Description
Transparent Data Encryption (TDE) or Data Encryption at Rest is an option to encrypt all the data that is stored within a database’s physical files and also any backup files. TDE performs real-time encryption and decryption of the data and log files. The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. The DEK is a symmetric key secured by using a certificate stored in the master database of the server or an asymmetric key protected by an EKM module.
Microsoft states that a performance overhead of 2-4% is to be expected when reading and writing to disk encrypted with TDE. Although the data held on disk is encrypted, data held in memory (buffer pool) is unencrypted. SQL Server tries to keep data that is referenced repeatedly in the buffer pool. Therefore assuming the SQL instance is provisioned with enough memory, most read queries access the buffer pool and would not have to go to disk. Frequently used queries should not be affected performance-wise by TDE.
Based on Microsoft's overhead estimates and initial testing, configuring TDE will have minimum impact on the day to day functionality of Enterprise Vault.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.