SPARC T4-2 Server Beats Intel (Westmere AES-NI) on Oracle Database Tablespace Encryption Queries

Oracle's SPARC T4 processor with Encryption Instruction Accelerators greatly improves performance over software implementations. This will greatly expand the use of TDE for many customers.

  • Oracle's SPARC T4-2 server is over 42% faster than Oracle's Sun Fire X4270 M2 (Intel AES-NI) when running DSS-style queries referencing an encrypted tablespace.

Oracle's Transparent Data Encryption (TDE) feature of the Oracle Database simplifies the encryption of data within datafiles preventing unauthorized access to it from the operating system. Tablespace encryption allows encryption of the entire contents of a tablespace.

TDE tablespace encryption has been certified with Siebel, PeopleSoft, and Oracle E-Business Suite applications

Performance Landscape

Total Query Time (time in seconds)
System GHz AES-128 AES-192 AES-256
SPARC T4-2 server 2.85 588 588 588
Sun Fire X4270 M2 (Intel X5690) 3.46 836 841 842
SPARC T4-2 Advantage
42% 43% 43%

Configuration Summary

SPARC Configuration:

SPARC T4-2 server
2 x SPARC T4 processors, 2.85 GHz
256 GB memory
2 x Sun Storage F5100 Flash Array
Oracle Solaris 11
Oracle Database 11g Release 2

Intel Configuration:

Sun Fire X4270 M2 server
2 x Intel Xeon X5690 processors, 3.46 GHz
48 GB memory
2 x Sun Storage F5100 Flash Array
Oracle Linux 5.7
Oracle Database 11g Release 2

Benchmark Description

To test the performance of TDE, a 1 TB database was created. To demonstrate secure transactions, four 25 GB tables emulating customer private data were created: clear text, encrypted AES-128, encrypted AES-192, and encrypted AES-256. Eight queries of varying complexity that join on the customer table were executed.

The time spent scanning the customer table during each query was measured and query plans analyzed to ensure a fair comparison, e.g. no broken queries. The total query time for all queries is reported.

Key Points and Best Practices

  • Oracle Database 11g Release 2 is required for SPARC T4 processor Encryption Instruction Accelerators support with TDE tablespaces.

  • TDE tablespaces support the SPARC T4 processor Encryption Instruction Accelerators for Advanced Encryption Standard (AES) only.

  • AES-CFB is the mode used in the Oracle database with TDE

  • Prior to using TDE tablespaces you must create a wallet and setup an encryption key. Here is one method to do that:

  • Create a wallet entry in $ORACLE_HOME/network/admin/sqlnet.ora.
    ENCRYPTION_WALLET_LOCATION=
    (SOURCE=(METHOD=FILE)(METHOD_DATA=
    (DIRECTORY=/oracle/app/oracle/product/11.2.0/dbhome_1/encryption_wallet)))
    
    Set an encryption key. This also opens the wallet.
    $ sqlplus / as sysdba
    SQL> ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "tDeDem0";
    
    On subsequent instance startup open the wallet.
    $ sqlplus / as sysdba
    SQL> STARTUP;
    SQL> ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY "tDeDem0";
    
  • TDE tablespace encryption and decryption occur on physical writes and reads of database blocks, respectively.

  • For parallel query using direct path reads decryption overhead varies inversely with the complexity of the query.

    For a simple full table scan query overhead can be reduced and performance improved by reducing the degree of parallelism (DOP) of the query.

See Also

Disclosure Statement

Copyright 2011, Oracle and/or its affiliates. All rights reserved. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Results as of 9/26/2011.
Comments:

Post a Comment:
Comments are closed for this entry.
About

BestPerf is the source of Oracle performance expertise. In this blog, Oracle's Strategic Applications Engineering group explores Oracle's performance results and shares best practices learned from working on Enterprise-wide Applications.

Index Pages
Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today