Encrypt an Existing Database

In SAP ASE version 16.0, you can encrypt an unencrypted database using the alter database command.

Depending on the size of the database, encryption might can take a while. For this reason, the command returns as soon as the database is marked for encryption. Encryption occurs in the background and the process is transparent to users. To check on the status and progress of database encryption, run the sp_helpdb system procedure, the dbencryption_status() built-in function, or the SAP Control Center user interface. Keep in mind:

Restrictions:
The syntax is:
alter database database_name
{encrypt with key_name [parallel degree_of_parallelism]
| resume encryption [parallel degree_of_parallelism]
| suspend encryption
}
where:
This example alters an existing database called existdb for encryption using an encryption key called dbkey:
alter database existdb encrypt with dbkey
The example does not specify the parallel degree, leaving it up to SAP ASE to determine how many worker threads should be initiated to encrypt existdb in parallel.

In addition to the parallel degree, another major factor that affects database encryption performance is the buffer pool size. A sufficient buffer cache and appropriate size of buffer pool enable SAP ASE to load a large chunk of pages into memory for every disk read, perform encryption, and write them back.

The following example shows the steps you can take to configure both the buffer cache and buffer pool size for a database called demodb that will be encrypted:
  1. Create a specific data cache for demodb:
    sp_cacheconfig demodb_cache, '10M'
    This creates a named buffer cache called demodb_cache with 10MB of space for database pages.
  2. Create the specific size of buffer pool . The buffer pool size should be 8 times of database page size. For example, the database page size is 2K by default, therefore the buffer pools size should be 8 x 2 = 16K:
    sp_poolconfig demodb_cache, '10M' , '16k'
    This creates a 10MB buffer pool of buffers with a size that is 16K in the named cache called demodb_cache.
  3. Bind the database to the buffer cache:
    sp_bindcache demodb_cache, demo_db
Related concepts
dbencryption_status
sp_helpdb
Suspend the Encryption Process
Resume the Encryption Process
Decrypt an Encrypted Database
Suspend the Encryption Process
Resume the Encryption Process
Related reference
alter database for Full Database Encryption