Download eBook (PDF) - Red Gate Software

6 – Transparent Data EncryptionTempDB database is dropped and recreated. This can be verified by performingthe following steps:• Stop the SQL Server instance.• Start the SQL Server instance.• Execute SELECT * FROM SYS.DATABASES, using the Masterdatabase.The result of the third step will reveal that the column titled CREATE_DATE forthe TempDB database will be approximately the date and time that you restartedthe SQL Server instance. When thesys.dm_database_encryption_keys DMV is executed, the databaseencryption key for the TempDB database will still be included in the results andthe column titled CREATE_DATE will also reflect the time that the instance wasrestarted. This illustrates that when the TempDB database is recreated so is itsdatabase encryption key.At first glance the comparison of the CREATE_DATE columns of thesys.databases and sys.dm_database_encryption_keys DMV mayraise concern since they do not match; but consider that thesys.dm_database_encryption_keys DMV reflects the date and time inGreenwich Mean Time (GMT) while the sys.databases catalog viewreflects the date and time according to your time zone. Depending on yourlocation this may appear to be in the future or in the past. In my case, being onEastern Standard Time (EST) in the United States thesys.dm_database_encryption_keys DMV CREATE_DATE is fivehours into the future.Verification through Backup and RecoveryAnother method of verifying the success of a TDE implementation is toperform a backup of the database, after TDE has been enabled, as shown inListing 6-9. When doing so, make sure not to overwrite the backup file that wascreated prior to implementing TDE.USE HomeLending;GOBACKUP DATABASE HomeLendingTO DISK = 'D:\HomeLending\Backup\HomeLending_PostTDE.bak'WITH NOFORMAT,INIT,NAME = 'HomeLending-Full Database Backup',SKIP,140