October 11, 2016 at 1:04 pm
Have about 3 databases that are each a bit shy of a terabyte in size participating in an Availability Group.
Been told by an auditor that we need to implement TDE on them.
Have some questions:
How long does the initial encryption take with the AG in the mix, or w/o the AG?
Are the databases available for OLTP traffic while encryption is taking pace?
October 11, 2016 at 1:36 pm
I suspect the AG is going to play a fairly big part in enabling TDE, so I'd suggest doing some searching on what's involved there (disclaimer: I've not used AGs)
As for your two questions:
How long does the initial encryption take with the AG in the mix, or w/o the AG?
The time it takes to encrypt a database is very heavily dependent on how much use the database has, while the encryption is running. I've got some small databases (~10GB) that take 5-10 minutes to encrypt when in use, somewhat quicker when not.
Are the databases available for OLTP traffic while encryption is taking pace?
Yes, but use will impact the time the encryption takes. The encryption process will also I believe, block backups while it's running.
Ideally, if you have a server to do this on, or if you can test on the same server (although I'd very strongly recommend a separate server) restore a copy of one of your databases and TDE it to get a rough baseline on how long it might take. If you don't have a server you can do this to, then I'd try to convince the bosses to get you one, physical or virtual, before even beginning to try this on a production server.
Jason
October 11, 2016 at 1:43 pm
O there will be LOTS of testing before we go live. As i was researching the topic, these were Q's i couldn't find any easy guidelines to.
Right now we're sitting on 2014, but after seeing what 2016 can give me with TDE, might consider an upgrade first, then implement the TDE.
October 19, 2016 at 4:54 am
Manic Star (10/11/2016)
Have about 3 databases that are each a bit shy of a terabyte in size participating in an Availability Group.Been told by an auditor that we need to implement TDE on them.
Have some questions:
How long does the initial encryption take with the AG in the mix, or w/o the AG?
Are the databases available for OLTP traffic while encryption is taking pace?
Why have they asked you to implement TDE, what do they think it will provide protection against
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply