jbla9028
asked on
TDE Encryption Database migration
I am not a DBA by anymeans so please bear with me.
I have a database that is encrypted with TDE. I do not know much about TDE but have been reading up on it. I need to export the database along with any necessary certificates required to move the database offsite to be recovered on another server. I get how to move the database using a backup. My question is how do I export the certificates properly. I read ac ouple articles and I'm not clear if its 1 certificate per server or 1 certificate per database, both, or "it depends." I successfully ran this query and exported the master key from a blog I was reading. I just need to know if there are any other certificates or problems I may run into recovering the database on the new server?
BACKUP MASTER KEY TO FILE = 'u:\MSSQL\DO_NOT_DELETE\Ma sterkey1'
ENCRYPTION BY PASSWORD = 'PW1234556'
this query executed and successfully exported a file which I now have backed up.
Do I need to export any other certificates?
SQL server 2008 Enterprise
I have a database that is encrypted with TDE. I do not know much about TDE but have been reading up on it. I need to export the database along with any necessary certificates required to move the database offsite to be recovered on another server. I get how to move the database using a backup. My question is how do I export the certificates properly. I read ac ouple articles and I'm not clear if its 1 certificate per server or 1 certificate per database, both, or "it depends." I successfully ran this query and exported the master key from a blog I was reading. I just need to know if there are any other certificates or problems I may run into recovering the database on the new server?
BACKUP MASTER KEY TO FILE = 'u:\MSSQL\DO_NOT_DELETE\Ma
ENCRYPTION BY PASSWORD = 'PW1234556'
this query executed and successfully exported a file which I now have backed up.
Do I need to export any other certificates?
SQL server 2008 Enterprise
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you. Also I see that you have mentioned that there's ways to disable TDE. If I disable TDE, can I make an unencrypted backup without causing any issues with the database's functionality? If so what query output do I need to complete to disable TDE? Thanks!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you all for the detailed answers!
It's important to take the certificate and put it in a safe (preferably on 2 separate media).
Otherwise you wont be able to use your backups in a DR scenario.
Otherwise you have the classic: a backup solution, not a restore solution. :-)
Regards Marten