Article ID: 922121 - View products that this article applies to.
You may experience decreased performance in some Microsoft SQL Server features when you use Encrypting File System (EFS) to encrypt the database files.
When you use EFS to encrypt a database file, the complete content of the database file is encrypted. This occurs regardless of the actual data and metadata that is contained in the database file. For more information about EFS best practices, see the following Microsoft Knowledge Base article:
(https://support.microsoft.com/en-us/kb/223316)Best practices for the Encrypting File System
When SQL Server performs an I/O operation on an EFS-encrypted database file, the I/O operation is synchronous. Therefore, you may experience decreased performance in some features of SQL Server. For example, performance of the read-ahead feature and of the checkpoint feature may be decreased.
When a SQL Server worker thread performs an I/O operation on an EFS encrypted database file, the worker thread waits until the current I/O operation on the EFS encrypted database file is completed. Additionally, the SQL Server scheduler will be stalled until the current worker thread continues. Therefore, the SQL Server worker threads that remain on the SQL Server scheduler will be pending until the first worker thread continues the I/O operation. In this scenario, the performance of SQL Server is decreased.
You can avoid this problem by using the SQL Server native encryption feature in server installations of SQL Server.
If you must use EFS to encrypt the database files in a SQL Server installation, you can specify the SQL Server I/O affinity mask option. For more information about the affinity I/O mask option, see the following article at SQL Server books online:
Affinity I/O mask server configuration optionWhen you use the SQL Server I/O affinity mask option, I/O operation requests on EFS encrypted database files are assigned to a separate SQL Server scheduler. Although the I/O operations are still synchronous with EFS encrypted database files, the SQL Server worker thread will continue without waiting for the current I/O operation with the EFS encrypted database file to be completed.
Note Alternatively, you may want to consider hosting the EFS encrypted database files on a separate instance of SQL Server.
For more information about how to set the SQL Server I/O affinity option, click the following article numbers to view the articles in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/298402/ )INF: Understanding how to set the SQL Server I/O affinity option
(https://support.microsoft.com/en-us/kb/2157114)The "affinity mask" and "affinity I/O mask" configuration should not conflict
Article ID: 922121 - Last Review: May 20, 2015 - Revision: 2.0