Transparent Data Encryption


Published on

These slides are from the presentation in Indianapolis at IndyPASS, February 2009.

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Transparent Data Encryption

  1. 1. A n I n t r o d u c t i o n ToPresented ByJohn MagnaboscoDatabase Consultant/Solution Architect – SolutionAvenuePresident/Co-Founder - Indianapolis Professional Association for SQL ServerCoordinator/Co-Founder – IndyTechFestE-Mail:
  2. 2. Today’s Presentation 1. What is TDE? 2. Key Architecture of TDE 3. How to Implement TDE 4. Backup Considerations with TDE 5. Restore with TDE 6. Interesting Tid-Bits of TDE An Introduction To
  3. 3. What is Transparent Data Encryption (TDE)? • A new feature of SQL Server 2008 Enterprise Edition • Encrypts of physical files of a database • Designed to protect “data at rest” • Does not require explicit opening/closing of keys • No schema modifications required to implement An Introduction To
  4. 4. Plain Text In The Backup File An Introduction To
  5. 5. Key Architecture of TDESQL Server Instance Master Database User DatabaseService Master Key Database Master Key Database Encryption Key Certificate Physical Database Files An Introduction To
  6. 6. How To Implement TDE• Backup the unencrypted user database• Create a Database Master Key in the Master database• Create a Certificate in the Master database• Create a Database Encryption Key in the user database• Set Encryption to ON in the user database• Backup Keys, Certificate and user database An Introduction To
  7. 7. How To Implement TDE Demonstration… An Introduction To
  8. 8. An Introduction To
  9. 9. Backup of TDE Databases• Backup user database• Backup Service Master Key• Backup Database Master Key in Master database• Backup Certificate in Master database• Database Encryption Key is backed up with database• Store backup of db and keys in separate locations An Introduction To
  10. 10. Restore of TDE Databases• Restore Service Master Key if needed• Restore Database Master Key in Master database• Alter DMK’s “Encrypted By” to Service Master Key• Restore Certificate in Master database• Restore the user database An Introduction To
  11. 11. Backup and Restore of TDE Database Demonstration… An Introduction To
  12. 12. Interesting Tid-Bits • TempDB is also encrypted • Transaction log is advanced to next virtual log • TDE must be enabled on the publisher and subscriber • Compression is not recommended with TDE • Full-Text Indexes not recommended with TDE • Both databases used in mirroring will be encrypted An Introduction To
  13. 13. In Summary • TDE encrypts physical files of a database • Designed to protect “data at rest” • The Database Encryption Key is used with TDE • Implementation includes the MASTER database • Backup the keys separately from the database(s) • TempDB is encrypted with TDE is implemented An Introduction To
  14. 14. Transparent Data Encryption Questions… An Introduction To
  15. 15. Additional TDE Resources: MSDN: Understanding TDE (Article) My Blog: Check out my series on TDE General Encryption Resources: MSDN: SQL Server Encryption More Questions? My E-Mail: An Introduction To