The impact of encryption on performance

Introducing Db2® native encryption to an existing database increases required system resources, and impacts the throughput of running workloads.

The extent of this impact depends on two primary factors:
  • Whether CPU hardware acceleration exists that can be leveraged by Db2
  • How insulated your workload is from an increase in the latency of physical I/O requests
Db2 native encryption relies on the embedded IBM Global Security Kit (GSKit) software product to recognize and leverage built-in CPU hardware acceleration where possible. This acceleration makes a significant difference in the impact on both system resource consumption and application throughput. As of Db2 11.1, Db2 leverages the following CPU enhancements:
  • Intel Advanced Encryption Standard New Instructions (AES-NI) support
  • Power8 in-core support for the AES
  • zSeries CP Assist for Cryptographic Functions (CPACF)
Given that Db2 native encryption is implemented to encrypt and decrypt data as it goes to and from disk, the effect of encryption appears on any physical I/O request from Db2. In practical terms, the effect is that the I/O bandwidth of your system is reduced from its current level. How your workloads react to this change determines the impact to performance.

Since this change in the latency of physical I/O can negate the tuned configuration of an existing database system, it is recommended that you plan to retune a newly encrypted database. Retuning the database ensures that the impact of any new physical I/O wait time that is introduced by encryption is properly addressed.