How To Add a TDE Enabled Database To An Always On Availability Group

Sdílet
Vložit
  • čas přidán 26. 04. 2023
  • Please visit the below link for scripts:
    www.mediafire.com/file/0xtp2g...
    ================================
    Select name, is_encrypted from sys.databases
    SELECT * FROM sys.symmetric_keys;
    ---Take backup from primary Replica.
    BACKUP SERVICE MASTER KEY TO FILE = '\\Node1\tde\SMK'
    ENCRYPTION BY PASSWORD = 'HYD@123'
    ---Restore in Secondary replicas,
    Restore SERVICE MASTER KEY from FILE = '\\Node1\tde\SMK'
    DECRYPTION BY PASSWORD = 'HYD@123'
    ----
    Select name, is_encrypted from sys.databases
    --Step1:Take the full database backup of Dba to be on safe side.
    BACKUP DATABASE [dba] TO DISK = '\\Node1\tde\dba.bak' WITH NOFORMAT, NOINIT,
    NAME = N'dba-Full Database Backup', SKIP, NOREWIND, NOUNLOAD, STATS = 10
    GO
    ---Create database master key
    USE master;
    Go
    CREATE MASTER KEY
    ENCRYPTION BY PASSWORD = 'HYd@123';
    GO
    --Back up master key.
    USE Master;
    GO
    OPEN MASTER KEY DECRYPTION BY PASSWORD = 'HYd@123';
    BACKUP MASTER KEY TO FILE = '\\Node1\tde\exportedmasterkey'
    ENCRYPTION BY PASSWORD = 'HYd@123';
    --Restore in all secondary replicas.
    ---------------
    USE master
    GO
    RESTORE MASTER KEY
    FROM FILE = '\\Node1\tde\exportedmasterkey'
    DECRYPTION BY PASSWORD = 'HYd@123'
    ENCRYPTION BY PASSWORD = 'HYd@123'
    --Step3:Create certificate in Primary replica
    USE master;
    GO
    CREATE CERTIFICATE TDE_Certificate
    WITH SUBJECT='Certificate for TDE';
    GO
    --Step4:Create database encryption key
    USE dba
    GO
    CREATE DATABASE ENCRYPTION KEY
    WITH ALGORITHM = AES_256
    ENCRYPTION BY SERVER CERTIFICATE TDE_Certificate;
    --Step6:Turn on encryption on database
    ALTER DATABASE Dba
    SET ENCRYPTION ON
    --Step5:Back up the certificate and the private key associated with the certificate
    USE master;
    GO
    BACKUP CERTIFICATE [TDE_Certificate]
    TO FILE = '\\Node1\tde\TDE_Certificate_For_dbadatabase.cer'
    WITH PRIVATE KEY (file='\\Node1\tde\TDE_dba_private_CertKey.pvk',
    ENCRYPTION BY PASSWORD='HYd@123');
    --To Restore the certificate in All secondary replicas.
    ---OPEN MASTER KEY DECRYPTION BY PASSWORD = 'HYd@123'; Please use this option if u get any error and try.
    USE master;
    GO
    Create CERTIFICATE [TDE_Certificate]
    From FILE = '\\Node1\tde\TDE_Certificate_For_dbadatabase.cer'
    WITH PRIVATE KEY (file='\\Node1\tde\TDE_dba_private_CertKey.pvk',
    DECRYPTION BY PASSWORD='HYd@123');
    --Step8:Check encryption enabled
    Select name, is_encrypted from sys.databases
    Select * from sys.certificates
    ---Monitor TDE Progress:
    SELECT DB_NAME(database_id) AS DatabaseName, encryption_state,
    encryption_state_desc =
    CASE encryption_state
    WHEN '0' THEN 'No database encryption key present, no encryption'
    WHEN '1' THEN 'Unencrypted'
    WHEN '2' THEN 'Encryption in progress'
    WHEN '3' THEN 'Encrypted'
    WHEN '4' THEN 'Key change in progress'
    WHEN '5' THEN 'Decryption in progress'
    WHEN '6' THEN 'Protection change in progress (The certificate or asymmetric key that is encrypting the database encryption key is being changed.)'
    ELSE 'No Status'
    END,
    percent_complete,encryptor_thumbprint, encryptor_type FROM sys.dm_database_encryption_keys
    ---Create availaiiity groups On Primary Replica[which is node1 now]
    USE master;
    GO
    CREATE AVAILABILITY GROUP [TDE]
    WITH (DB_FAILOVER = ON)
    FOR REPLICA ON 'node1' WITH (ENDPOINT_URL = 'TCP://Node1.abc.com:5022', AVAILABILITY_MODE = SYNCHRONOUS_COMMIT, FAILOVER_MODE = AUTOMATIC),
    'node2' WITH (ENDPOINT_URL = 'TCP://Node2.abc.com:5022', AVAILABILITY_MODE = SYNCHRONOUS_COMMIT, FAILOVER_MODE = AUTOMATIC);
    --Add the database to AG from primary
    USE master
    GO
    ALTER AVAILABILITY GROUP TDE ADD DATABASE [Dba]
    --Use on secondary replicas Node2
    Use Master
    Go
    ALTER DATABASE Dba SET HADR AVAILABILITY GROUP = TDE;
    ============================
    --Roll back up steps For TDE
    --Step1:
    Use dba
    Go
    Alter Database dba Set Encryption off
    --Step2:
    Use dba
    go
    Drop database encryption key
    --Step3:
    Use Master
    Go
    Drop certificate TDE_Certificate
    --Step4:--Optional
    Use master
    Go
    Drop master key
  • Jak na to + styl

Komentáře • 12

  • @k.nagapavankumar6997
    @k.nagapavankumar6997 Před 11 měsíci

    Thanks for detailed live scenario explanation sir

  • @Danish_Khan..
    @Danish_Khan.. Před rokem

    Thank you for sharing such helpful videos

  • @ssv91952
    @ssv91952 Před rokem

    Nice explanation Bro

  • @neeleshpathri
    @neeleshpathri Před 5 měsíci +1

    Can you please tell me what is the process for Existing Db as you added New DB and applied TDE What about for Existing DB

  • @k.nagapavankumar6997
    @k.nagapavankumar6997 Před 11 měsíci

    Hello sir,
    When you get a chance pls do a demo on SQL upgrade from lower version to higher version which includes Alwayson databases sor

  • @ssv91952
    @ssv91952 Před rokem

    Please Share the Scripts

    • @MSSQLDBATechSupport
      @MSSQLDBATechSupport  Před rokem

      Hello Srinivasulu
      Please find the below link for the scripts
      www.mediafire.com/file/0xtp2gtrtbbdwvt/ADD_TDE_USER_database_into_always_on.txt/file

Další v pořadí
Automatické přehrávání
MS SQL 2022 DBA Real Time Home Lab | Multi Subnet Environment7:05MS SQL 2022 DBA Real Time Home Lab | Multi Subnet Environment
MS SQL 2022 DBA Real Time Home Lab | Multi Subnet EnvironmentMS SQL DBA Tech Support
zhlédnutí 1,3K
Always on Availability group (AG) cluster in SQL Server31:40Always on Availability group (AG) cluster in SQL Server
Always on Availability group (AG) cluster in SQL ServerARSLANOV
zhlédnutí 2,5K
How To Perform a Page Level Restore in SQL Server? | MS SQL SERVER13:27How To Perform a Page Level Restore in SQL Server? | MS SQL SERVER
How To Perform a Page Level Restore in SQL Server? | MS SQL SERVERMS SQL DBA Tech Support
zhlédnutí 330
🍴 Join Puff as he whips up the fluffiest pancakes ever! #PancakeDay00:20🍴 Join Puff as he whips up the fluffiest pancakes ever! #PancakeDay
🍴 Join Puff as he whips up the fluffiest pancakes ever! #PancakeDayThat Little Puff
zhlédnutí 16M
ANATOLY Use FAKE WEIGHTS in GYM PRANK #anatoly #fitness #gym00:58ANATOLY Use FAKE WEIGHTS in GYM PRANK #anatoly #fitness #gym
ANATOLY Use FAKE WEIGHTS in GYM PRANK #anatoly #fitness #gymANATOLY
zhlédnutí 21M
Your bathroom needs this00:58Your bathroom needs this
Your bathroom needs thisJustin Flom
zhlédnutí 11M
TO NEJLEPŠÍ Z INTERNETU! #54 😍00:57TO NEJLEPŠÍ Z INTERNETU! #54 😍
TO NEJLEPŠÍ Z INTERNETU! #54 😍HouseBox
zhlédnutí 471K
Economist fact-checks Scott Galloway’s Anti-Boomer TED Talk26:05Economist fact-checks Scott Galloway’s Anti-Boomer TED Talk
Economist fact-checks Scott Galloway’s Anti-Boomer TED TalkMoney & Macro
zhlédnutí 40K
SQL Server Always On Availability Groups - An Introduction13:29SQL Server Always On Availability Groups - An Introduction
SQL Server Always On Availability Groups - An IntroductionSQL Answers
zhlédnutí 4,3K
How to Configure SSL/TLS certificates for SQL Server: "Secure Your Data with Encryption"20:31How to Configure SSL/TLS certificates for SQL Server: "Secure Your Data with Encryption"
How to Configure SSL/TLS certificates for SQL Server: "Secure Your Data with Encryption"MS SQL DBA Tech Support
zhlédnutí 776
SQL DBA Mock Interview 3 for 4 Years experience28:43SQL DBA Mock Interview 3 for 4 Years experience
SQL DBA Mock Interview 3 for 4 Years experienceSolved Pages
zhlédnutí 847
How To Price For B2B | Startup School17:46How To Price For B2B | Startup School
How To Price For B2B | Startup SchoolY Combinator
zhlédnutí 20K
SQL Query Optimization and performance tuning | How to optimize SQL Queries | SQL Query tune10:14SQL Query Optimization and performance tuning | How to optimize SQL Queries | SQL Query tune
SQL Query Optimization and performance tuning | How to optimize SQL Queries | SQL Query tuneDatabase Academy
zhlédnutí 9K
MS SQL Server Alert:How To Configure MS SQL Server Suspect Database Pages Alert6:33MS SQL Server Alert:How To Configure MS SQL Server Suspect Database Pages Alert
MS SQL Server Alert:How To Configure MS SQL Server Suspect Database Pages AlertMS SQL DBA Tech Support
zhlédnutí 280
Bike maintenance lifehack. Correct way to lubricate your bicycle🚴 #shorts #diy #bike #tips00:19Bike maintenance lifehack. Correct way to lubricate your bicycle🚴 #shorts #diy #bike #tips
Bike maintenance lifehack. Correct way to lubricate your bicycle🚴 #shorts #diy #bike #tipsSimple Creative
zhlédnutí 5M
My New Model 3 Performance Almost Ran Out of Battery 😳😱00:24My New Model 3 Performance Almost Ran Out of Battery 😳😱
My New Model 3 Performance Almost Ran Out of Battery 😳😱Tesla Flex
zhlédnutí 26M
Chill Cop!? 👀🤝 Via: @Bellakshoots00:12Chill Cop!? 👀🤝 Via: @Bellakshoots
Chill Cop!? 👀🤝 Via: @BellakshootsSUBIEWOO
zhlédnutí 29M
Leo Brichta @teambrichta - RECAST1:58:56Leo Brichta @teambrichta - RECAST
Leo Brichta @teambrichta - RECASTDuklock
zhlédnutí 142K
Money well spent if you ask me🫡 w Carter Kench #shorts00:15Money well spent if you ask me🫡 w Carter Kench #shorts
Money well spent if you ask me🫡 w Carter Kench #shortsCarter Kench
zhlédnutí 11M
Street Artists Paints My Tablet for 30 Euros... 😱 #art #rome01:00Street Artists Paints My Tablet for 30 Euros... 😱 #art #rome
Street Artists Paints My Tablet for 30 Euros... 😱 #art #romeMr. Spray
zhlédnutí 48M
El pepe Challenge | sesi kıstık | doğrusunu yapman imkansız | çok korktum sonunda ağladım00:14El pepe Challenge | sesi kıstık | doğrusunu yapman imkansız | çok korktum sonunda ağladım
El pepe Challenge | sesi kıstık | doğrusunu yapman imkansız | çok korktum sonunda ağladımYESİM RESMİİ
zhlédnutí 23M
Vyzkoušíš? Pro další Beauty tipy dej 🔔#shorts #skincareshorts00:27Vyzkoušíš? Pro další Beauty tipy dej 🔔#shorts #skincareshorts
Vyzkoušíš? Pro další Beauty tipy dej 🔔#shorts #skincareshortsKarin Little Love
zhlédnutí 167K