Two questions, 

 

One how many databases are you moving to SQL 2008, maybe there is the
ability to go with Enterprise Edition R2  for the transparent data
encryption you are seeking, and just have 1 database cluster accordingly
( Active/ Passive).  You don't have to go per-processor for licensing,
but Cal management can be a pain otherwise. Especially if you have proxy
boxes ( webservers, other applications etc etc) connecting to the
database backend, then Per Processor solves a lot of your problems. 

 

Other than that, I know that RED Gate SQL backup, and Quests Litespeed
can produce encrypted backups. 

 

The second question, is why do you need to encrypt the whole database?
why not just encrypt the rows with the sensitive data itself, is this a
PCI DSS requirement they want you to do ? Could not the backups
themselves be encrypted to meet the requirements?

 

Just some thoughts on this thread...

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:[email protected]

Cell:401-639-3505

 

From: Cameron Cooper [mailto:[email protected]] 
Sent: Friday, July 09, 2010 12:32 PM
To: NT System Admin Issues
Subject: Database Encryption

 

All,

 

We are looking to replace our database servers with new hardware and
software and will be running Windows Server 2008 R2 Enterprise Edition
(64bit), with SQL Server 2008 R2 Standard on each machine.  Also, each
machine connects into a MD3000.

 

What would be the best way to encrypt the entire database?  I know this
can be done with the enterprise version of SQL Server 2008 R2, but due
to the cost per processor (for unlimited CALs), we will be going with
the Standard edition.

 

_____________________________

Cameron Cooper

Network Administrator | CompTIA A+ Certified

Aurico Reports, Inc

Phone: 847-890-4021 | Fax: 847-255-1896

[email protected] | www.aurico.com

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to