Oracle Advanced Security, TDE, network encryption and AES-NI support ?
Date: Wed, 2 Sep 2015 20:47:57 +0000
Message-ID: <9F15274DDC89C24387BE933E68BE3FD317BE1A28_at_MISOUT7MSGUSRCD.ITServices.sbc.com>
Does AES-NI benefit Oracle network encryption? Oracle Advanced Security Transparent Database Encryption (TDE) leverages hardware acceleration by supporting the Intel AES-NI instruction set. This Intel cpu feature provides hardware acceleration when using software that supports AES-NI, which Oracle 11g does as far as TDE is concerned. AMD also has a similar feature, as does Sparc T4+. What I cannot find out is if network encryption via either jdbc or sql*net also leverages AES-NI.
I did find a blurb somewhere that AES primitives are not included in java until 1.8, but that might not apply to jdbc. In my case jdbc support for AES-NI is the higher priority, along with TDE. Has anybody looked into this before ?
Performance Tip- If you are running Oracle 11g+ using TDE on an Intel processor, make sure that AES-NI is enabled at the BIOS level. In Linux, do a cat /proc/cpuinfo | grep aes to search for the aes option flag. If present, the OS detected aes-ni. If not, aes is either not in the cpu, or turned off at the BIOS level. I am assuming Oracle on Windows also supports AES- checking my Win8 box with CPU-Z shows AES activated. Check Intel ARK for your specific cpu model (also found in output of /proc/cpuinfo) to see if AES-NI is supported.
-- http://www.freelists.org/webpage/oracle-lReceived on Wed Sep 02 2015 - 22:47:57 CEST