Jason Wood

Encryption At Rest (EAR) Performance Impact

Discussion created by Jason Wood on May 26, 2018
Latest reply on May 27, 2018 by wimdecorte

I couldn't find much information on EAR performance impacts so I did an experiment and here are my results.

 

This was a real-world data migration script that created 380,000 records in 3 tables adding 314MB to the file (from 74 to 388MB on the unencrypted version). The source file was unencrypted in both cases.

 

I ran the script in FMS 17 (server scheduled script) on an AWS EC2 c5d.large (4GB memory with directly attached NVMe SSD), which I believe should be reliably delivering consistent performance at all times of day.

 

Side note for AWS enthusiasts: in a separate test I found that the c5d.large instance was pretty consistently 30% faster than t2.small with t2 unlimited, for roughly 5 times the cost... I selected it just for this migration because it was originally taking about 7 days to run! Obviously, I got a FAR bigger boost from code optimization than by changing hardware.

 

Unencrypted file: 146 minutes and 1 second.

 

EAR encrypted file: 149 minutes and 2 seconds.

 

Overall difference: 2.07% slower with EAR

 

I was logging the time in milliseconds for each iteration of the outermost loop (there were 10,600 iterations). When the script started, the EAR file was only 0.7% slower (based on combined for first 10 iterations). By the end of the script, when the file was much larger, the EAR file was then taking 5.7% longer.

 

Obviously, these results may vary depending on your database structure, size, and the type of processing you are doing. YMMV!

 

Additional side note for AWS enthusiasts! Can anyone help me with an AMI question? AWS AMI with FMS

Outcomes