SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Restoring a TDE enabled database question


Restoring a TDE enabled database question

Author
Message
jasona.work
jasona.work
SSCarpal Tunnel
SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)

Group: General Forum Members
Points: 4175 Visits: 11749
So, I may need to enable TDE on some DBs in the near future, and I want to get everything clear in my head. I understand the basics of enabling TDE, and I understand that losing the certificate (the DMK) *WILL* result in a non-recoverable database, period. But, I have some questions on *restoring* a TDE enabled DB.

I'm presuming, if I need to restore a copy from our production environment to our QA, I would have to import the certificate used into the QA server. Once that's done, I expect (and plan to test on my home system) that I would then be able to simply restore my backup to QA.

But. Of course there's a but. Our normal backups are taken using a 3rd party application, Commvault. I've already asked the CV admin to look into what's needed and even if CV can backup / restore TDE databases. So, question is, does anyone out there have experience with *any* 3rd party backup solution and TDE database backup and recovery? Is it possible? Is it similar (when restoring) to the process for "manual" backups?

Thanks,
Jason
muth_51
muth_51
SSC Eights!
SSC Eights! (953 reputation)SSC Eights! (953 reputation)SSC Eights! (953 reputation)SSC Eights! (953 reputation)SSC Eights! (953 reputation)SSC Eights! (953 reputation)SSC Eights! (953 reputation)SSC Eights! (953 reputation)

Group: General Forum Members
Points: 953 Visits: 2906
I am not sure about commvault backups. But most of the third party tools have their own encryption methods. Please check the commvault software documentation.
Lynn Pettis
Lynn Pettis
SSC-Forever
SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)

Group: General Forum Members
Points: 40600 Visits: 38567
Just a guess, but I would think as long as you have the certificate used to encrypt the database with TDE it should not matter what backup software you use, native or 3rd party.

I would test it out on a small test database just for that purpose.

Cool
Lynn Pettis

For better assistance in answering your questions, click here
For tips to get better help with Performance Problems, click here
For Running Totals and its variations, click here or when working with partitioned tables
For more about Tally Tables, click here
For more about Cross Tabs and Pivots, click here and here
Managing Transaction Logs

SQL Musings from the Desert Fountain Valley SQL (My Mirror Blog)
jasona.work
jasona.work
SSCarpal Tunnel
SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)

Group: General Forum Members
Points: 4175 Visits: 11749
Lynn Pettis (3/22/2014)
Just a guess, but I would think as long as you have the certificate used to encrypt the database with TDE it should not matter what backup software you use, native or 3rd party.

I would test it out on a small test database just for that purpose.


Absolutely!

One advantage to having a proper QA environment. I could enable TDE on the QA version of one of the DBs (preferably taking a backup BEFORE enabling TDE to have a "clean" DB to return to if it doesn't work), have the end-user verify everything is working OK in the app, then give a try backing up / restoring from CV.

Thanks!
Perry Whittle
Perry Whittle
SSC-Insane
SSC-Insane (20K reputation)SSC-Insane (20K reputation)SSC-Insane (20K reputation)SSC-Insane (20K reputation)SSC-Insane (20K reputation)SSC-Insane (20K reputation)SSC-Insane (20K reputation)SSC-Insane (20K reputation)

Group: General Forum Members
Points: 20500 Visits: 17244
jasona.work (3/22/2014)
So, I may need to enable TDE on some DBs in the near future, and I want to get everything clear in my head. I understand the basics of enabling TDE, and I understand that losing the certificate (the DMK) *WILL* result in a non-recoverable database, period. But, I have some questions on *restoring* a TDE enabled DB.

I'm presuming, if I need to restore a copy from our production environment to our QA, I would have to import the certificate used into the QA server. Once that's done, I expect (and plan to test on my home system) that I would then be able to simply restore my backup to QA.

But. Of course there's a but. Our normal backups are taken using a 3rd party application, Commvault. I've already asked the CV admin to look into what's needed and even if CV can backup / restore TDE databases. So, question is, does anyone out there have experience with *any* 3rd party backup solution and TDE database backup and recovery? Is it possible? Is it similar (when restoring) to the process for "manual" backups?

Thanks,
Jason

To restore a TDE enabled database to a new instance of SQL server you need the database backup and a backup of the certificate from the source server that is used to protect the database encryption key.

It's all in my guide at this link

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs" ;-)
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search