August 10, 2011 at 8:59 pm
Comments posted to this topic are about the item TDE and Backups
August 10, 2011 at 9:02 pm
Nice clear and unambiguous question.
Tom
August 11, 2011 at 1:36 am
Tom.Thomson (8/10/2011)
unambiguous question
Oh, what is a normal backup :ermm: a backup before TDE was enabled or backup following standard procedure :blush:
August 11, 2011 at 1:36 am
Nice question, thanks.
Need an answer? No, you need a question
My blog at https://sqlkover.com.
MCSE Business Intelligence - Microsoft Data Platform MVP
August 11, 2011 at 2:27 am
This was removed by the editor as SPAM
August 11, 2011 at 2:28 am
Thanks Steve.
August 11, 2011 at 2:55 am
I got confused with the question and got it wrong. I thought that the normal backups which Steve was referring to might be the backups for databases without TDE enabled. I guess there might be a few who thought like I did.
M&M
August 11, 2011 at 5:44 am
nice question!
thanks steve!!!!
August 11, 2011 at 5:57 am
From the referenced article...
Transparent data encryption (TDE) performs real-time I/O encryption and decryption of the data and log files. The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. The DEK is a symmetric key secured by using a certificate stored in the master database of the server or an asymmetric key protected by an EKM module.
....
Note
When enabling TDE, you should immediately back up the certificate and the private key associated with the certificate. If the certificate ever becomes unavailable or if you must restore or attach the database on another server, you must have backups of both the certificate and the private key or you will not be able to open the database.
From the article, I didn't consider DEK == certificate
August 11, 2011 at 6:10 am
Seemed like a no-brainer, as I thought that was the purpose of "at rest" data protection. But, I've seen the issues posted above. Some day we'll all converse in an arithmetic language and ambiguity will be a things of the past ... unless we aren't all using the same encoding....
[font="Verdana"]Please don't go. The drones need you. They look up to you.[/font]
Connect to me on LinkedIn
August 11, 2011 at 6:13 am
I was kind of thrown by the term "normal backup". Is there any other kind? If I have an abnormal backup, I can't use it for restores. 😀
August 11, 2011 at 6:42 am
Thanks, I needed that. 🙂
August 11, 2011 at 7:20 am
I'm learning a lot about TDE with these questions. Thanks and keep them coming.
http://brittcluff.blogspot.com/
August 11, 2011 at 7:23 am
I figured it had to require the key, because encrypted anything just about always does.
So I was like no duh.... then I was like "If it's such a no-duh question, then there has to be a trick answer"
Then I started running psychological analysis loops until I eventually recursed myself into oblivion.
Finally, I went with my original answer, and got it right.
Thanks a lot for making me second and third guess myself.
August 11, 2011 at 8:22 am
m mcdonald (8/11/2011)
From the referenced article...Transparent data encryption (TDE) performs real-time I/O encryption and decryption of the data and log files. The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. The DEK is a symmetric key secured by using a certificate stored in the master database of the server or an asymmetric key protected by an EKM module.
....
Note
When enabling TDE, you should immediately back up the certificate and the private key associated with the certificate. If the certificate ever becomes unavailable or if you must restore or attach the database on another server, you must have backups of both the certificate and the private key or you will not be able to open the database.
From the article, I didn't consider DEK == certificate
Totally agree. I got it wrong because I was thinking the same "DEK <> certificate"
Viewing 15 posts - 1 through 15 (of 23 total)
You must be logged in to reply to this topic. Login to reply