hijack too much, but is the data highly distributed towards numbers or characters? Large fields of text?

Is the impact more in tempdb or the user db?

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
SQLRNNR
SQLRNNR
SSC-Dedicated
SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)

Group: General Forum Members
Points: 32529 Visits: 18556
Steve Jones - SSC Editor (8/7/2014)
Not to hijack too much, but is the data highly distributed towards numbers or characters? Large fields of text?

Is the impact more in tempdb or the user db?


yes Wink

they have large text fields. They have guids as the clustering key - big impact on it.

Tempdb is less of an issue than the fragmentation of the indexes.

I think the bigger issue is really that the fragmentation becomes a lot more noticeable because of the little bit of a hit that is caused by TDE.

Nothing a lot of code tweaking and perf tuning can't really handle.



Jason AKA CirqueDeSQLeil
I have given a name to my pain...
MCM SQL Server, MVP


SQL RNNR

Posting Performance Based Questions - Gail Shaw

Steve Jones
Steve Jones
SSC Guru
SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)

Group: Administrators
Points: 62985 Visits: 19111
That makes sense. Text encryption/decryption is expensive. Working with numbers is much easier and gives much, much less of a hit.

Akki, does this help you?

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
GilaMonster
GilaMonster
SSC Guru
SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)

Group: General Forum Members
Points: 87783 Visits: 45272
SQLRNNR (8/7/2014)
I think the bigger issue is really that the fragmentation becomes a lot more noticeable because of the little bit of a hit that is caused by TDE.


And fragmentation means memory's used less efficiently (because of half-full pages), which means more pages read in from disk, which means more decryption overhead.

Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass


MrAkki
MrAkki
Old Hand
Old Hand (392 reputation)Old Hand (392 reputation)Old Hand (392 reputation)Old Hand (392 reputation)Old Hand (392 reputation)Old Hand (392 reputation)Old Hand (392 reputation)Old Hand (392 reputation)

Group: General Forum Members
Points: 392 Visits: 481
Hi,

the posts help a lot.
I did some testing in our environment and I get about 10% slower performance with TDE enabled. Which is quite okay. :-)

Thanks for the info about the index fragmentation, I will keep an eye on it, usually we perform an index defragmentation each night, so it should keep the indexes in a good shape.
Our databases are around 600 GB-800 GB each with a high OLTP load on it.

Thanks.

Best Regards,
Akki
SQLRNNR
SQLRNNR
SSC-Dedicated
SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)SSC-Dedicated (32K reputation)

Group: General Forum Members
Points: 32529 Visits: 18556
MrAkki (8/8/2014)
Hi,


I did some testing in our environment and I get about 10% slower performance with TDE enabled. Which is quite okay. :-)

Thanks.

Best Regards,
Akki


That is sooo good to hear.



Jason AKA CirqueDeSQLeil
I have given a name to my pain...
MCM SQL Server, MVP


SQL RNNR

Posting Performance Based Questions - Gail Shaw

Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search