TDE Understanding

  • Hi All

    I hope to get some clarity on a TDE configuration I am working on.

    I have multiple PROD servers and 1 QA server where we restore PROD to on a regular basis.

    Each server will have its own master key obviously and its own certificate.

    Question - Does one server certificate service all DB's with encryption turned on?

     

    Take this for example:

    PROD1

    PROD2

    QA1

    Does this mean that server QA1 will have a certificate from taken from certificate backups of both PROD servers in order to restore databases to it?

     

    When running TDE in your environment, is it enough to just backup the certificate once and store it somewhere for if/when recovery to another instance is necessary?

    Do you have to back up your certificate every time you enable encryption for a new DB (Create a DEK)

     

    Thanks

    • This topic was modified 3 years, 6 months ago by  SQLSACT.
  • Thanks for posting your issue and hopefully someone will answer soon.

    This is an automated bump to increase visibility of your question.

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply