December 5, 2024 at 4:27 pm
I’ve been tasked with securing SQL Server data and log files (MDF and LDF) using Transparent Data Encryption (TDE) across all SQL Servers in our environment, which consists of over 85 instances. This is a significant undertaking, and I’m concerned about the potential impact of deploying TDE universally across such a large number of servers, especially considering that some of these server's host databases for various business-critical applications.
I have never implemented TDE at this scale, and I’d like to ask if anyone here has experience deploying TDE across hundreds of SQL Server instances. Specifically, I’m interested in understanding the impact, if any, on performance. Additionally, are there other methods besides Transparent Data Encryption to secure database files at rest that might be worth considering?
December 6, 2024 at 5:10 pm
Thanks for posting your issue and hopefully someone will answer soon.
This is an automated bump to increase visibility of your question.
December 11, 2024 at 7:46 am
To start with, you will test this all out in Dev, yes? This will give you the process to use for Production.
For an AG, all servers in the AG need the same certificate and key setup. If you are using a distributed AG then all AGs involved need the same setup.
Test out in Dev how you would run the setup. Test out failover. Test out losing a server and replacing it with a new one. Test out changing certificates (this may become a monthly task). Test out restoring a DB to a server in an AG. Test out restoring a DB to a server with different certificate or keys. Test out anything else that may cause an issue in your environment.
When you have broken a few things in Dev and learned how to fix them, you will have the skills needed to do the work in Prod.
Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.
When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply