Add the TDE option to the option group.Add the backup and restore option to the option group.Create an option group for Amazon RDS for SQL Server.Create a symmetric AWS Key Management Service (AWS KMS) key.Create an AWS Identity and Access Management (IAM) role to access the S3 buckets.Create Amazon Simple Storage Service (Amazon S3) buckets.To implement the solution, you complete the following high-level steps: The following diagram illustrates the encryption hierarchy. It’s secured by a certificate that the server’s primary database stores or by an asymmetric key that an EKM module protects. The database boot record stores the key for availability during recovery. The encryption uses a database encryption key (DEK).
TDE does real-time I/O encryption and decryption of data and log files. The pages in an encrypted database are encrypted before they’re written to disk and are decrypted when read into memory. The encryption of a database file is done at the page level. Transparent database encryption (TDE) protects data at rest, which includes data and log files. Overview of transparent database encryption In this post, we show you how to migrate a TDE-enabled database from on premises or SQL Server on Amazon Elastic Compute Cloud (Amazon EC2) to Amazon RDS for SQL Server. Previously, to migrate a TDE-enabled database from on premises to Amazon RDS for SQL Server, you had to disable the TDE at your on-premises (source) database and then perform a native backup and restore of the given database to an RDS for SQL Server (target) instance. Amazon Relational Database Service (Amazon RDS) for SQL Server now supports the direct migration of transparent database encryption (TDE)-enabled databases by using the native backup and restore feature.
0 kommentar(er)
