Using encryption with shares can have CPU performance impacts, as follows:
The AES-128-CCM mode has the lowest CPU performance impact and is recommended for all workloads where there are no LOCAL security requirements.
When encrypted data is read, it is stored decrypted and decompressed in DRAM. For read-dominate workloads that can be serviced read-dominant from the DRAM cache, the impact of decrypting the data is minimal.
When SSD cache devices are used, data blocks evicted out of DRAM to the cache are compressed and encrypted and must be decrypted and decompressed when retrieved back into DRAM.
For workloads that are write-dominant and use larger block sizes, especially 128 kilobytes and 1 megabyte, there can be a significant CPU impact resulting in lower throughput. This is particularly likely if the filesystem record size or LUN volume block size is larger than the application block size.
Related Topics