ITMS support for Database Encryption
search cancel

ITMS support for Database Encryption

book

Article ID: 278689

calendar_today

Updated On:

Products

Client Management Suite IT Management Suite

Issue/Introduction

Your IT department wants to install Data At Rest Encryption (DARE) and you need to know if this is supported by the ITMS application or not.

Environment

ITMS 8.x

Resolution

Data At Rest Encryption (DARE) is software that is typically installed on a SQL Server.  Broadcom does not own or support the SQL Server instance outside of making it work with ITMS.  Microsoft is paid for SQL Server support, licensing, etc. and not Broadcom. 

As Broadcom does not own support of their customer's SQL Server Database, it's not Broadcom's place to tell customer's what to do with their SQL Server.  If they want to install DARE on their SQL box, or any other applications they are welcome to do that.  Additionally Broadcom does not test with DARE installed, and technically it isn't supported so Broadcom Support does not have any experience with how this may affect your ITMS environment. 

As a note, Microsoft has a similar solution to DARE called Transparent Data Encryption (TDE) which is installed to encrypt SQL Server Database files at rest. For Reference see Data at Rest.

This Microsoft article states that there is a Performance Impact by implementing TDE:

Performance impact

TDE has an estimated performance impact around 3-5% and can be much lower if most of the data accessed is stored in memory. The impact will mainly be on the CPU, I/O will have a smaller impact. See the SQL documentation on this topic for more details.

Broadcom is not aware of the Performance Impact of any other DARE solutions so this would be a great question for your vendor. 

Broadcom suggests to customers that would like to use DARE or TDE to validate that they have the Hardware Performance needed to run such an application, and be prepared for any effects on the following areas of their ITMS environment as the following areas are highly driven by SQL Performance:

  • SMP Console Performance
  • Hierarchy replication cycles
  • IT Analytics reporting and especially cube processing
  • Any big SQL Reports run by the customer
  • Increased time to process the Delta Resource Membership Update (DRMU)
  • Configuration Update times may need to be increased due to longer DRMU cycle
  • Longer times to process NSE files (Basic Inventory and other Inventory files sent to the SMP)
Powered by Wolken Software