在上一篇文章“Oracle TDE和表空间中的数据量有关系吗?”中,我们证明了加密和解密的时间和表空间内是否有数据没有关系。
本文论证:加密和解密的时间基本相等,如果是Exadata,解密会稍快,因为Exadata支持解密卸载。
下面看下过程。
先给USERS表空间加2个数据文件:
ALTER TABLESPACE "USERS" ADD DATAFILE SIZE 8G;
ALTER TABLESPACE "USERS" ADD DATAFILE SIZE 8G;
在文件系统中查看,USERS表空间总共18GB:
$ pwd
/u01/app/oracle/oradata/ORCL/1C78AF4085C40F98E06500001702E44D/datafile$ ls -lh
total 20G
-rw-r-----. 1 oracle dba 591M Jul 5 04:19 o1_mf_sysaux_m8gt6mbr_.dbf
-rw-r-----. 1 oracle dba 451M Jul 5 04:19 o1_mf_system_m8gt6mbd_.dbf
-rw-r-----. 1 oracle dba 107M Jul 5 04:11 o1_mf_temp_m8gt6mby_.dbf
-rw-r-----. 1 oracle dba 236M Jul 5 04:16 o1_mf_undotbs1_m8gt6mbv_.dbf
-rw-r-----. 1 oracle dba 1.8G Jul 5 04:03 o1_mf_users_m8gt6mc1_.dbf
-rw-r-----. 1 oracle dba 8.1G Jul 5 04:20 o1_mf_users_m8gx1xrx_.dbf
-rw-r-----. 1 oracle dba 8.1G Jul 5 04:21 o1_mf_users_m8gx4mrj_.dbf
在以上输出中,最后3个数据文件均属于USERS表空间:
col file_name for a100
select file_name, user_bytes/1024/1024 as "SIZE_MB" from dba_data_files where tablespace_name = 'USERS';FILE_NAME SIZE_MB
---------------------------------------------------------------------------------------------------- ----------
/u01/app/oracle/oradata/ORCL/1C78AF4085C40F98E06500001702E44D/datafile/o1_mf_users_m8gt6mc1_.dbf 1809
/u01/app/oracle/oradata/ORCL/1C78AF4085C40F98E06500001702E44D/datafile/o1_mf_users_m8gx1xrx_.dbf 8191
/u01/app/oracle/oradata/ORCL/1C78AF4085C40F98E06500001702E44D/datafile/o1_mf_users_m8gx4mrj_.dbf 8191
以下是更详细的信息,SQL语句从SQL Developer中抄来的:
SELECT d.file_name "File_Name",d.file_id "File ID",round(MAX(d.bytes)/1024/1024,1) "Total (MB)",round((MAX(d.bytes) - NVL(SUM(f.bytes), 0))/1024/1024,1) "Used (MB)",round(NVL(SUM(f.Bytes), 0)/1024/1024,2) "Free (MB)",d.blocks "Blocks",autoextensible "Autoextensible",round(maxbytes/1024/1024,1) "Max. (MB)",d.maxblocks "Max. Blocks",d.status "Status",ROUND(SQRT(MAX(f.BLOCKS)/SUM(f.BLOCKS))*(100/SQRT(SQRT(COUNT(f.BLOCKS)) )), 2) "Frag. Index"
FROM DBA_FREE_SPACE f ,DBA_DATA_FILES d
WHERE f.tablespace_name(+) = d.tablespace_name
AND f.file_id(+) = d.file_id
AND d.tablespace_name = 'USERS'
GROUP BY d.file_name, d.file_id,d.blocks,autoextensible,maxbytes,maxblocks,status
union all
SELECT d.file_name "File_Name",d.file_id,round(MAX(d.bytes)/1024/1024,1) total_bytes,round((MAX(d.bytes) - NVL(SUM(f.bytes_used), 0))/1024/1024,1) used_bytes,round(NVL(SUM(f.Bytes_used), 0)/1024/1024,2) free_bytes,d.blocks,autoextensible,round(maxbytes/1024/1024,1) maxbytes,d.maxblocks maxblocks,d.status,ROUND(SQRT(MAX(f.BLOCKS_used)/SUM(f.BLOCKS_used))*(100/SQRT(SQRT(COUNT(f.BLOCKS_used)) )), 2) frag_idx
FROM GV$TEMP_SPACE_HEADER f ,DBA_TEMP_FILES d
WHERE f.tablespace_name(+) = d.tablespace_name
AND f.file_id(+) = d.file_id
AND d.tablespace_name = 'USERS'
GROUP BY d.file_name, d.file_id,d.blocks,autoextensible,maxbytes,maxblocks,status;File_Name File ID Total (MB) Used (MB) Free (MB) Blocks Aut Max. (MB) Max. Blocks Status Frag. Index
---------------------------------------------------------------------------------------------------- ---------- ---------- ---------- ---------- ---------- --- ---------- ----------- --------- -----------
/u01/app/oracle/oradata/ORCL/1C78AF4085C40F98E06500001702E44D/datafile/o1_mf_users_m8gx4mrj_.dbf 27 8192 1 8191 1048576 NO 0 0 AVAILABLE 52.89
/u01/app/oracle/oradata/ORCL/1C78AF4085C40F98E06500001702E44D/datafile/o1_mf_users_m8gt6mc1_.dbf 20 1810 1723.3 86.75 231680 YES 32768 4194302 AVAILABLE 100
/u01/app/oracle/oradata/ORCL/1C78AF4085C40F98E06500001702E44D/datafile/o1_mf_users_m8gx1xrx_.dbf 26 8192 1 8191 1048576 NO 0 0 AVAILABLE 52.89目前,这两个新增的8G数据文件中并没有数据。在第一个1.8G数据文件中,已有5张表:
SQL> ALTER SESSION SET nls_date_format = 'YYYY-MM-DD HH24:MI:SS';SQL> select sysdate from dual;
SYSDATE
-------------------
2024-07-05 04:55:35SQL> col table_name for a20
SQL> SELECT table_name,last_analyzed FROM dba_tables WHERE OWNER='SSB';
TABLE_NAME LAST_ANALYZED
-------------------- -------------------
SUPPLIER 2023-12-22 06:00:08
LINEORDER 2023-12-22 06:00:09
PART 2023-12-22 06:00:08
CUSTOMER 2023-12-22 06:00:08
DATE_DIM 2023-12-22 06:00:08
好了,下面开始加密表空间USERS。
秘钥已设置好,过程此处略。
使用 offline 加密和解密:
alter tablespace users offline;
set timing onSQL> alter tablespace users encryption offline encrypt;Tablespace altered.Elapsed: 00:05:12.20SQL> alter tablespace users encryption offline decrypt;Tablespace altered.Elapsed: 00:05:09.25
使用 online 加密和解密:
alter tablespace users online;
set timing onSQL> alter tablespace users encryption online encrypt;Tablespace altered.Elapsed: 00:08:08.80
SQL> alter tablespace users encryption online decrypt;Tablespace altered.Elapsed: 00:08:08.81
在线加密和在线解密过程中,数据库中的表可以正常访问:
SQL> select count(*) from ssb.lineorder;COUNT(*)
----------11997996
可以看到,加密和解密的时间几乎是相同的。
另外,通过top观测,无论是在线还是离线,解密消耗的CPU都小于加密。
更改指定窗口的位置函数moveWindow()的使用)
)
)
)
)