locked
TDE and Master Database RRS feed

  • Question

  •  

    Hi,

    If I encrypt my database using TDE, and backup both Master and my database, can I restore Master on other instance and then restore my database?

    Thanks in advance,

    Leila

    Monday, November 3, 2008 1:01 PM

Answers

  • Yes, that should work.

     

    Saturday, November 8, 2008 12:40 AM
  • Correct - with the key in master if someone is able to backup master and restore it to another machine in their control along with your user database then they can access your database. If this is a concern for you, EKM may help mitigate this scenario.

    Monday, November 10, 2008 6:05 PM
  • There are no currently shipping EKM providers, though we expect some to be shipping shortly from partners. If you are interested in writing your own EKM provider, contact me through my email (see my profile) and I can put you in touch with the right people.

     

    Wednesday, November 26, 2008 12:37 AM

All replies

  • Yes, that should work.

     

    Saturday, November 8, 2008 12:40 AM
  •  

    Thanks for you reply. I want to protect my database in case when somebody can copy my database files and master database as well. This way, when master database is copied over another instance, and my database is attached to that instance, my data is not protected. Is that true?

     

    Sunday, November 9, 2008 6:09 PM
  • Correct - with the key in master if someone is able to backup master and restore it to another machine in their control along with your user database then they can access your database. If this is a concern for you, EKM may help mitigate this scenario.

    Monday, November 10, 2008 6:05 PM
  • Thanks Jack! I read about EKM in BOL, but how can I test it? This seems that I must necessarily have an EKM provider! Can I provide EKM myself?

    Monday, November 10, 2008 7:25 PM
  • There are no currently shipping EKM providers, though we expect some to be shipping shortly from partners. If you are interested in writing your own EKM provider, contact me through my email (see my profile) and I can put you in touch with the right people.

     

    Wednesday, November 26, 2008 12:37 AM
  • Luna SA HSM provides EKM in SQL Server 2008.
    Wednesday, September 2, 2009 2:16 PM