This topic describes the impacts of Transparent Data Encryption (TDE) on the performance of ApsaraDB RDS for MySQL instances that use different instance types, including the impacts on the CPU and memory of the RDS instances. This helps you determine whether to enable TDE for an RDS instance.
Test conclusions
Enabling TDE on an RDS instance leads to performance loss and higher CPU utilization.
If a small number of concurrent queries are run on an RDS instance, the RDS instance can experience a performance loss as high as 20%. If a large number of concurrent queries are run on an RDS instance, the performance loss is reduced to less than 5% due to reasons such as I/O merging.
When TDE is enabled for an RDS instance that provides 4 cores and 16 GB of memory, accessing encrypted tables on the RDS instance may lead to an increase in CPU utilization that ranges from 0.06% to 4.22%. For RDS instance that provides 8 cores and 32 GB of memory, the increase in CPU utilization ranges from 0.12% to 2.86%.
On the whole, the performance loss is obvious in write scenarios such as oltp_write_only and oltp_update_index.
Test environment
Configuration item | Test scenario 1 | Test scenario 2 |
Region and zone | cn-hangzhou | |
Network type | Virtual private cloud (VPC) | |
Hardware architecture | x86 64 | |
Storage type | Local disk | |
CPU | 4 cores | 8 cores |
Memory capacity | 16 GB | 32 GB |
BP configuration | 12 GB | 24 GB |
Maximum IOPS | 7000 | 12000 |
Database engine version | mysql80_8.0.28_20230610 | |
Volumn of the test data set | 41 GB |
BP configuration refers to the size of the buffer pool, which is specified by the innodb_buffer_pool parameter.
TDE is not supported for ApsaraDB RDS for MySQL instances that use cloud disks.
Test tool
sysbench is an open source, modular, cross-platform, and multi-threaded benchmark tool that can be used to evaluate the performance of a heavily loaded database system. For more information about sysbench and how to use sysbench, see sysbench documentation.
Test metrics
Transactions per second (TPS): This metric indicates the number of transactions that are committed on an RDS instance per second.
Average latency: This metric indicates the average period of time that is required for an RDS instance to execute a transaction. Unit: milliseconds.
Test table schema
By default, sysbench uses the following table schema:
CREATE TABLE `sbtest8` (
`id` int NOT NULL AUTO_INCREMENT,
`k` int NOT NULL DEFAULT '0',
`c` char(120) NOT NULL DEFAULT '',
`pad` char(60) NOT NULL DEFAULT '',
PRIMARY KEY (`id`),
KEY `k_8` (`k`)
) ENGINE=InnoDB AUTO_INCREMENT=100001 DEFAULT CHARSET=utf8mb3
Test procedure
In this test, table columns are encrypted to analyze the impacts of TDE on the performance of an RDS instance in different scenarios.
Create an RDS instance. For more information, see Create an ApsaraDB RDS for MySQL instance.
Create a database and an account for the RDS instance. For more information, see Create databases and accounts for an ApsaraDB RDS for MySQL instance.
Run the following commands on the ECS instance that runs Linux to install the MySQL client:
If you use a CentOS operating system, run the
sudo yum install mysql
command.If you use an Ubuntu operating system, run the
sudo apt-get update
command and then thesudo apt install mysql-server
command.
Open the MySQL command-line tool and run the following command to connect to the RDS instance:
mysql -h<Endpoint of the RDS instance> -u<Username> -P<Port number> -p<Password>
NoteFor more information about how to obtain the endpoint and port number of an RDS instance, see View and manage instance endpoints and ports.
Exit the RDS instance and use sysbench to load the test data.
NoteIn the test, 128 tables are loaded by using sysbench, and each table contains 100,000 rows of data records. In the following example, the oltp_read_write model is used.
In the test, the number of threads is 16. Replace it with the actual number such as 1, 8, 16, 32, 64, 128, and 256.
sysbench --db-driver=mysql --mysql-host=[database server host] --mysql-port=[database server port] --mysql-user=[database user name] --mysql-password=[database user password] --mysql-db=testdb --table_size=1000000 --tables=128 --threads=16 --time=60 oltp_read_write prepare
Run the custom test script.
sysbench --db-driver=mysql --mysql-host=[database server host] --mysql-port=[database server port] --mysql-user=[database user name] --mysql-password=[database user password] --mysql-db=testdb --table_size=1000000 --tables=128 --threads=16 --time=60 oltp_read_write run
Delete data.
sysbench --db-driver=mysql --mysql-host=[database server host] --mysql-port=[database server port] --mysql-user=[database user name] --mysql-password=[database user password] --mysql-db=testdb --table_size=1000000 --tables=128 --threads=16 --time=60 oltp_read_write cleanup
Test scenario 1: Comparison between the performance of an RDS instance that provides 4 cores and 16 GB of memory and uses local disks before and after TDE is enabled
Test data
Performance trend charts of the RDS instance when different models are used
CPU
Performance data summary
rds_ssd_4c16g_tde_off[3]: the RDS instance for which TDE is disabled.
rds_ssd_4c16g_tde_on[2]: the RDS instance for which TDE is enabled.
Test scenario 2: Comparison between the performance of an RDS instance that provides 8 cores and 32 GB of memory and uses local disks before and after TDE is enabled
Test data
Performance trend charts of the RDS instance when different models are used
Performance data summary
rds_ssd_8c32g_tde_off[11]: the RDS instance for which TDE is disabled.
rds_ssd_8c32g_tde_on[12]: the RDS instance for which TDE is enabled.