October 20, 2011 at 9:01 am
I have been able to enable TDE by creating DMK's and Certificates, back them up and restore them in a test and production environments. But somehow I overlooked the importance of the Service Master Key in the articles I read. I have not backed up the Service Master Key. 1. My first question is can I simply issue the backup command for the Service Master Key NOW without somehow corrupting the encryption state that presently exists in some of my production databases. 2. At present I have two SQL Server instances (one instance with encryption, one without any encryption going on). Is the Service Master Key by Instance or by Server. Meaning do I need to run the backup statement while in the Master for each instance or only once. Thank you in advance for your replies.
October 20, 2011 at 10:53 am
Logically I see no reason why you can't back up your service master key at any time but I can't find any written documentation to support it so you may want to do more research.
As far as whether the SMK is per instance, yes, "The service master key exists at the instance level." See link below. Hope this helps.
http://www.simple-talk.com/sql/database-administration/transparent-data-encryption/
October 20, 2011 at 11:34 am
The backup is just that, a backup, the server does not need to be in any particular state to back it up and a backup does not damage the key. Which thinking about it, would be kind of stupid if it did..
CEWII
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply