>>is it required or best practice to provide the EKM protection from a seperate server?
As you know, the Extensible Key Management (EKM) is based on hardware specifically design, for key security and management. This type of device is named High Security Modules (HSM), whose vendor is referred to as EKM provider. In fact, SQL Server and EKM should
be implemented on the same server, since the EKM provider’s DLL file, which is registered within SQL Server to allow communication between the SQL Server instance and the HSM device.
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.