As has been well publicized, today is the official Release To Manufacturing date for SQL Server 2014. You can read more about all of that here.
Something that hasn’t received much word is a new feature that is a game changer. I’m not referring to the advancements with the In-Memory OLTP (aka Hekaton). The real game changer in my opinion is the way backups will be treated in 2014.
SQL Server 2014 brings the added functionality of encryption to the database backups. This is a significant improvement to securing data at rest. This functionality applies to databases that have been TDE enabled as well as those that are not TDE enabled. This functionality also applies to backups that are compressed and backups that are not compressed.
The beauty of this functionality is that all backups will be encrypted now by default. What this means is that you need not configure anything on your end to make it happen. Despite it being enabled by default, you can change the encryption method should you choose.
Another interesting note with this new default behavior is that all of your database backups will fail out of the box. You might ask why. Well, there are some pre-requisites that must be met in order for the encrypted backup to succeed.
Here are those pre-reqs.
- Create a Database Master Key for the master database.
- Create a certificate or asymmetric Key to use for backup encryption.
If you have not created your DMK, your backups will fail and you will be none the wiser until you try to restore that backup. That is really the way you want to conduct your duties as a DBA, right? You guessed it, the backup shows that it succeeds yet it does nothing.
As you move forward with your SQL 2014 implementation, ensure you create those DMKs and ensure your backups are safe.
Oh and in case you haven’t noticed, pay attention to today’s date.