TDE - Restore unencrypted backup to a server running TDE

  • I have a server with TDE turned on. I have another server without TDE. Can I restore an unencrypted backup onto the TDE server? Will it then be encrypted or do I turn on encryption at the DB level (not server or instance level)?

    Thanks

    ST

  • TDE is a database-level setting, not a server/instance setting.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass
  • Thanks, Gail. Final question. There are plans for both servers to use TDE. Once this is done, I'll need to restore a backup from server A to server B. Do I understand correctly that what I'll need on server B is to import Server A's cert and know the password for Server A's DB backup?

  • DB Backups don't have passwords. You'll need to have the same certificates (well, the ones used for TDE) on both servers.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass
  • you will need to know the password used to protect the certificate from server A in order to import it into server B.

    For security I suggest you then re-encrypt the database with server B's certificate and drop server A's certificate

    ---------------------------------------------------------------------

  • Thanks for the responses.

    In our organization we are required to change passwords every N days. I'm not finding clear guidance on this. Should I generate a new certificate with a new password and re-encrypt the DB? Or, should I just update the password? Can you point me to an article?

    Thanks for your help

    ST

  • souLTower (1/21/2016)


    Thanks for the responses.

    In our organization we are required to change passwords every N days. I'm not finding clear guidance on this. Should I generate a new certificate with a new password and re-encrypt the DB? Or, should I just update the password? Can you point me to an article?

    I can

    http://blog.dbi-services.com/transparent-data-encryption-key-management-and-backup-strategies/

    ---------------------------------------------------------------------

  • Thank you!

    ST

Viewing 8 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply