Enabling Encryption in No-Integrity Mode

You want to run no-integrity on a production database?

Can you help us understand why?

> We are planning to implement TDE with no-integrity mode in our production (OE 11.5.1) database.

Do not do this.  Period.  No-integrity should never be used in production outside of strictly controlled maintenance activities run by people who understand the constraints and dangers of no-integrity mode.  Whoever created your plan does not.

I don't see the point in doing that -- why are you wanting to do this?  What benefit are you hoping for?

If you mean that you intend to have no-integrity mode on during a maintenance period during which you will implement TDE then 1) make sure you have a good backup before you start and 2) make sure to NOT  have -i enabled when you restart.

If you mean that you plan to run in production with no-integrity then I second Rob's comment with emphasis.  DO NOT DO THAT.  The database isn't kidding when it calls it "no-integrity".  If any little thing goes wrong you will be throwing away the database with no possibility of recovery.

I don't even see the point of enabling encryption with -i.  The common scenario for using -i is the binary load portion of a dump/load/rebuild.  People use -i because (a) it speeds up the process substantially, which means minimizing downtime substantially, and (b) you're starting from nothing, so if you crash and lose the database you can safely start over.

Enabling encryption and encrypting your objects doesn't have to be done all at once and doesn't have to be done offline.  Users can use the system while data is being encrypted.  Whereas you would have to keep users out of the system during initial encryption with -i because you can't guarantee the durability of their transactions.  That doesn't seem like it's worth the bother and the risk.

Also, FWIW, -r provides the same performance benefits as -i with slightly less risk.  You  shouldn't use either of them in production but in the carefully maintenance scenario with good backups (or when starting from scratch) -r is my preference.

> On Apr 28, 2017, at 5:29 AM, karasanr wrote:

>

> Is it fine implementing with no-integrity mode?

are you aware that no-integrity mode (-i) means that the possibility of crash recovery is turned OFF ?

Hi All,

Apologies for the delay in response, need to enable TDE for a table of 185 GB.  To reduce the maintenance window, we are planning to do it in no-integrity mode. We do take a backup before implementing it.

Let me test it with -r also.

Thanks all for your replies.

Thanks,

Karasanr

> To reduce the maintenance window

Why do you have a large maintenance window?

> Why do you have a large maintenance window?

It take 9 hours to encrypt and update the table blocks in normal mode, which completes in 3 hours with no-integrity mode.

> It take 9 hours to encrypt and update the table blocks in normal mode, which completes in 3 hours with no-integrity mode.

Maybe my memory is failing me, but I believe TDE is designed so you can encrypt your objects online.  And you can use proutil epolicy scan to monitor the progress.  So I don't see the need for a downtime window of 9 hours or 3 hours.  Am I missing something?

Also, what are your BI/AI settings? (BI block size, AI block size, BI cluster size, helper processes)