March 6, 2019 at 11:14 am
I have two instances on a SQL server box.
I would like to setup TDE for both instances.
I would follow the MS doc to setup TDE for each instance, is that correct?
Anything I need to pay attention to regarding setting up TDE for SQL server only has default instance vs SQL server with multiple instances?
Thanks
March 6, 2019 at 1:33 pm
sqlfriends - Wednesday, March 6, 2019 11:14 AMI have two instances on a SQL server box.
I would like to setup TDE for both instances.I would follow the MS doc to setup TDE for each instance, is that correct?
Anything I need to pay attention to regarding setting up TDE for SQL server only has default instance vs SQL server with multiple instances?Thanks
TDE is at the database file level so instance, multiple instances, default or named instance...it doesn't matter.
It's not too complicated to set it up - following MS docs or other articles would be fine.
Pay attention to the certificate and password and come up with the company strategy for storing the certificates. You will need the certificate for restores.
Keep in mind that tempdb will also be encrypted and if you disable TDE on the user database, the encryption for tempdb remains in place until the instance is restarted.
Sue
March 13, 2019 at 7:55 pm
A couple of other points to consider:
If you're using log shipping, mirroring or Always On, you need to ensure you've correctly configured TDE to work post-DR.
If you remove TDE at any point (say as part of a lower environment refresh). Your transaction log may still be encrypted until you take the next FULL backup. This is important if you stage refreshes through a restore server and provide unencrypted databases to your dev servers rather than giving them production certificates.
Prior to SQL 2016, you will lose backup compression and in SQL 2016 you need to be aware of several bugs affecting backups on a TDE database. See here for more info.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply