We have begun a project to encrypt our SAP database using TDE. The project is being mandated by company policy, so there's not much choice involved. The particulars are:
Server O/S: HP-UX 11.31
CPU: HP Itanium
Oracle Version: 188.8.131.52 (64 bit)
DB Size: Approx 5 TB
SAP Kernel: 7.x
Our leadership is very concerned about performance impact. If you've encrypted your database, SAP or not, I am very interested in hearing if you about your database server's performance after encryption. Good news, bad news, either one.
I would post this on the SAP forums too - ORACLE 11g TDE (Transparent Data Encryption) on... | SCN
Typically, TDE adds up to 5% CPU overhead on encrypted databases.
While not SAP, a home grown system, have implemented TDE for all tablespaces in an 184.108.40.206 database and have found that performance impact is somewhat low, impact tended to be higher in parallel operations, normal OLTP transactions while did degrade did not impact user experience. Some batch processing with large parallel operations tended to see the largest impact and impact tended to vary based on how busy the CPU was but I do not think anything was higher then a 10% degradation on overall execution time. When we compressed and used TDE at the sametime the performance hit tended to vary more depending in if SELECT or DML, but DML for just TDE teded to see a bit larger hit then a SELECT. The previous post indicated a 5% CPU overhead, we tended to see overhead a little higher I think the system administrator said it was around 7-8%, but they indicated it was under 10% and over 5% on average. Can not say no impact, but we did not see significant impact to overall user experience. Just a summary of what I have seen with TDE in this case.
make sure to apply Patch 14468919 , it helps reducing overhead doing a less severe block checking on decryption.
We check blocks coming out of encryption for their sanity, however the check doesn't need to be exhaustive,
I can give you some feedback based on direct experience, since we recently migrated from a non-encrypted Oracle database (11g Enterprise Edition Release 220.127.116.11.0) to a new server with TDE encryption (same db version).
Our application is a data warehouse with massive volumes of data (several Terabytes) and some very large tables.
After migrating to the new server, which was much more powerful than the old one, we were surprised to discover that performance was much worse (about twice as slow, on average, measured on our typical user queries).
A study on the causes of performance degradation showed that TDE was the source of the problem, causing a saturation of the individual CPU's (don't look at the aggregated CPU average load, that's misleading).
Basically, we were fooled by the official Oracle documentation that estimated the performance impact of TDE in the range of 5-8%. A more in-depth examination showed that this small impact may be true on operations that involve a small amount of data. With full table scans on large tables however, the truth is that performance can be an order of magnitude (5-10 times) slower than without TDE.
If you want more info, have a look at this excellent article (in two parts):