Sql-server – Transparent Data Encryption

Securitysql serversql-server-2008

Are there any best practices when configuring TDE in SQL Server 2008? On SQLMag, the article "Transparent Data Encryption FAQs" says the CPU may have increased usage by up to 30%?

Other than adding server horsepower, is there anything else DBAs typically do when turning on TDE?

Best Answer

  1. Some additional points that I have noticed is that in case you are using the backup compression feature, this feature together with TDE does not go that well. We have noticed a very minimal compression rate, almost negligible. Therefore consider this point of backup compression if you are using one.

  2. I am sure you would be aware, but just to add, TDE is available for Enterprise edition, so therefore consider this as well during setting up SQL server for TDE.

  3. TDE does not provide the same granular control, specific to a user or database role, as is offered by cell-level encryption.

  4. Make sure the encryption keys are stored safely in a secure location that can be accessed in the event of a restore scenario. Familiarize yourself with restoring a database that has been encrypted to a new server. (originally a comment by Jonathan Fite).