In summary each instance needs a master key and a certificate, for databases to work correctly within an AG and across instances the certificate needs to be consistent across all nodes.
For more information refer to Microsoft documents online See TDE for details on SQL Server 2017
The encryption uses a database encryption key, which is stored in the database boot record for availability during recovery. It performs real-time I/O encryption and decryption of the data and log files. TDE encrypts SQL Server data files, known as encrypting data at rest. Once broken into its component parts it’s quite straight forward. Setting up Transparent Data Encryption (TDE) can seem daunting at first, especially when AlwaysOn Availability Groups (AG) are added to the equation.
0 kommentar(er)
