1 / 9

Roy Ernest Database Administrator Pinnacle Sports Worldwide royernest@yahoo

SQL Server 2008 Transparent Data Encryption. Roy Ernest Database Administrator Pinnacle Sports Worldwide royernest@yahoo.com. Contents. What is Transparent Data Encryption (TDE) How it works How to implement TDE Things to keep in mind After Effects of enabling TDE. What is TDE.

ata
Download Presentation

Roy Ernest Database Administrator Pinnacle Sports Worldwide royernest@yahoo

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SQL Server 2008 Transparent Data Encryption Roy Ernest Database Administrator Pinnacle Sports Worldwide royernest@yahoo.com

  2. Contents • What is Transparent Data Encryption (TDE) • How it works • How to implement TDE • Things to keep in mind • After Effects of enabling TDE Curaçao SQL Server User Group

  3. What is TDE • Encryption that protect the physical files • performs real-time I/O encryption and decryption of the data and log files. The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. The DEK is a symmetric key secured by using a certificate stored in the master database of the server or an asymmetric key protected by an EKM module. Curaçao SQL Server User Group

  4. How it Works Server starts a background thread that scans all the database files and encrypts them The supported encryption algorithms are AES with 128, 196 and 256 bit keys or 3 key triple DES. The only operations that are not allowed while the encryption thread runs are modifying the file structure and taking the database offline by detaching it. The scan also rolls over the virtual log file so that the future writes to the log are encrypted. Curaçao SQL Server User Group

  5. Implementation of TDE • Create a master key • Create or obtain a certificate protected by master key. • Create a database key and protect it by the certificate. • Set the database you want to protect to use the encryption. Curaçao SQL Server User Group

  6. Things that need to be noted. • Read Only Filegroups and FileStream Data type • Maintenance/Recovery/Warm Standby • TempDB • Compressed Backups • Known Issue with TDE Curaçao SQL Server User Group

  7. Conclusion Curaçao SQL Server User Group

  8. Additional Resources • Books Online topics http://msdn.microsoft.com/en-us/library/bb934049.aspx • TDE http://www.sqlservercentral.com/articles/Transparent+Data+Encryption/66334 Curaçao SQL Server User Group

  9. DANKI! Curaçao SQL Server User Group

More Related