TDE Decryption Timer Script

  • Comments posted to this topic are about the item TDE Decryption Timer Script

  • There may be a reason why you're wanting to wait for encryption to fully complete before moving to the next step, but I'd just like to bring up fact that encryption process is asynchronous and non-blocking, so users may still read and write to database in the interim.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Yes there is, no users have access to the Sanitize server and data where this is being performed. We have automated a Sanitization or data masking process where the copy of a TDE encrypted database is to be moved to a Sanitize server and have the confidential data masked from the production environment on a "Sanitize\Masking" server for moving to a development environment. The timer helps avoid an error for the final masked backup to the "Sanitized" directory. File is then moved to development from there for testing purposes.

  • Great Script

  • I found another cool use for this code, I reverse engineered it to watch for encryption to complete. Now why have to wait? I scripted a neat SQL in Azure auto ag seeding process. This watched for new databases being added by the application. When a new one is found it applies TDE, next step is to backup and snap in the Ag group ( One at a time works flawlessly we tested it to 1,234 in 1 group and she came apart from no more worker threads ). So you can not run to perform a backup if the database is being encrypted and this code came in handy dandy. The AG Auto seeding snapped the databases around a 4 node 4 replica cluster. 2 in east and 2 in west zones. I also coded a neat failover that checks for anything needing resume data movement and it fixes that.

    Ed Pochinski

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply