Database Administrators Stack Exchange
Database Administrators Stack Exchange

Questions tagged [transparent-data-encryption]

Transparent Data Encryption, a feature used to provide protection for data at rest.

Transparent Data Encryption is a feature of enterprise databases useful in meeting some regulatory and industry requirements for data security and privacy.

https://en.wikipedia.org/wiki/Transparent_Data_Encryption

169 questions
41
votes
2 answers

In SQL Server 2016, what is the difference between Always Encrypted and Transparent Data Encryption?

As I write this I am still awaiting the official release of SQL Server 2016 so that we can explore the usefulness of its "Always Encrypted" feature. I would just like to know what the specific differences will be between Always Encrypted & the…
RoastBeast
  • 679
  • 2
  • 7
  • 13
21
votes
2 answers

Query to List Encryption Certificate for Databases

What certificate is being used to encrypt each of the databases on the instances. I can get the data using the following but how do I write the queries USE master GO -- this provides the list of certificates SELECT * FROM sys.certificates -- this…
Barry MSIH
  • 313
  • 1
  • 2
  • 6
17
votes
3 answers

When do I need to backup the Service Master Key?

I'm reading some documentation and whitepaper about Transparent Data Encryption. Some documentation mention to backup the Service Master Key as well (For clarification I'm not talking about the Database Master Key). I just don't exactly understand…
gsharp
  • 347
  • 4
  • 14
13
votes
1 answer

Backup Compression Causing Corruption In SQL 2017 TDE Database

On SQL Server 2017 (CU3), whenever I enable backup compression on one of my TDE databases, the backup process always corrupts a specific page in the database. If I run the backup without compression, it does not get corrupted. Here are the steps…
Eric Cobb
  • 561
  • 1
  • 3
  • 11
10
votes
3 answers

Can I recover a TDE certificate by restoring the MASTER database?

(We are, fortunately, not currently in this situation, just planning ahead to see what our options would be if it ever occurred.) For a database encrypted with Transparent Date Encryption (TDE), a copy of the database backup is unrecoverable unless…
BradC
  • 10,073
  • 9
  • 51
  • 89
10
votes
3 answers

Unable to restore TDE enabled database when MAXTRANSFERSIZE and CHECKSUM is used

Update: @AmitBanerjee - Senior Program Manager for the Microsoft SQL Server Product Group confirmed that MS will look into the issue as it is a defect. Has anyone encountered issue restoring backups taken on SQL Server 2016 with TDE enabled and…
Kin Shah
  • 62,545
  • 6
  • 124
  • 245
10
votes
2 answers

TDE prep: key/certificate backup for restores

I am working in a dev environment to better understand TDE encryption. I have it working along with backups and restores on another server. Had a few questions, I know I need to backup the certificate with the corresponding private key. USE master;…
Thorin
  • 320
  • 4
  • 14
9
votes
1 answer

BACKUP MASTER KEY failing with cannot find symmetric master key because it does not exist

I'm trying to backup the master key for a TDE database, but SQL Server says there isn't one. It's a bit weird, but I'm sure I'm just doing something wrong. I'm sysadmin on the server, so I should be able to see everything. This is the statement that…
Hannah Vernon
  • 70,928
  • 22
  • 177
  • 323
9
votes
2 answers

Is network traffic encrypted when writing remote backups using SQL Server TDE?

They do say there is no such thing as a “stupid question”, so here goes: I understand that SQL Server Transparent Data Encryption (TDE) encrypts data at rest, so that your database files (.mdf) and your backup files (.bak) are encrypted should…
SQLServerVillain
  • 241
  • 3
  • 6
9
votes
1 answer

TDE - Encryption on a large database

I'm in the process of researching TDE implementation on a VLDB and would like to know if anyone has real world experience with enabling encryption on a production server. What kind of problems (if any) can I expect? My testing shows very little…
Brickpack
  • 119
  • 1
  • 6
8
votes
1 answer

Internals of backup compression with TDE (SQL Server)

Does anyone have any (inside?) knowledge of how backup compression works with TDE on SQL Server (version 2016+). In general I would expect compression of encrypted data to have minimal benefit, however we notice that with TDE, when we do a full back…
Matthew McGiffen
  • 552
  • 6
  • 11
8
votes
3 answers

Alternatives to SQL Server TDE

Due to the high cost of SQL Server Enterprise Edition which includes the Transparent Data Encryption feature I am looking for an alternative product and have only found a couple of options: DbDefence NetLib Encryptionizer Could anyone provide…
Matt F
  • 263
  • 2
  • 7
7
votes
3 answers

Enabling TDE without breaking existing mirror

I've been trying to enable TDE in a mirrored SQL Server 2008 R2 configuration. Enabling TDE is not so difficult, though when I enable TDE on the principal, the mirror database goes in to a suspended state. There are a few good articles here and here…
Dan Trainor
7
votes
2 answers

Turn TDE off when restoring SQL databases

We are just getting started with TDE. Eventually it will be in our Prod SQL Server environment and two major non-prod environments, but currently it is only in one non-prod system. My question is about restoring these databases. We have several…
BrianC
  • 111
  • 9
7
votes
1 answer

How to change SQL Server master key password?

I created a master key, then a certificate and encrypted my database. CREATE MASTER KEY ENCRYPTION BY PASSWORD='A Very Strong Password'; GO CREATE CERTIFICATE foo WITH SUBJECT='Database Encryption for Multi'; GO USE mydatabase GO CREATE DATABASE…
RonJohn
  • 694
  • 2
  • 12
  • 31
1
2 3
11 12