May 30, 2019 at 12:00 am
Comments posted to this topic are about the item High Prices for High Security
May 30, 2019 at 1:33 pm
"..Is it a big deal? I don’t know. Windows Server 2019 lists with Datacenter at $6155 and Standard at $972. That means it will cost me $5,183 for Always Encrypted on my SQL Server. Not a bad price for the encryption and additional security. An HSM appliance goes for quite a bit. One in Azure is $5k + $4.85/hour and most of the enterprise appliances I've priced at $10k+. And you need two.."
So, do server(s) hosting the Host Guardian Service actually perform the data decryption (which would explain the specifications), or are they just performing some additional authentication similar to a Certificate Authority server? If all they're doing is authentication then it seems a vanilla Windows or Linux VM in Azure could assume easily this role.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
May 31, 2019 at 9:51 am
No encryption of decryption for HGS. This is like a witness that "attests" that enclave is secure. Or that the SQL Server is the correct SQL Server that was configured and authorized to negotiate a secure tunnel. All crypto operations are either in the client driver, or the secure enclave on the db server.
May 31, 2019 at 9:51 am
to be clear, the HGS server can be Win2019 Standard. It's the SQL Server (s) that do crypto that have do be data center.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply