Microsoft’s Bob Dorr has recently consolidated a series of CSS posts about many low-level performance improvements in SQL Server 2016. One of these posts, SQL 2016 – It Just Runs Faster – AlwaysOn AES-NI Encryption describes how SQL Server 2016 improved and simplified Endpoint creation for AlwaysOn AGs to default to AES, and to better leverage hardware support for AES-NI (when you are also running on Windows Server 2012 R2 or newer).

Intel describes AES-NI this way:

Intel AES New Instructions (Intel AES-NI) are a set of instructions that enable fast and secure data encryption and decryption. AES-NI are valuable for a wide range of cryptographic applications, for example: applications that perform bulk encryption/decryption, authentication, random number generation, and authenticated encryption.

Intel provides more complete documentation of AES here:

Intel Advanced Encryption Standard (Intel AES) Instructions Set

Now that we have a better idea of what AES-NI is, we need to know which server processors have AES-NI support. AES-NI was introduced with the 32nm Westmere microarchitecture. In the server space, this means the Intel Xeon 5600 product family (Westmere-EP) for two-socket servers and the Intel Xeon E7-4800/8800 product family (Westmere-EX) for four and eight-socket servers. Any newer Intel product family will also have AES-NI support.

These product families were released in Q1 2010 and Q2 2011 respectively, so they are both pretty old by modern standards. If you are planning to upgrade to SQL Server 2016, I would hope that you would use a new server with newer processors (ideally the latest 14nm Broadwell-EP or Broadwell-EX).

You can also use CPU-Z to confirm whether a particular processor has AES-NI support. Just to confuse things, CPU-Z displays AES-NI support as “AES”, which is the name of the broader standard. Figure 1 shows AES as one of the supported instructions for an Intel Xeon X5660 processor.

 

image

Figure 1: CPU-Z CPU Details for Intel Xeon X5650