Oracle internals, debugging and undocumented features

Inside Encrypted tablespace 11g Part2

I have been vey busy these days but today finally I got some time ..

Well few weeks ago I did a post on encrypted tablespace in 11g  and one of the questions posted by Martin Beger ( Sorry I did not have a chance to replay earlier ) was that data are unencrypted in buffer cache.

I did some reading and research ( still working on my case as time permits )  and found that actually that’s a true statement.

So how it works?

1)  When you do select data are moved from storage ( encrypted data ) to buffer cache.

2) Data are DECRYPTED before loading buffer cache

3) Data are in CLEAR TEXT UNENCRYPTED inside buffer cache

Since most of  operations  ( index scans , table access ) are performed on clear text data  which are in buffer cache there is no differences in peformances  between encrypted tablespace ( unencrypted in buffer cache ) and unencrypted data.That’s the trick why encrypted tablespaces has better performances over regular TDE on table ( Have to test regular TDE on table – next workshop ).

Eventually we have to record data back to storage.

DB writer process during checkpoint will encrypted data before writing to disk (  I have proved this in my previous blog).

Now there is interesting point.According to Oracle   DIRECT PATH operations perform encryption inline.When log writer process write log buffer data to redo logs they are ENCRYPTED.If I am not mistaken in my case from previous post data were UNENCRYPTED inside redo log files but I did not use DIRECT PATH. That would be next test.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: