SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


TDE DR


TDE DR

Author
Message
Steve Jones
Steve Jones
SSC Guru
SSC Guru (279K reputation)SSC Guru (279K reputation)SSC Guru (279K reputation)SSC Guru (279K reputation)SSC Guru (279K reputation)SSC Guru (279K reputation)SSC Guru (279K reputation)SSC Guru (279K reputation)

Group: Administrators
Points: 279345 Visits: 19896
Comments posted to this topic are about the item TDE DR

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Lokesh Vij
Lokesh Vij
SSCertifiable
SSCertifiable (5.2K reputation)SSCertifiable (5.2K reputation)SSCertifiable (5.2K reputation)SSCertifiable (5.2K reputation)SSCertifiable (5.2K reputation)SSCertifiable (5.2K reputation)SSCertifiable (5.2K reputation)SSCertifiable (5.2K reputation)

Group: General Forum Members
Points: 5178 Visits: 1599
Being unaccustomed of Encryption features, made me read about the TDE and what it takes to move the TDE protected database before marking the correct answer.

Thanks Steve, it is always feels good when we learn new things :-)

~ Lokesh Vij

Guidelines for quicker answers on T-SQL question
Guidelines for answers on Performance questions

Link to my Blog Post --> www.SQLPathy.com

Follow me @Twitter


Koen Verbeeck
Koen Verbeeck
SSC Guru
SSC Guru (123K reputation)SSC Guru (123K reputation)SSC Guru (123K reputation)SSC Guru (123K reputation)SSC Guru (123K reputation)SSC Guru (123K reputation)SSC Guru (123K reputation)SSC Guru (123K reputation)

Group: General Forum Members
Points: 123681 Visits: 13344
Nice question Steve, definately learned something.


How to post forum questions.
Need an answer? No, you need a question.
What’s the deal with Excel & SSIS?
My blog at SQLKover.

MCSE Business Intelligence - Microsoft Data Platform MVP
Igor Micev
Igor Micev
SSCoach
SSCoach (17K reputation)SSCoach (17K reputation)SSCoach (17K reputation)SSCoach (17K reputation)SSCoach (17K reputation)SSCoach (17K reputation)SSCoach (17K reputation)SSCoach (17K reputation)

Group: General Forum Members
Points: 17211 Visits: 5183
Nice question!

What if you already have a master key that is used by a certificate aimed for another database (dbA) on the instance you're moving the dbB?

Just for clarification.

I think you should drop the dbA certificate (backup before) using the old master service key, then drop the master key and recreate with another password (same as for dbB certificate), and then create the new certificate from the cert and key files you moved on the new instance, using the new master key?

Regards,
IgorMi

Igor Micev,
My blog: www.igormicev.com
paul s-306273
paul s-306273
SSCertifiable
SSCertifiable (5.1K reputation)SSCertifiable (5.1K reputation)SSCertifiable (5.1K reputation)SSCertifiable (5.1K reputation)SSCertifiable (5.1K reputation)SSCertifiable (5.1K reputation)SSCertifiable (5.1K reputation)SSCertifiable (5.1K reputation)

Group: General Forum Members
Points: 5081 Visits: 1239
Learnt something new - not the answer that I was expecting.
logitestus
logitestus
Ten Centuries
Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)

Group: General Forum Members
Points: 1235 Visits: 592
Foiled again!

Interestingly, what is on MSDN and what is in BOL is not the same! Though, I suspect what is on MSDN to be more accurate...

Great question, I have definitely spent 30 minutes delving into something I have never touched on in SQL Server.

Thanks!
OCTom
OCTom
SSCertifiable
SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)

Group: General Forum Members
Points: 5451 Visits: 4152
I must be missing something. I'm sure someone can put me straight. This link says that you need to restore both the DEK and the certificate http://msdn.microsoft.com/en-us/library/bb934049.aspx. I chose the first answer because of this.

When enabling TDE, you should immediately back up the certificate and the private key associated with the certificate. If the certificate ever becomes unavailable or if you must restore or attach the database on another server, you must have backups of both the certificate and the private key or you will not be able to open the database. The encrypting certificate or asymmetric should be retained even if TDE is no longer enabled on the database. Even though the database is not encrypted, the database encryption key may be retained in the database and may need to be accessed for some operations. A certificate that has exceeded its expiration date can still be used to encrypt and decrypt data with TDE.


Thanks,
Tom
Error Handler
Error Handler
SSC Eights!
SSC Eights! (872 reputation)SSC Eights! (872 reputation)SSC Eights! (872 reputation)SSC Eights! (872 reputation)SSC Eights! (872 reputation)SSC Eights! (872 reputation)SSC Eights! (872 reputation)SSC Eights! (872 reputation)

Group: General Forum Members
Points: 872 Visits: 339
Nice Question. Actaully I did TDE enabled database on different SQL Server instance. I just took the backup of CERTIFICATE and Privatekey, and restore them on new SQL Server instance.



Best,
Naseer

Best,
Naseer Ahmad
SQL Server DBA
Dana Medley
Dana Medley
Hall of Fame
Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)

Group: General Forum Members
Points: 3920 Visits: 1707
logitestus (7/12/2013)
Foiled again!

Great question, I have definitely spent 30 minutes delving into something I have never touched on in SQL Server.


+1 Agreed. I have learned something new today. Thanks Steve!



Everything is awesome!
Stewart "Arturius" Campbell
Stewart "Arturius" Campbell
SSC-Dedicated
SSC-Dedicated (30K reputation)SSC-Dedicated (30K reputation)SSC-Dedicated (30K reputation)SSC-Dedicated (30K reputation)SSC-Dedicated (30K reputation)SSC-Dedicated (30K reputation)SSC-Dedicated (30K reputation)SSC-Dedicated (30K reputation)

Group: General Forum Members
Points: 30600 Visits: 7610
OCTom (7/12/2013)
I must be missing something. I'm sure someone can put me straight. This link says that you need to restore both the DEK and the certificate http://msdn.microsoft.com/en-us/library/bb934049.aspx. I chose the first answer because of this.

When enabling TDE, you should immediately back up the certificate and the private key associated with the certificate. If the certificate ever becomes unavailable or if you must restore or attach the database on another server, you must have backups of both the certificate and the private key or you will not be able to open the database. The encrypting certificate or asymmetric should be retained even if TDE is no longer enabled on the database. Even though the database is not encrypted, the database encryption key may be retained in the database and may need to be accessed for some operations. A certificate that has exceeded its expiration date can still be used to encrypt and decrypt data with TDE.


Thanks,
Tom


No, this section says you need to back up the certificate and it's private key. The DEK is stored within the db and forms part of it's backup.

Good question, Steve, thanks

____________________________________________
Space, the final frontier? not any more...
All limits henceforth are self-imposed.
“libera tute vulgaris ex”
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum







































































































































































SQLServerCentral


Search