使用KMS的AWS RDS加密会影响性能? [英] Does AWS RDS encryption with KMS affect performance?
问题描述
亚马逊状态
加密和解密被透明地处理,所以你不必修改你的应用程序来访问您的数据
Encryption and decryption are handled transparently so you don’t have to modify your application to access your data
我的应用程序(Rails,MySQL,Elasticsearch)构建了大量图形,因此查询了大量数据。从我以前的数据库加密经验来看,它真的影响数据检索速度(因为我们只能说读取和解密之后记录匹配条件)。
My application (Rails, MySQL, Elasticsearch) builds a lot of graphics and therefore queries a lot of data. From my prior experience with database encryption, it really affects data retrieving speed (as we can only say if record matches condition after reading and decryptng it).
有没有相关的基准?或者也许你已经从AWS的这种服务器端加密工作?我需要担心性能变化吗?
Is there any relevant benchmarks? Or maybe you have worked with such server-side encryption from AWS? Do I need to worry about performance changes at all?
此外,我也可能以同样的透明方式对Elasticsearch数据进行加密。我也会使用你的建议
Also it's not quite clear for me is it possible to also encrypt Elasticsearch data in same 'transparent' way. I'd also use your advice on that
推荐答案
根据我以前的数据库加密经验,真的影响
数据检索速度(因为我们只能说如果记录匹配条件
读取和解密后)。
From my prior experience with database encryption, it really affects data retrieving speed (as we can only say if record matches condition after reading and decryptng it).
如果每个记录的每个值在插入数据库之前被加密,那将是如此。这不是RDS加密的工作原理。 RDS加密通过对数据库存储的EBS卷进行加密来起作用。对于RDS数据库引擎,数据似乎不加密。与在EC2服务器上连接的EBS卷启用加密相同。
That would be the case if each value of each record was encrypted before being inserted into the database. That's not how RDS encryption works. RDS encryption works by enabling encryption of the EBS volume(s) that the database is stored on. To the RDS database engine the data does not appear to be encrypted. It's the same as enabling encryption on an EBS volume attached to your EC2 server.
关于性能,在RDS和EBS上启用加密时,我没有注意到任何性能下降。根据AWS文档此处:
Regarding performance, I have not noticed any decrease in performance when enabling encryption on RDS and EBS. Per the AWS documentation here:
您可以预期加密卷上的IOPS性能与
将与未加密的卷一样,对延迟的影响最小。
you can expect the same IOPS performance on encrypted volumes as you would with unencrypted volumes, with a minimal effect on latency.
请注意,这是休息加密。如果您还需要将数据传输过程中加密,那么您将需要查看使用SSL连接的所有数据库连接,并可能启用数据库中的设置来实施SSL连接。
Note that this is "encryption at rest". If you also need the data to be "encrypted in transit" then you will need to look into using SSL connections for all your database connections, and possibly enabling a setting in your database to enforce SSL connections.
关于您的第二个问题,AWS目前似乎并不支持ElasticSearch服务的休息加密。对于传输中的加密,您可以使用HTTPS连接,根据AWS支持响应这个问题:
Regarding your second question, AWS does not appear to support encryption-at-rest for the ElasticSearch service at this time. For encryption-in-transit you can use HTTPS connections, as per the AWS Support response to this question:
您可以使用https与您的域进行加密通信。
You can use https for encrypted communication with your domain.
节点之间的通信不加密。节点本身是在我们的VPC内托管的
,节点之间的所有通信都保持
。
Communication between nodes is not encrypted. The nodes themselves are hosted within our VPC, and all communication between nodes remains within it.
这篇关于使用KMS的AWS RDS加密会影响性能?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
