How to Implement Transparent Data Encryption (TDE)?

Leave a comment (2) Go to comments

What is Transparent Data Encryption (TDE)?

Transparent Data Encryption is designed to protect data by encrypting the physical files of the database, rather than the data itself. Its main purpose is to prevent unauthorized access to the data by restoring the files to another server.  With Transparent Data Encryption in place, this requires the original encryption certificate and master key.  It was introduced in the Enterprise edition of SQL Server 2008.

How to use the transparent data encryption (TDE) -  Step by Step Video


Key Point

  1. Since the physical data files and not the data itself are encrypted, the primary keys and indexes on the data are unaffected, and so optimal query execution can be maintained.
  2. TDE Protects data without any changes at application level; Implementation of TDE does not require any schema modifications.
  3. There is very minimal performance cost for enabling TDE. Microsoft estimates the performance degradation for TDE to be 3-5%, while cell-level encryption is estimated to be 20-28%.
  4. Once TDE is enabled, pages are encrypted on write
  5. CPU performance impact is minor [3-5%]
  6. Secure key, which is required for backups
  7. Transaction log is also encrypted, once TDE is enabled
  8. Tempdb is encrypted when your first user database is encrypted.
  9. Do not use Compression and encryption together. As SQL Server can’t compress encrypted data
  10. Instant File Initialization is disabled
  11. Filestream data is not encrypted
  12. Consider impact on 3rd party tools/application/software’s like scan etc.
  13. Encrypted databases backups are also encrypted
  14. Encryption key must be available to restore backups (certificate + private key).

Notes

  1. The subscribing database must also have TDE implemented incase publisher is encrypted using TDE.
  2. Filestream files remain unencrypted, incase TDE is enabled on database

For More information,

Understanding Transparent Data Encryption (TDE)

Another Article on TDE

Extensible Key Management (EKM) – SQL Server 2008

Tags : How to Implement Transparent Data Encryption, How to Implement TDE,How TDE Works,Benefits and Disadvantages of TDE,Benefits of TDE,Disadvantages of TDE,Considerations when Implementing TDE,TDE Performance Impact on TempDB,TDE and Decryption,Implementing TDE, how to enable Implementing TDE,how to enable Transparent Data Encryption , why my tempdb is encrypted,Verifying TDE, how to verify weather database is encrypted ot not ,Step by Step TDE implementation, step by step transparent data encryption TDE implementation, step by step transparent data encryption TDE implementation, transparent data encryption TDE Video, how to transparent data encryption TDE Video

EOF - How to Implement Transparent Data Encryption (TDE)?, SQL Server 2012 , 2008 R2 , 2008 , 2005 , 2000
Leave a comment

2 Comments.

  1. Nice Video on TDE.
    Thanks,
    Siva from ihub

  2. very informative. thanks a ton.

Leave a Reply

Your email address will not be published. Required fields are marked *


*


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.