patternsqlMinor
Transparent Data Encryption
Viewed 0 times
encryptiontransparentdata
Problem
Are there any best practices when configuring TDE in SQL Server 2008? On SQLMag, the article "Transparent Data Encryption FAQs" says the CPU may have increased usage by up to 30%?
Other than adding server horsepower, is there anything else DBAs typically do when turning on TDE?
Other than adding server horsepower, is there anything else DBAs typically do when turning on TDE?
Solution
-
Some additional points that I have noticed is that in case you are using the backup compression feature, this feature together with TDE does not go that well. We have noticed a very minimal compression rate, almost negligible. Therefore consider this point of backup compression if you are using one.
-
I am sure you would be aware, but just to add, TDE is available for Enterprise edition, so therefore consider this as well during setting up SQL server for TDE.
-
TDE does not provide the same granular control, specific to a user or database role, as is offered by cell-level encryption.
-
Make sure the encryption keys are stored safely in a secure location that can be accessed in the event of a restore scenario. Familiarize yourself with restoring a database that has been encrypted to a new server. (originally a comment by Jonathan Fite).
Some additional points that I have noticed is that in case you are using the backup compression feature, this feature together with TDE does not go that well. We have noticed a very minimal compression rate, almost negligible. Therefore consider this point of backup compression if you are using one.
-
I am sure you would be aware, but just to add, TDE is available for Enterprise edition, so therefore consider this as well during setting up SQL server for TDE.
-
TDE does not provide the same granular control, specific to a user or database role, as is offered by cell-level encryption.
-
Make sure the encryption keys are stored safely in a secure location that can be accessed in the event of a restore scenario. Familiarize yourself with restoring a database that has been encrypted to a new server. (originally a comment by Jonathan Fite).
Context
StackExchange Database Administrators Q#124241, answer score: 7
Revisions (0)
No revisions yet.