March 3, 2016 at 8:37 pm
Once TDE is enabled on a DB tempdb automatically gets encrypted.
Once the TempDB database is encrypted, any reference and use of this database by other databases, regardless of whether they have TDE enabled or not, will require encryption and decryption.
https://www.simple-talk.com/sql/database-administration/transparent-data-encryption/
Does the above statements mean that all DBs in this SQL server instance need to be TDE enabled?
Please provide some thoughts on this.
Many thanks!
March 3, 2016 at 9:06 pm
No. It means precisely what it says. Nothing more and nothing less. Any data going into/out of tempdb, regardless of the source of that data, gets the encryption overhead. There is no effect on any other database that is not TDE encrypted.
That's my take anyway.
Best,
Kevin G. Boles
SQL Server Consultant
SQL MVP 2007-2012
TheSQLGuru on googles mail service
March 3, 2016 at 9:14 pm
Thanks Kevin.
Can we use one server certificate(master db) to encrypt multiple dbs in the instance. Or should we create multiple certificates for each TDE db. If so any impact on this? Any best practices to follow here.
March 3, 2016 at 9:32 pm
The few clients I have had use this feature went the simple route. I don't know a best practice here.
Best,
Kevin G. Boles
SQL Server Consultant
SQL MVP 2007-2012
TheSQLGuru on googles mail service
March 4, 2016 at 6:34 am
SQL!$@w$0ME (3/3/2016)
Thanks Kevin.Can we use one server certificate(master db) to encrypt multiple dbs in the instance. Or should we create multiple certificates for each TDE db. If so any impact on this? Any best practices to follow here.
Yes, you could use the same server certificate, but you would generally use a new cert for each TDE protected database. Otherwise if someone gets the cert for one they have it for them all
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
March 4, 2016 at 7:19 am
Thanks Perry!
I need to enable TDE for one of the dbs in a DEV server. Is there any impact to the users during this process of encryption. Should I take an outage/downtime for this process?
Many thanks!
Viewing 6 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply