Blog

  • Rotating a Certificate Used by TDE

    Rotating a Certificate Used by TDE

    In terms of encryption, Key Rotation is the process of replacing your encryption keys on a periodic basis. This is considered good practice and is required by many security certifications. In practice, if you had to rotate/replace the key that is used to encrypt your data then that would be an intensive activity requiring all… Read more

  • Recovering a TDE Database Without the Certificate 

    Recovering a TDE Database Without the Certificate 

    If you don’t have the backups of the certificate and private key from the old server, as well as the password used to encrypt the private key backup then you could be in a lot of trouble. There is one scenario where you have a way out. I’m going to assume you don’t have the… Read more

  • Migrating or Recovering a TDE Protected Database 

    When encrypting a database with Transparent Data Encryption (TDE), a vital consideration is to make sure we are prepared for the scenario where something goes wrong. For instance, if the server hosting our SQL instance goes belly-up, can we recover the data that we have encrypted with TDE? In the ordinary recovery scenario, we would… Read more

  • Things to look out for while TDE is encrypting existing data

    Monitoring for Problems The encryption of your existing data occurs as a background process referred to as the encryption scan, but it will consume resources while it runs, so if you are implementing TDE against a system with large databases where performance is critical then you will want to either run it in a period… Read more

  • What is calling my T-SQL scalar function (millions of times)?

    In this post we look at a method using Extended Events (XE) to identify what parent objects are calling a given SQL function and how often. The background is that I was working with a team where we identified that a certain scalar function was being executed billions of time a day and – although… Read more

  • How Long Will it Take to Encrypt Your Existing Data with TDE?

    As we’ve seen in previous posts, the process of turning TDE on for an empty database with no data is instantaneous. Most of the time though you’ll be applying TDE to an existing system where you may have a large amount of data that needs to be encrypted. The process of setting up TDE is… Read more