December 9, 2015 at 12:08 am
Comments posted to this topic are about the item SMKs, DMKs, Certificates for TDE and Encrypted Backups
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
December 9, 2015 at 1:17 am
Excellent Article!
In the example for an encrypted backup you refer to [MyNewCert], but the certificate is called [MyServerCert]. (Copy/paste issue I guess 😀 )
Wilfred
The best things in life are the simple things
December 9, 2015 at 5:40 am
So, a question for you:
Why do you think there are so many recommendations for backing up and restoring the DMK when working with TDE databases?
If I recall, the MS Technet page on moving TDE databases makes no mention of it, so where did people get the idea it was required?
I think I may have asked this next question elsewhere, but my mind ain't what it used to be, so...
What is the purpose served by backing up the the SMK? Are there situations where it would need to be restored to resolve an issue, or is it more a "better safe than sorry" sort of thing?
December 9, 2015 at 6:29 am
Wow. This just pointed out to me how little I know about this.
December 9, 2015 at 6:39 am
Wilfred van Dijk (12/9/2015)
Excellent Article!In the example for an encrypted backup you refer to [MyNewCert], but the certificate is called [MyServerCert]. (Copy/paste issue I guess 😀 )
Just testing, well spotted 😉
jasona.work (12/9/2015)
So, a question for you:Why do you think there are so many recommendations for backing up and restoring the DMK when working with TDE databases?
Because the people making the recommendations don't understand the DMK or the cert, hence my article. And once more to clarify, you do not need to backup and restore the DMK 😉
jasona.work (12/9/2015)
If I recall, the MS Technet page on moving TDE databases makes no mention of it
The TechNet page is correct in this case (makes a change 😀 ), only the certificate is required.
jasona.work (12/9/2015)
What is the purpose served by backing up the the SMK? Are there situations where it would need to be restored to resolve an issue, or is it more a "better safe than sorry" sort of thing?
The SMK is the encryptor for all instance level encryption such as linked server logins. In event of failure the SMK would be required to decrypt this information.
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
December 14, 2015 at 10:47 pm
Yeah, you really want to have your SMK and DMK's in more than one place and media. You're SOL w/o a paddle or a canoe, at different levels (SMK vs DMK), if you can't find them when you need them.
July 6, 2018 at 5:28 am
Great article, this can be a complex area of SQL Server with nasty consequences if you get it wrong.
qh
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply