March 9, 2020 at 9:33 pm
I've found a number of articles on encrypting backups and transaction log backups, but all these are based on manually generated code to include the encryption details in the backup command. Is there anything out there covering how Log Shipping can be enabled to include encryption, and if so what version of SQL has this ability?
Leo
Nothing in life is ever so complicated that with a little work it can't be made more complicated.
March 10, 2020 at 2:09 pm
March 10, 2020 at 3:02 pm
I've found a number of articles on encrypting backups and transaction log backups, but all these are based on manually generated code to include the encryption details in the backup command. Is there anything out there covering how Log Shipping can be enabled to include encryption, and if so what version of SQL has this ability?
What piece of the process are you trying to encrypt here, is it just the TRN file? You're not bothered about the MDF/NDF/LDF and FULL and DIFF backups.
One way would be to enable TDE but that encrypts the database at rest, so you encrypt every file MDF/NDF/LDF/BAK/TRN it's all seamless if you have the right keys on either side of the log ship setup.
LogShipping natively as far as I know doesn't do encrypted backups, so if you want to do it on just encrypting the TRN files then you would need to roll your own code.
That being said if you have the cash and can go for a 3rd party tool then may be worth eval'ing the likes of LiteSpeed or Red-Gate SQL Backup etc to see if they meet your needs.
March 10, 2020 at 10:41 pm
This is not part of a DR solution but for a reporting solution.
It's a client's system, so we can't upgrade or buy things like Litespeed or Red-Gate. There's no apatite for TDE because the source database is actually hosted by a third party and is part of a Software as a Service telephony solution. The reason they are looking into this is because they have the need to log ship the database from the SaaS provider's site to an in house SQL Server for loading into the Data Warehouse. The SaaS provider doesn't want the logs shipped across what the consider an insecure network unless it is encrypted.
The full backups we can encrypt and copy manually as part of LS setup process, but this would be once off or on demand.
For now the SaaS provider is looking at the implications of upgrading to SQL 2016 SP2
Leo
Nothing in life is ever so complicated that with a little work it can't be made more complicated.
March 11, 2020 at 7:21 am
well, then I would go about securing the network instead, VPN is nothing new in 2020.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply