Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


TDE and Tempdb


TDE and Tempdb

Author
Message
UMG Developer
UMG Developer
SSCrazy
SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)

Group: General Forum Members
Points: 2280 Visits: 2204
Steve Jones - Editor (7/1/2010)
You can't run TDE on laptops practically. It's in Enterprise Edition only (a mistake, IMHO)


I thought TDE was in the Developer edition as well, which is what I think gets run on laptops a lot.

TDE ensures that not only your data and logs files are secure while "at rest", your backup files are secure as well.
Steve Jones
Steve Jones
SSC-Dedicated
SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)

Group: Administrators
Points: 36302 Visits: 18752
Sorry, yes, in developer as well. I was thinking about production level stuff. I think it ought to be in Standard, web, Express.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
SQLBalls
SQLBalls
Old Hand
Old Hand (396 reputation)Old Hand (396 reputation)Old Hand (396 reputation)Old Hand (396 reputation)Old Hand (396 reputation)Old Hand (396 reputation)Old Hand (396 reputation)Old Hand (396 reputation)

Group: General Forum Members
Points: 396 Visits: 630
Festeron (7/1/2010)

I'd be interested in your answer to these questions:

If you're using TDE in a production environment, what do you think you are protecting yourself from?


The is a great TDE tutorial on

http://sqlblogcasts.com/blogs/sqldbatips/archive/2008/06/24/new-in-sql-2008-transparent-data-encryption-overview.aspx

What you will discover from it is all of the data stored in your MDF file is viewable in a text editor.

So if you have a tape backup go missing, if a hacker gains access to your hard drive, or if a disgruntaled or careless employee takes a copy of a backup and has it on thier local computer and the computer gets stolen your data is at risk.

Might not seem like a big deal, but banks and credit card companies have requirements on them to store PII, Personal Identifiable Information, in an encrypted format. Typically this involves purchasing expesive 3rd party tools.

SQL 2008 doesn't require a 3rd party tool to accomplish this so job done and money saved.

One other thing to keep in mind, as this is the area I work in, in the Government if you loose a database that has PII on it, you have to inform Congress and send out letters to everyone whose information was in that database letting them know that thier information may be compromised.

TDE works on the MDF & Log files as well as the Backup Files. It is transparent so it does not encrypt data on the instance nor does it encrypt files in memory. So if someone has access to your database they can see what you can see.

Once again any way you look at it this is bad for your career, as you don't want to be interviewing for a job saying I just worked at XYZ, and the interviewer go "Oh weren't they just in the news because a lot of PII got stolen froom there?"

So this is a CYA thing on a multitude of levels, for a business, for customers, and for the DBA's

And are you using TDE on any laptop-based SQL Servers?


TDE is also enabled on SQL 2008 Developer Edition. There are drive level encryptions that should be used on Hardware where senative info would be stored. So if you needed to have a local copy of a sensitive database you should have an encrypted hard drive, and if it is a copy of a prod database that uses TDE you would have to have the certificates on that instance from production to restore a copy of the database.

I use TDE on my home laptop, but that is cause I work with it. But I would never put production data on a laptop, I would hate to be like the guy at the VA that lost the laptop with millions of Veterans private info on it, he probably had every enlisted man from generals to privates trying to get a peice of him.

Twitter: @SQLBalls
Blog: http://www.SQLBalls.com
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search