March 22, 2014 at 4:25 pm
So, I may need to enable TDE on some DBs in the near future, and I want to get everything clear in my head. I understand the basics of enabling TDE, and I understand that losing the certificate (the DMK) *WILL* result in a non-recoverable database, period. But, I have some questions on *restoring* a TDE enabled DB.
I'm presuming, if I need to restore a copy from our production environment to our QA, I would have to import the certificate used into the QA server. Once that's done, I expect (and plan to test on my home system) that I would then be able to simply restore my backup to QA.
But. Of course there's a but. Our normal backups are taken using a 3rd party application, Commvault. I've already asked the CV admin to look into what's needed and even if CV can backup / restore TDE databases. So, question is, does anyone out there have experience with *any* 3rd party backup solution and TDE database backup and recovery? Is it possible? Is it similar (when restoring) to the process for "manual" backups?
Thanks,
Jason
March 22, 2014 at 7:44 pm
I am not sure about commvault backups. But most of the third party tools have their own encryption methods. Please check the commvault software documentation.
March 22, 2014 at 9:52 pm
Just a guess, but I would think as long as you have the certificate used to encrypt the database with TDE it should not matter what backup software you use, native or 3rd party.
I would test it out on a small test database just for that purpose.
March 22, 2014 at 11:19 pm
Lynn Pettis (3/22/2014)
Just a guess, but I would think as long as you have the certificate used to encrypt the database with TDE it should not matter what backup software you use, native or 3rd party.I would test it out on a small test database just for that purpose.
Absolutely!
One advantage to having a proper QA environment. I could enable TDE on the QA version of one of the DBs (preferably taking a backup BEFORE enabling TDE to have a "clean" DB to return to if it doesn't work), have the end-user verify everything is working OK in the app, then give a try backing up / restoring from CV.
Thanks!
March 24, 2014 at 4:50 am
jasona.work (3/22/2014)
So, I may need to enable TDE on some DBs in the near future, and I want to get everything clear in my head. I understand the basics of enabling TDE, and I understand that losing the certificate (the DMK) *WILL* result in a non-recoverable database, period. But, I have some questions on *restoring* a TDE enabled DB.I'm presuming, if I need to restore a copy from our production environment to our QA, I would have to import the certificate used into the QA server. Once that's done, I expect (and plan to test on my home system) that I would then be able to simply restore my backup to QA.
But. Of course there's a but. Our normal backups are taken using a 3rd party application, Commvault. I've already asked the CV admin to look into what's needed and even if CV can backup / restore TDE databases. So, question is, does anyone out there have experience with *any* 3rd party backup solution and TDE database backup and recovery? Is it possible? Is it similar (when restoring) to the process for "manual" backups?
Thanks,
Jason
To restore a TDE enabled database to a new instance of SQL server you need the database backup and a backup of the certificate from the source server that is used to protect the database encryption key.
It's all in my guide at this link[/url]
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply