Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


TDE Setup and Administration Scripts


TDE Setup and Administration Scripts

Author
Message
Sean Elliott (UK)
Sean Elliott (UK)
Valued Member
Valued Member (68 reputation)Valued Member (68 reputation)Valued Member (68 reputation)Valued Member (68 reputation)Valued Member (68 reputation)Valued Member (68 reputation)Valued Member (68 reputation)Valued Member (68 reputation)

Group: General Forum Members
Points: 68 Visits: 181
Or this obvious bug should be fixed! :-P
timothyawiseman
timothyawiseman
SSC Eights!
SSC Eights! (802 reputation)SSC Eights! (802 reputation)SSC Eights! (802 reputation)SSC Eights! (802 reputation)SSC Eights! (802 reputation)SSC Eights! (802 reputation)SSC Eights! (802 reputation)SSC Eights! (802 reputation)

Group: General Forum Members
Points: 802 Visits: 920
Thank you for the article, it was interesting.

If I might add a couple of things, TDE is only available on enterprise (or developer) feature. Also, you mentioned "no peeking" at the HR password. by encasing your scripts in a GUI you shield the password from other eyes. Of course, people would have to trust you to not make your GUI log the password somewhere, but that at least removes the temptation to "peek".

---
Timothy A Wiseman
SQL Blog: http://timothyawiseman.wordpress.com/
Br. Kenneth Igiri
Br. Kenneth Igiri
SSC-Enthusiastic
SSC-Enthusiastic (171 reputation)SSC-Enthusiastic (171 reputation)SSC-Enthusiastic (171 reputation)SSC-Enthusiastic (171 reputation)SSC-Enthusiastic (171 reputation)SSC-Enthusiastic (171 reputation)SSC-Enthusiastic (171 reputation)SSC-Enthusiastic (171 reputation)

Group: General Forum Members
Points: 171 Visits: 446
Thanks for a great article. I tried it out and it works OK.

Now I was just wondering about backups. We use a third party tool for backups which does its own encryption while taking the backup (AES128). How do you think using TDE will affect restores of databases backed up using this tool?

Br. Kenneth Igiri
www.scribblingsage.com
www.igiribooks.com
"All nations come to my light, all kings to the brightness of my rising"Smooooth
Perry Whittle
Perry Whittle
SSCrazy Eights
SSCrazy Eights (8.8K reputation)SSCrazy Eights (8.8K reputation)SSCrazy Eights (8.8K reputation)SSCrazy Eights (8.8K reputation)SSCrazy Eights (8.8K reputation)SSCrazy Eights (8.8K reputation)SSCrazy Eights (8.8K reputation)SSCrazy Eights (8.8K reputation)

Group: General Forum Members
Points: 8784 Visits: 16558
good article but unfortunately it makes the same mistake regarding master keys that others make.

To restore a TDE protected database to another server you do not need to backup and restore the database master key held in the master database. if a database master key doesn't already exist on the target server create one before restoring the certificate backup from the source server, but it is in no way tied to the certificate or the restore.

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs" ;-)
mark.bracey
mark.bracey
Forum Newbie
Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)

Group: General Forum Members
Points: 4 Visits: 33
Many thanks for this article and scripts - would like to add this though, make sure you have no long running transactions on your database that you want to encrypt before encrypting. DBCC OPENTRAN; on the relevant database will let you know the longest one. Didn't find this out until we run it on our Production database after tests etc - 18 hours later and no movement - once i killed off that transaction that had be open (for days!) completed in 30 mins.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search