May 29, 2007 at 3:00 pm
Seems to me that the simplest way to ensure we can restore DBs from one server to another and readily be able to decrypt encrypted data on the new server is to ensure that all the service master keys on SQL 2005 boxes in our enterprise are identical.
I'm not asking for how-to alternatives, I'm aware of a few. I just happen to feel that the best, most effortless approach is simply ensuring boxes all have the same service master key in the first place.
I'm just kind of thinking out loud now.... Would it be a good idea to add this step to our new SQL server build process? Trying to mess with the service master keys after the server has been around for a while is more trouble, there will probably be dependencies on that key. But right after a new server is built there are no dependencies.
Reason I'm posting this hear is to hear from the opposing voices, if there are any. What problems with this am I missing? Or why do you feel alternate approach is better?
June 11, 2007 at 12:38 pm
Sounds reasonable to me ... how would you do that ?
June 11, 2007 at 4:40 pm
Just backup the service master key from one SQL Server and then restore it on all the other ones. Ideally I think the restore master key step would be part of building out new SQL 2005 Servers. The restore service master key step will mess up any existing encryption, so I think best to do this right away.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply