All Products
Search

This Product

    ApsaraDB RDS:TDE test report

    Document Center

    ApsaraDB RDS:TDE test report

    Last Updated:Dec 25, 2025

    This topic describes the performance impact of Transparent Data Encryption (TDE) on RDS for MySQL instances with different specifications. It covers the effects on CPU and memory to help you decide whether to enable TDE.

    Test conclusions

    Enabling TDE reduces performance and increases CPU utilization on RDS for MySQL instances.

    • With low concurrency, the performance loss is significant, up to 20%. With high concurrency, the performance loss drops to below 5% because of factors such as I/O merging.

    • For an instance with 4 cores and 16 GB of memory, enabling TDE and accessing encrypted tables increases CPU utilization by 0.06% to 4.22%. For an instance with 8 cores and 32 GB of memory, the CPU utilization increases by 0.12% to 2.86%.

    • Overall, the performance loss is more significant in write-intensive scenarios, such as oltp_write_only and oltp_update_index.

    Test environment

    Configuration item

    Test scenario 1

    Test scenario 2

    Region and zone

    cn-hangzhou

    Network type

    Virtual Private Cloud

    Hardware architecture

    x86-64

    Storage type

    Premium Local SSDs

    CPU

    4 cores

    8 cores

    Memory

    16 GB

    32 GB

    Buffer Pool size

    12 GB

    24 GB

    Maximum IOPS

    7000

    12000

    Instance version

    mysql80_8.0.28_20230610

    Test dataset size

    41 GB

    Test tool

    Sysbench is an open source, modular, cross-platform, and multi-threaded benchmark tool used to evaluate the performance of a database system under a heavy load. For more information, see the Sysbench documentation.

    Test metrics

    • Transactions Per Second (TPS): The number of transactions that a database commits per second.

    • Average latency: The average time that the database takes to execute a transaction, measured in milliseconds (ms).

    Test table schema

    The default table schema for Sysbench is as follows:

    CREATE TABLE `sbtest8` (
  `id` int NOT NULL AUTO_INCREMENT,
  `k` int NOT NULL DEFAULT '0',
  `c` char(120) NOT NULL DEFAULT '',
  `pad` char(60) NOT NULL DEFAULT '',
  PRIMARY KEY (`id`),
  KEY `k_8` (`k`)
) ENGINE=InnoDB AUTO_INCREMENT=100001 DEFAULT CHARSET=utf8mb3

    Test procedure

    This test measures the performance of accessing encrypted tables on a TDE-enabled MySQL instance in different scenarios.

    1. Create an RDS for MySQL instance. For more information, see Create an RDS for MySQL instance.

    2. Create a database and an account. For more information, see Create a database and an account.

    3. On an ECS instance that runs Linux, run the following commands to install the MySQL client.

      • For CentOS, run sudo yum install mysql.

      • For Ubuntu, run sudo apt-get update and then run sudo apt install mysql-server.

    4. Open the MySQL command line interface and run the following command to connect to the RDS for MySQL database.

      mysql -h<database_endpoint> -u<username> -P<port_number> -p<password>
      Note

      To obtain the database endpoint and port number, see View and manage instance endpoints and ports.

    5. Exit the database and use the Sysbench tool to load the test data.

      Note

      • In this test, Sysbench is used to load 128 tables, each containing 100,000 records. The following script example uses the oltp_read_write model.

      • In the example code, the number of threads is 16. Replace this value with the actual number of threads, such as 1, 8, 16, 32, 64, 128, or 256.

      sysbench --db-driver=mysql --mysql-host=[database server host] --mysql-port=[database server port] --mysql-user=[database user name] --mysql-password=[database user password] --mysql-db=testdb --table_size=1000000 --tables=128 --threads=16 --time=60 oltp_read_write prepare

    6. Run the custom test script.

      sysbench --db-driver=mysql --mysql-host=[database server host] --mysql-port=[database server port] --mysql-user=[database user name] --mysql-password=[database user password] --mysql-db=testdb --table_size=1000000 --tables=128 --threads=16 --time=60 oltp_read_write run

    7. Clean up the data.

      sysbench --db-driver=mysql --mysql-host=[database server host] --mysql-port=[database server port] --mysql-user=[database user name] --mysql-password=[database user password] --mysql-db=testdb --table_size=1000000 --tables=128 --threads=16 --time=60  oltp_read_write cleanup

    Test scenario 1: Comparison for a 4-core 16 GB instance with Premium Local SSDs before and after TDE is enabled

    Test data

    Instance performance trend graphs for each model

    image.png

    image.png

    CPU

    image.png

    Performance data summary

    image.png

    image.png

    image.png

    Note

    rds_ssd_4c16g_tde_off[3]: The 4-core 16 GB RDS for MySQL instance with TDE disabled.

    rds_ssd_4c16g_tde_on[2]: The 4-core 16 GB RDS for MySQL instance with TDE enabled.

    Test scenario 2: Comparison for an 8-core 32 GB instance with Premium Local SSDs before and after TDE is enabled

    Test data

    Instance performance trend graphs for each model

    image.png

    image.png

    image.png

    Performance data summary

    image.png

    image.png

    image.png

    Note

    rds_ssd_8c32g_tde_off[11]: The 8-core 32 GB RDS for MySQL instance with TDE disabled.

    rds_ssd_8c32g_tde_on[12]: The 8-core 32 GB RDS for MySQL instance with TDE enabled.