May 4, 2009 at 1:21 pm
Hey matt,
Last week there was an article written on the performance impact on TDE. In that the Author did some testing and was able to figure out that the performance impact was less than 5%.
-Roy
May 4, 2009 at 2:21 pm
Hey Roy... very good (okay, GREAT) article.
I thing to emphasize... as long as you need that backup, you need to keep the security certificates. Think SOX. You may need that certificate for many years. And, of course, it can't be kept with the backup... sorta nullifies the security. How to manage the security of the certificates separately from the backups needs to be thought out in advance also.
Wayne
Microsoft Certified Master: SQL Server 2008
Author - SQL Server T-SQL Recipes
May 4, 2009 at 2:24 pm
I totally agree on that point. It should be stored in multiple medias I would say and kept in a very safe place off the network.
-Roy
May 4, 2009 at 2:33 pm
Could you explain the difference between making the master key and the certificate. Also, I noticed that the master key password was set to an empty string. Why?
Thanks,
Steve
May 4, 2009 at 2:37 pm
Excellent article. I like how you took the time to look up known problems with TDE and to write out a list of issues to take into consideration. In other words, this article is much more than a re-hash of BOL/here's how you do it. It gives great info. Thanks.
May 4, 2009 at 2:44 pm
Hi Steve,
Regarding the empty Password, I had put the Password as 'TryToUseOnlyStrongPassword' netween the Less Than and Greater Than symbol. But since Less Than and Greater Than symbol acts like a HTML Tag, the article ate it up... 🙂
The Certificate you create will be protected by the Master Key (That is password protected). That is why you have to create a Master key and Certificate.
Thanks JJ. I tried to point out the Pros and Cons. I did not want anyone to implement TDE without knowing the Pros and cons of it.:-)
-Roy
May 4, 2009 at 2:49 pm
Can database certificates only be created after you create the master key?
May 4, 2009 at 3:09 pm
I am not 100 % sure about that part. I have not tried it. I will have to test it out. But here is a great article written by Micheal Coles regarding certificates[/url].
You can really get lots of info regarding certificates. When you read that article, it gives you the impression that Master key is needed for creating certificates.
-Roy
May 4, 2009 at 3:21 pm
Hi Roy
Great article!
Thanks
Flo
May 4, 2009 at 3:24 pm
Thanks Flo... How is your article coming up?
-Roy
May 4, 2009 at 3:30 pm
Heh...
Just finished my (about 600...) tests and working on the final results. Print, read 10 times, correct 65,345 times... I try to publish end of this week.
May 4, 2009 at 3:36 pm
Where is the empty password? I can fix that. I don't see one in the code for the article.
May 4, 2009 at 4:09 pm
Thanks much Roy. It was very instructional..
Dennis Parks
MCSE, MCDBA, MCSD, MCAD, MCTS
May 4, 2009 at 4:51 pm
Florian Reischl (5/4/2009)
Heh...Just finished my (about 600...) tests and working on the final results. Print, read 10 times, correct 65,345 times... I try to publish end of this week.
Thats great... I will red it for sure.
Steve, It is in the Create Master Key SQL Code. Maybe it got lost while I posted back after tyhe edition.
-Roy
May 4, 2009 at 5:52 pm
Roy,
You beat me on this. Even I wrote a paper of TDE and was waiting to have an answer for the Disabling TDE issue before I publish. Your article is very well written and deserve a 5 star.
By the way, Can we know if Microsoft will have an answer or a patch for the issue in their next service pack?
Amit
Amit Lohia
Viewing 15 posts - 16 through 30 (of 81 total)
You must be logged in to reply to this topic. Login to reply