a month ago
Is there a write up commands to setup Sybase TDE encryption at rest to setup on the prod - DR servers with a mix of replicated and non replicated dbs and a daily refresh to the UAT for selective dbs. For exmple - if I have 70 dbs on ASE server, do I need to create 70 encryption keys and decrypt/encrypt with every database scheduled daily. Tried following manuals, not getting it right.
Request clarification before answering.
You can use one DEK for all databases.
Once encrypted, you do not have to decrypt a database. Use 'transfer encryption key' (https://help.sap.com/docs/SAP_ASE/e0d4539d39c34f52ae9ef822c2060077/ab8a5e079bae4204b0be90db9e115d06....) to extract the master key and the DEKs from the source ASE and install them into the target/replica ASE so loads/replication work.
Chris
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I would also recommend using a master key so automatic master key access can be configured for the ASEs so they start up with access to the encrypted databases. Otherwise encrypted databases cannot be accessed during recovery when the ASE server starts until a session is connected and unlocks the master key (step 2 below).
The steps to set up automatic master key access are:
1. Create/transfer master key
2. set encryption passwd '<master key password>' for key master
3. sp_configure "automatic master key access", 1
4. alter encryption key master with passwd '<password>' add encryption for automatic_startup
5. create/transfer DEK(s)
The encrypted master key (step 4) is stored by default at a location shown by 'sp_encryption mkey_startup_file, null' and can be changed before running step 4, but must be in a folder readable by the ASE when it starts.
Chris
User | Count |
---|---|
75 | |
30 | |
9 | |
8 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.