Home Forums SQL Server 2008 Security (SS2K8) Questions on TDE Implementation 2008R2 RE: Questions on TDE Implementation 2008R2

  • November 21, 2014 at 8:28 am

    #1760176

    Siberian Khatru (11/21/2014)

    1. How does switching TDE on affect the backup set(s) for a database?

    Once TDE is enabled in the database all backups will be dependant upon the certificate or key used to encrypt the database.

    Siberian Khatru (11/21/2014)

    Will an immediate full backup be needed in order to keep point in time restores viable? If so, should I overwrite existing backup sets and start a new one? Or will the restoration of backups not care if say I start with an unencrypted full backup with one or more transaction log backups taken after the encryption is implemented?

    No, although to avoid confusion for anyone attempting to restore the database it may not be a bad idea if you were to take an immediate full backup so that all backup files are immediately dependant upon the cert\key.

    Siberian Khatru (11/21/2014)

    2. We also have a development environment where the same databases are used for development efforts. Will these need to be replaced with restored backups from production, or can I just implement TDE on them using the same certificate/database master key used to encrypt the production versions? The development databases we use from the production versions that have already been encrypted were restored using these keys/certs so they are already on the development server.

    You can manully encrypt the databases on the dev server if you really want to, although i would have thought it more sensible to perform a refresh from the prod to dev to test your TDE management skills

    😉

    Note: the database master key is not required from a source server to restore TDE protected databases to a target server, in fact, it's probably better if you don't. All that's needed is the cert that the database is encrypted with.

    Siberian Khatru (11/21/2014)

    My apologies if these are stupid/redundant questions, but I cannot seem to locate any guidance on these questions -- so any help is appreciated here.

    This is[/b][/url] a good start

    -----------------------------------------------------------------------------------------------------------

    "Ya can't make an omelette without breaking just a few eggs" 😉