WITH PRIVATE KEY ( FILE = 'D:\Backs\TDEkey.bkey',ĮNCRYPTION BY PASSWORD = 'VeryStrongPassword' ) How to Backup your Database Key? BACKUP CERTIFICATE TDEDEMOCERT /*this was the certificate which we created earlier*/ How to Backup your Master Key? BACKUP MASTER KEY TO FILE = 'D:\Backs\Master_Key.bak'ĮNCRYPTION BY PASSWORD = 'DIFFERENTSTRONGPASSWORD' How to Backup your Service Master Key? BACKUP SERVICE MASTER KEY TO FILE = 'D:\Backs\SMK_08312011.bak'ĮNCRYPTION BY PASSWORD = 'VERYVERYSTRONGPASSWORD' The idea is not to have access to your Keys for any intruder even though he/she got hold of your DB Backups! You’ve to backup your Service Master key, Certificates and Master key and secure it in a safest location(Far away from where you store your Database Backups. So, keep a close eye on your LDF file when actual encryption process is in progress. Instant File Initialization won’t work on TDE Enabled databases and Log truncation won’t happen through the Encryption process(While Background Encryption scanner is in progress). Soo…there’s a high possibility impacting other Databases which are actually not using TDE feature while you are in the process of enabling TDE!!! If you enable TDE on any Database on your Instance, Your TEMPDB is automatically Encrypted as well. (Make sure that you’ve tested in your lower environments.) As a safe bet, do this after Business hours taking on a maintenance window. Thorough testing is mandatory!Įnabling TDE on a Database might require an Application outage, It takes some time depending on your database size(I think it acquires some locks on objects while enabling encryption for the first time, I’m not 100% sure). Very first thing, Encryption adds a little Overhead on your CPU. Reminding again….If you loose your Master Key, You’ve lost your Database, No Ifs and buts! If you are creating a DB Encryption key with AES_128/AES_256 Algorithm and if you lost it, i believe it would be a very tough challenge even for an ethical hacker to decrypt it )(I might be wrong, but I would expect the same level of encryption what i’m saying!!) Okay!! Enough Scaring you all, let’s get into the actual content! You should not be in a situation saying “Oops! I missed it, what should i do now?”. Let me tell you something…there are lot of GOTCHAS as a DBA for Encrypted databases you should be aware of. In this post, let’s focus on things to consider on Databases with TDE enabled. In the Previous two Posts of this series, we’ve seen how to actually encrypt our Database(s).
0 kommentar(er)
