Download eBook (PDF) - Red Gate Software

6 – Transparent Data EncryptionConsiderations when Implementing TDEPrior to implementing TDE, there are several issues to take into consideration,discussed over the following sections.Master Key InterdependencyThe process of implementing TDE involves the creation of a database masterkey and certificate, or asymmetric key, on the Master database. Only onedatabase master key can be created for a given database so any other userdatabases that share the instance, and have TDE implemented, will share adependency upon the Master database master key.This interdependency increases the importance of performing a backup of theMaster database master key to ensure the continued accessibility of the TDEenableddatabases.Performance Impact on TempDBWhen TDE is initially implemented, the physical file of the TempDB systemdatabase is also encrypted. Since the TempDB database contains temporary datafrom the TDE-enabled database, its encryption is required to maintain fullprotection by this feature; otherwise the information that is temporarily storedin the TempDB database from the TDE enabled databases would be exposedthrough the physical files of TempDB.The TempDB database is used by all user and system databases in the instanceto store temporary objects, such as temporary tables, cursors and work tablesfor spooling. It also provides row versioning and the ability to rollbacktransactions.Once the TempDB database is encrypted, any reference and use of this databaseby other databases, regardless of whether they have TDE enabled or not, willrequire encryption and decryption. While this encryption and decryption of theTempDB database files remains transparent to the user, it does have a minimalperformance impact on the entire instance. Microsoft has estimated the entireimpact of TDE on a SQL Server instance to be 3–5% depending on the serverenvironment and data volume.131