Is there a performance impact to storage accounts with infrastructure encryption enabled for double encryption of data ?

RandyK 6 Reputation points
2021-02-02T13:05:54.38+00:00

Hi All,

I am thinking about enabling a storage account with infrastructure encryption enabled for double encryption of data to support a new file server that I am planning to migrate.

I am curious to know if there would be a significant performance impact given that this storage account will be hosting files for a file server.

This MS Docs only talks about the feature of a storage account with infrastructure encryption enabled for double encryption of data but does not mention if there is a performance impact.
https://video2.skills-academy.com/en-gb/azure/storage/common/infrastructure-encryption-enable?tabs=portal

I came across this MS Doc that mentions the performance impact of using Double encryption for PostgreSQL and I am wondering if there is something similar for file storage
https://video2.skills-academy.com/en-us/azure/postgresql/concepts-infrastructure-double-encryption

Thanks.

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,285 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,149 questions
Azure Disk Encryption
Azure Disk Encryption
An Azure service for virtual machines (VMs) that helps address organizational security and compliance requirements by encrypting the VM boot and data disks with keys and policies that are controlled in Azure Key Vault.
174 questions
Azure Disk Storage
Azure Disk Storage
A high-performance, durable block storage designed to be used with Azure Virtual Machines and Azure VMware Solution.
631 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Schroeder, Michael (CTR) 31 Reputation points
    2022-03-01T16:31:19.72+00:00

    You mean you actually expected to find an answer in Microsoft documentation? I'm sorry, I know that is sarcastic. It really is terribly frustrating how incomplete Microsoft documentation is, and the fact that they don't seem to care much about improving it.

    I'm pursuing the same question. Theoretically, there must be some performance hit for double encryption. That said, from the scant information Microsoft has documented, the second encryption is occurring at a hardware level and should present very little performance impact.

    I did find this bright spot for MySQL infrastructure double encryption (https://video2.skills-academy.com/en-us/azure/mysql/concepts-infrastructure-double-encryption), which states that a 5-10% performance impact can be expected. That is a big impact -- more that I would expect from hardware level encryption. So maybe I'm reading something into the documentation that is not there, or maybe this figure is only applicable to MySQL. In any case, it does create cause for concern on how double encryption would impact our non-database workloads.

    I've just about come to the conclusion I need to set up a lab and do some benchmark testing since Microsoft is not helping us out much. I'm posting this in hopes that somebody has already done this, and can provide results. Or maybe Microsoft can step up with some tangible information about the impact (or non-impact) of double-encryption?

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.