I have a TDE protected database which I want to extend to Azure using replication. My question is, do I have to restore certificate on the Azure database before I start setting up the database as the subscriber?
Asked
Active
Viewed 109 times
0
-
My gut says 'no" as the Transparent part of TDE means that except for data at rest scenarios, the data can be accessed. As it applies to your situation, the replication log reader wouldn't need anything special, and I'd expect the data to be store in the clear at the distributor. From there, delivering it to any replication subscriber (whether in Azure or not) would be free of any TDE. – Ben Thul Jan 29 '19 at 20:31
1 Answers
2
do I have to restore certificate on the Azure database before I start setting up the database as the subscriber?
No. Per docs:
"Replication does not automatically replicate data from a TDE-enabled database in an encrypted form. You must separately enable TDE if you want to protect the distribution and subscriber databases. Snapshot replication, as well as the initial distribution of data for transactional and merge replication, can store data in unencrypted intermediate files; for example, the bcp files. "
David Browne - Microsoft
- 80,331
- 6
- 39
- 67