Transparent Data Encryption (TDE) SQL Server 2008

  • Hey matt,

    Last week there was an article written on the performance impact on TDE. In that the Author did some testing and was able to figure out that the performance impact was less than 5%.


  • Hey Roy... very good (okay, GREAT) article.

    I thing to emphasize... as long as you need that backup, you need to keep the security certificates. Think SOX. You may need that certificate for many years. And, of course, it can't be kept with the backup... sorta nullifies the security. How to manage the security of the certificates separately from the backups needs to be thought out in advance also.

    Microsoft Certified Master: SQL Server 2008
    Author - SQL Server T-SQL Recipes

    If you can't explain to another person how the code that you're copying from the internet works, then DON'T USE IT on a production system! After all, you will be the one supporting it!
    For better assistance in answering your questions
    Performance Problems
    Common date/time routines
    Understanding and Using APPLY Part 1 & Part 2

  • I totally agree on that point. It should be stored in multiple medias I would say and kept in a very safe place off the network.


  • Could you explain the difference between making the master key and the certificate. Also, I noticed that the master key password was set to an empty string. Why?



  • Excellent article. I like how you took the time to look up known problems with TDE and to write out a list of issues to take into consideration. In other words, this article is much more than a re-hash of BOL/here's how you do it. It gives great info. Thanks.

  • Hi Steve,

    Regarding the empty Password, I had put the Password as 'TryToUseOnlyStrongPassword' netween the Less Than and Greater Than symbol. But since Less Than and Greater Than symbol acts like a HTML Tag, the article ate it up... 🙂

    The Certificate you create will be protected by the Master Key (That is password protected). That is why you have to create a Master key and Certificate.

    Thanks JJ. I tried to point out the Pros and Cons. I did not want anyone to implement TDE without knowing the Pros and cons of it.:-)


  • Can database certificates only be created after you create the master key?

  • I am not 100 % sure about that part. I have not tried it. I will have to test it out. But here is a great article written by Micheal Coles regarding certificates[/url].

    You can really get lots of info regarding certificates. When you read that article, it gives you the impression that Master key is needed for creating certificates.


  • Hi Roy

    Great article!



  • Thanks Flo... How is your article coming up?


  • Heh...

    Just finished my (about 600...) tests and working on the final results. Print, read 10 times, correct 65,345 times... I try to publish end of this week.

  • Where is the empty password? I can fix that. I don't see one in the code for the article.

  • Thanks much Roy. It was very instructional..

    Dennis Parks

  • Florian Reischl (5/4/2009)


    Just finished my (about 600...) tests and working on the final results. Print, read 10 times, correct 65,345 times... I try to publish end of this week.

    Thats great... I will red it for sure.

    Steve, It is in the Create Master Key SQL Code. Maybe it got lost while I posted back after tyhe edition.


  • Roy,

    You beat me on this. Even I wrote a paper of TDE and was waiting to have an answer for the Disabling TDE issue before I publish. Your article is very well written and deserve a 5 star.

    By the way, Can we know if Microsoft will have an answer or a patch for the issue in their next service pack?


    Kindest Regards,

    Amit Lohia

Viewing 15 posts - 16 through 30 (of 81 total)

You must be logged in to reply to this topic. Login to reply