Database
Microsoft SQL Server
5min
this document provides information about configuring the {{k3}} with microsoft sql server transparent data encryption (tde) by using ekm libraries for additional questions related to your {{k3}} device, see the relevant user guide about microsoft sql server microsoft sql server is a relational database management system (rdbms) used for large scale online transaction processing (oltp), data warehousing, and e commerce applications it is also a business intelligence platform for data integration, analysis, and reporting solutions about transparent data encryption (tde) from the microsoft documentation website transparent data encryption (tde) encrypts sql server data files this encryption is known as encrypting data at rest to help secure a database, you can take precautions like designing a secure system encrypting confidential assets building a firewall around the database servers however, a malicious party who steals physical media like drives or backup tapes can restore or attach the database and browse its data one solution is to encrypt sensitive data in a database and use a certificate to protect the keys that encrypt the data this solution prevents anyone without the keys from using the data but you must plan this kind of protection tde does real time i/o encryption and decryption of data and log files the encryption uses a database encryption key (dek) the database boot record stores the key for availability during recovery the dek is a symmetric key it's secured by a certificate that the server's master database stores or by an asymmetric key that an ekm module protects tde protects data at rest, which is the data and log files it lets you follow many laws, regulations, and guidelines established in various industries this ability lets software developers encrypt data by using aes and 3des encryption algorithms without changing existing applications encryption hierarchy and integration with the {{k3}} through extensible key management (ekm), microsoft sql server can use a {{k3}} for key management and encryption acceleration in this configuration, you can encrypt data by using encryption keys that only the database user has access to on the external ekm or hsm module only the database level items (such as the database encryption key) are user configurable when you use tde on your sql database integration overview this guide covers the following tasks generate a certificate signing request from a certreq policy file configure the {{k3}} create an association between the signed microsoft sql server certificate and the key pair install and configure the fxcl ekm configure ekm in microsoft sql server enable tde in microsoft sql server the following sections show you how to perform these tasks