As depicted in Figure 1, testing with Oracle Database Enterprise
Edition 11. 2.0.2 with Transparent Data Encryption (TDE)
AES-256 shows as much as a 10x speedup when inserting
one million rows 30 times into an empty table on the Intel
Xeon processor X5680 ( 3. 33 GHz, 36 MB RAM) using Intel
IPP routines, compared to the Intel® Xeon® processor X5560
( 2.93 GHz, 36 MB RAM) without Intel IPP. The testing also
demonstrated an 8x speedup to decrypt a 5. 1 million row table.
Time measured is per 8 KB of data and shown as encryption/
decryption processing rate in MB/CPU second.
Database Encryption
(Oracle Enterprise Edition 11. 2.0.2 TDE 256 Bit)
10X
speedup
559
Encryption rate
(MB/CPU seconds)
Intel® Xeon® Processor X5570
w/o Intel® Integrated
Performance Primitives
57
Intel® Xeon®
Processor X5680
w/ Intel® IPP
Database Decryption
(Oracle Enterprise Edition 11. 2.0.2 TDE 256 Bit)
8X
speedup
468
Encryption rate
(MB/CPU seconds)
Intel® Xeon®
Processor X5570
w/o Intel® IPP
58
Intel® Xeon®
Processor X5680
w/ Intel® IPP
Figure 1. Intel® Xeon® processor 5600 series encryption/decryption
performance with Oracle Enterprise Edition 11. 2.0.2 Advanced
Security TDE 256 bit.
In addition to the performance benefits available using Intel
AES-NI in Oracle solutions, the execution of the instructions
in hardware provides an added measure of protection from
software-based attacks. This factor helps overcome some
vulnerabilities in conventional software AES implementations,
where the key can be determined from observing data lookup
patterns, table lookups in and out of memory, and caches.
Recommendations for Using Intel® AES-NI
To further illustrate the value of Intel AES-NI in real-world
implementations with the Intel Xeon processor 5600 series,
consider the following usage models:
• Secure Web transactions. IP-connected n-tier applications
can dramatically improve SSL performance, accelerating
implementations such as e-commerce sites.
• Enterprise applications. AES-NI enables DBAs and other
administrators to speed up robust encryption for e-mail,
collaborative applications, enterprise resource planning,
customer relationship management, and other operations.
• Full disk encryption (FDE). The growing popularity of FDE
through features such as Microsoft Windows* BitLocker*
demonstrates the value of speeding up those operations.
Developers and DBAs who want to implement Intel AES-NI in
new or existing solutions have three primary options: using OS
libraries, third-party libraries, or coding by hand using the new
instructions. The most common (and simplest) of these options
is to use services provided by the OS or functions provided by
libraries. Support for Intel AES-NI in Windows Server*, Linux*,
and OpenSolaris* continues to grow. Likewise, compiler support
for those who want to implement AES-NI directly is available
in the Intel® Compilers, GNU Compiler Collection, and Microsoft
compilers, among others.
The seven instructions offered by Intel AES-NI on the Intel
Xeon processor 5600 series deliver advantages in terms of the
robustness and resource usage associated with encryption in
common implementations. This important development helps
DBAs and developers resolve traditional conflicts between
security and performance, helping to create stronger, more
successful solutions.
To learn more about Intel AES-NI,
read the full white paper at:
www.intel.com/Assets/en_
US/PDF/whitepaper/Intel_AES-NI_
White_Paper.pdf
INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY
INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL’S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES
NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR
WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY
RIGHT. UNLESS OTHERWISE AGREED IN WRITING BY INTEL, THE INTEL PRODUCTS ARE NOT DESIGNED NOR INTENDED FOR ANY APPLICATION IN WHICH THE FAILURE OF THE
INTEL PRODUCT COULD CREATE A SITUATION WHERE PERSONAL INJURY OR DEATH MAY OCCUR.
Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked
“reserved” or “undefined.” Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information here
is subject to change without notice. Do not finalize a design with this information. The products described in this document may contain design defects or errors known as errata which may cause the
product to deviate from published specifications. Current characterized errata are available on request. Contact your local Intel sales office or your distributor to obtain the latest specifications and
before placing your product order. Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling 1-800-548-4725, or by
visiting Intel’s Web Site http://www.intel.com/.
*Other names and brands may be claimed as the property of others.
Copyright © 2010 Intel Corporation. All rights reserved. Intel, the Intel logo, and Xeon are trademarks of Intel Corporation in the U. S. and other countries.
