| TDE Related Question [message #590640] |
Sat, 20 July 2013 15:46  |
 |
VIP2013
Messages: 91
Registered: June 2013
|
Member |
|
|
I am using 11g release-2 version of oracle.
We are supposed to apply TDE on our database PI column. we are having two PI column clear to us, around 30 of the table will be impacted and 25 of the tables are having one of the PI column in them, rest 5 are having both two PI columns in them. And also there was no index/data type related issue associated with the columns, and 5 tables were big in size (more than 30GB), also some tables have indexes lying in other tablespaces that that of the table, so i had decided to go for Column level encryption.
But our architect team suggests us to go for tablespace level encryption, as its implemented well in 95% of the other places. So i am having below questions.
1. I read from oracle documentation, column level encryption will affect 'select' and 'insert' during encryption/decryption having ~5% performnace overhead per column and tablespace encryption will be having 5% to 8% of performnace overhead, so whether this(tablespace encryption) overhead is for DML or SELECT query or Index rebuild or any other operation and how?
http://docs.oracle.com/cd/E11882_01/network.112/e10746/asotrans.htm
2. How tablespace encryption will be beneficial compare to column level encryption considering my case above?
3. If will go for tablespace encryption then, Should i move all the tables/existing object on the tablespaces to encrypted tablespace or only specificly those which contains PI data?
[Updated on: Sat, 20 July 2013 15:51] Report message to a moderator |
|
|
|
|
|
|
|
| Re: TDE Related Question [message #590650 is a reply to message #590647] |
Sun, 21 July 2013 02:08  |
John Watson
Messages: 8964
Registered: January 2010
Location: Global Village
|
Senior Member |
|
|
|
Your research seems to have answered your question: if performance is considered important, you need column level encryption. If no-one cares about performance, then don't bother to argue: simply follow the advice of your "architect team". Though I wonder how much thought they have put into it. Probably not a lot.
|
|
|
|
| Re: TDE Related Question [message #591076 is a reply to message #590650] |
Wed, 24 July 2013 11:33 |
|
VIP2013
Messages: 91
Registered: June 2013
|
Member |
|
|
Just before closing this discussion, want to share my test details, done on 11G Version 2 Release.
Test done by insrting 10000000 records into a table:
1.For inserts, Tablespace level TDE gives us more than ~10% gain in terms of elapsed time as compared to column level TDE
2.For SELECTS , Tablespace level TDE gives us more than ~100% gain in terms of elapsed time as compared to column level TDE. But it takes 14% more time compared to normal SELECT.
3.'Table space TDE' i.e. encrypted Tablespace requires exactly same space as that of as NORMAL Tablespace, no extra space needed. Whereas Column level TDE requires ~45% more space.
4.Regarding execution strategy, 'Alter table Move' is fastest than Table Redefinition and Export/import method.
[Updated on: Wed, 24 July 2013 11:34] Report message to a moderator |
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
