Introduction: Encrypting Oracle Workloads becomes Cost-effective and Mandatory
This research is an introduction to a much more detailed research paper entitled “Encrypting Oracle Workloads becomes Cost-effective and Mandatory” The more detailed paper goes into greater depth into:
- Price-performance analysis of different encryption architectures;
- Performance analysis on application latency of different encryption architectures;
- Limitations of the Wikibon benchmark analysis;
- Conclusions.
In earlier research, Wikibon has defined high-value workloads, and analyzed the benefit of optimizing these environments for performance rather than cost. Wikibon has also looked in depth at the development of processor technologies which integrate with traditional processors, as well as the requirement for software to be written into the silicon. Wikibon has found that software performance can be optimized with the utilization of additional silicon such as:
- GPUs (Graphical Processor Units);
- FPGAs (Field-Programmable Gate Arrays);
- Additional Instructions (such as the Intel AES-NI for encryption)
- Coherent memory systems (such as OpenPOWER Foundation OpenCAPI and Nvidia’s NVLink), which allow interrupt-free coherent sharing of data between all the processing elements.
Figure 1 below summarizes the cost-performance findings of this research. The technologies analyzed are the POWER8 (IBM, E880 processor), the Xeon 2.30GHz E5-2699 v3 (HPE Superdome), and the SPARC M7 (Oracle, T7 server series) against a base system of the Xeon E5-2699 V3. The base unit of processing is defined as that done by a single core on an Xeon E5-2699 V3, which represents the current workhorse for general-purpose processing. The analysis is shown with and without encryption, which is assisted in all the configurations by special instructions:
- In the case of Xeon technologies, the additional Intel AES-IN Instructions are deployed for encryption, which sets a base-line for comparison with alternative technologies;
- In the case of POWER8 there are five in-core vector instructions that speed up the AES (Advanced Encryption Standard) algorithm steps, but these are not inline for Oracle database software;
- In the case of SPARC M7 technology, the use of a specialized instructions in the processor pipeline for reducing the encryption overhead.
The cost numbers in Figure 1 take into account:
- System costs optimized for large high-value systems – i.e., used in large-scale single systems significantly greater that 150 cores with large system memories utilizing fast storage (e.g., flash), and are designed for very rapid fail-over and recovery.
- Oracle database software license costs.
- Hardware and software maintenance over 3 years.
Conclusions
Wikibon’s research concludes that the potential for system improvement has moved from traditional cycle-time and throughput measures to improvements in specific functionality, such as the ability to manage data reduction and encryption as a single integrated operation, or to use analytics to automate business procedures (e.g., fraud systems). The use of specialized inline instructions, FPGAs and GPUs can also assist enterprises to write higher function applications and improve performance bottlenecks in either transactional or batch system components.
Wikibon believes that implementation of end-to-end encryption databases, and integrating the encryption processes with specialized encryption off-load functions is the only viable path forward for implementing truly secure systems with acceptable encryption overhead. An analysis of benchmark results shows the Oracle SPARC M7-based servers as best of breed in terms of encryption overhead and impact on application latency.
Action Item:
Wikibon recommends that large-scale users of high-value applications using Oracle database with high security needs use end-to-end encryption as the most cost effective and most secure architecture. To be cost effective, systems with advanced offload encryption technologies with very low overheads are an important prerequisite for implementing best-of-breed security without impacting business productivity.
Footnotes:
Wikibon References: