SQL Server 2016 TDE ( Transparent Data Encryption)

By -
  • Transparent Data Encryption is designed to protect data by encrypting the physical files of the database, rather than the data itself
  • These physical files include the database file (.mdf), the transaction log file (.ldf) and the backup files (.bak).
  • Its main purpose is to prevent unauthorized access to the data by restoring the files to another server. 
  • With Transparent Data Encryption in place, this requires the original encryption certificate and master key.
  • The protection of the database files is accomplished through an encryption key hierarchy that exists externally from the database in which TDE has been enabled.
  • The service master key exists at the instance level. The database master key and certificate at the Master database are used to protect the database encryption key that is located at the user database
  • The dependency upon the encryption key hierarchy in the Master database, as well as the instance, prevents the database files from being restored to an instance of SQL Server that does not contain the referenced keys. 
  • This level of protection is a great comfort if a backup tape that contains your database backup files were to fall into the wrong hands.
  • Encryption of the backup files prevents the plain text values that are contained within the database being disclosed by opening the backup files using a text editor and scanning its contents.
Benefits
  1. Implementation of TDE does not require any schema modifications
  2. Since the physical data files and not the data itself are encrypted, the primary keys and indexes on the data are unaffected, and so optimal query execution can be maintained
  3. The performance impact on the database is minimal
  4. Performance degradation for TDE to be 3-5%, while cell-level encryption is estimated to be 20-28%
  5. The decryption process is invisible to the end user
  6. SQL Server engine handles all of the encryption and decryption work
  7. TDE uses the AES and 3DES encryption algorithms, and the encryption and decryption operations are run on background threads by SQL Server
Disadvantages
  • TDE does not provide the same granular control, specific to a user or database role, as is offered by cell-level encryption
  • TempDB database is also encrypted even single database in enabled as TDE

Comments

Micheal Alexander said…
Thanks for this. I really like what you've posted here and wish you the best of luck with this blog and thanks for sharing. Transparent File Level Encryption
July 27, 2020 at 12:40 AM
Kishan said…
Thanks Michaeal, thanks for your comments!
October 6, 2020 at 12:58 PM
Prancer said…
Thank you for the great post.
Prancer is a pre-deployment and post-deployment multi-cloud validation framework for your Infrastructure as Code (IaC) pipeline and continuous compliance in the cloud.

November 30, 2020 at 4:17 AM
Post a Comment

Popular posts from this blog

Setting up Dotnetnuke (DNN) to work with Active Directory

By -
Image
Setting Up Active Directory Integration with DotNetNuke Seems like enough people ask, and the information is hidden enough around the DNN AD forum that this information could be posted in one place.  These are the steps I take to get my DNN AD integration to work every time.  I have never had it fail.  I hope you find it helpful.  Now if you are setting up your AD in Mixed-Mode most likley this little write up isn't for you. The setup process is a three step process.  The first step is done from within DNN.  The second step takes place in DNN’s web.config file.  The final step takes place in IIS. Within the DNN Website Login as Admin or Host to your DNN website. After login go to                                                                i.     the Admin tab                               ii.   and then select Authentication You will now see the Active Directory Setup Screen. Fill out the screen as follows.             
Read more

Programming !!!!!!!!!!!

By -
Programming is like art of painting. In painting you draws things that are in your mind on the paper with the pencil & file the color in it to make it alive. The same things happen in programming first you make clear about the output of programming decide the what will be the input data make it’s list & how many variable you will going to use in coding. & according to the requirement of output the coding is done. Coding contain Mathematical formula’s & code combine in the Logical manner to achieve the output. According the type of Language & it’s richness the coding is done to make the programming as small as possible. In programming Mathematical thinking is required. You must be able to write your ideas in terms of mathematics with the nature of Language you are using to construct the program . The skill get improve when you do practice .. Lots of Practice. The only way to learn any programming language just to write programs. Try to do it for fun. 
Read more