none
How to enable TDE using EKM to encrypt a SQL 2008 Database on a Windows 2008 server.

    Question

  • I am reading how to enable TDE using EKM so we can protect our keys being used to encrypt our sql databases.

    When protecting the database encryption keys using EKM, is it required or best practice to provide the EKM protection from a seperate server?

    If so waht needs to be installed on the server?

    I am new to this.

    Tuesday, January 17, 2012 5:40 PM

Answers

  • Hi cyberman777,

    >>is it required or best practice to provide the EKM protection from a seperate server?
    As you know, the Extensible Key Management (EKM) is based on hardware specifically design, for key security and management. This type of device is named High Security Modules (HSM), whose vendor is referred to as EKM provider. In fact, SQL Server and EKM should be implemented on the same server, since the EKM provider’s DLL file, which is registered within SQL Server to allow communication between the SQL Server instance and the HSM device.

    For more information, please take a look at this book on implementing EKM with SQL Server 2008: Microsoft SQL Server 2008 and Luna SA Integration Guide.

    TechNet Subscriber Support
    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

    Stephanie Lv

    TechNet Community Support

    Wednesday, January 18, 2012 2:07 AM