Introduction

Confidential computing refers to a combination of hardware and software security features built into the CPU virtualization environment that protect data while it is being processed (data in use). It enables sensitive workloads to run within securely isolated spaces known as Trusted Execution Environments (TEEs). These TEEs use embedded encryption keys and attestation mechanisms designed to ensure that only authorized application code can access protected data. Even users with administrative privileges cannot access the contents of a TEE, keeping in-use data secure from unauthorized access.

The Oracle Cloud Infrastructure (OCI) Confidential Computing solution is available on OCI VM instances powered by second-generation and third-generation AMD EPYC processors. OCI Confidential Computing-enabled VMs use AMD Secure Encrypted Virtualization (SEV) technology, while OCI Confidential Computing bare metal instances use AMD Transparent Secure Memory Encryption (TSME) technology. Currently, OCI Confidential Computing supports different shapes including E4 Flex VMs, while bare metal configurations support E5 series CPUs. In this blog, we will focus on E4 Flex VMs only to measure performance impact of enabling OCI Confidential Computing.

OCI Confidential Computing:

• Enhances security by creating Trusted Execution Environments (TEEs) that are isolated from applications, other virtual machines on the same bare metal host, the hypervisor, and other OCI tenants.
• Requires no change to the application to enable Confidential VMs.
• Provides high performance with the strong security standards. Many applications experience little to no performance impact with OCI Confidential Computing enabled.

This blog shares the outcome of a benchmarking study focused on evaluating the impact of enabling OCI Confidential Computing on OCI VMs. As cloud adoption increases for sensitive and regulated workloads, security expectations have shifted from not only protecting data at rest and in transit but also protecting data in use. OCI Confidential Computing, powered by AMD SEV, delivers hardware-enforced memory encryption and runtime isolation. While these features offer robust security, they bring additional protection layers between the workload and the hardware.

There is a common concern that adding a security layer often comes with performance penalties such as latency, memory and CPU overhead. Encryption and isolation mechanisms typically involve extra memory translation steps or access control checks that can impact I/O throughput, memory bandwidth, and instruction execution.

To understand the practical effects of these trade-offs, this study compared two identical OCI VMs - one with OCI Confidential Computing enabled, the other one standard. The study focused on a variety of representative workloads including CPU benchmarks, memory stress tests, disk I/O, in-memory data access and relational database transactions. We used most common open-source benchmarking tools to measure workload benchmarks.

The objective is to capture measurable differences if any occurs in performance and to understand if increased security in environment maintain efficiency for real world cloud applications and use cases.

PostgreSQL pgbench Benchmark

We performed PostgreSQL benchmarking using the pgbench tool to evaluate the performance impact of enabling Confidential Computing on OCI Flex VM shapes. Pgbench is an official benchmarking test tool for PostgreSQL which is a powerful, open source, relational database system. It is being used across various industries including financial systems, analytic platforms, web and mobile applications. It runs the same sequence of SQL commands over and over, possibly in multiple concurrent database sessions, and then calculates the average transaction rate (transactions per second) and latency. In our study, two identical VMs were tested, one Standard VM and one with OCI Confidential Computing enabled, using the same PostgreSQL configuration and load conditions. The table below shows the parameters used during the tests.

• Web server and CPU performance were identical between Standard and Confidential VMs. This confirms that CPU bound, and stateless workloads incur no overhead from memory encryption or AMD SEV isolation.
• Redis benchmark, representative of high-throughput, low-latency in-memory operations, showed sub-3% variance in throughput. The performance delta can be tolerated and demonstrates that encrypted memory access is efficiently handled by the AMD EPYC architecture.
• Memory and Disk (Sysbench & FIO) results showed a slight decrease in throughput on Confidential VMs. This is likely attributable to the added encryption and address translation layers introduced by AMD-SEV. Additionally, latency remained low and negligible, confirming that OCI Confidential Computing can handle memory intensive workloads with minimal performance cost.
• pgbench PostgreSQL test was the most sensitive test, with a ~6–7% lower TPS under OCI Confidential Computing. This suggests that in write heavy transactional databases, memory encryption may introduce slight overhead under sustained concurrency. However, the performance remained stable and reliable, even with AMD SEV features are on board.

OCI Confidential Computing on OCI E4 Flex shapes delivers near-parity performance compared to Standard VMs across compute, memory, storage, and application-layer tests. Despite running with full memory encryption and runtime isolation via AMD SEV, the VMs maintain consistently high throughput and low latency. This demonstrates that OCI Confidential Computing is production ready and suitable for security sensitive workloads without compromising on performance.