Deploy a database with the PowerShell in Azure and verify Transparent Data Encryption (TDE)!

%3CLINGO-SUB%20id%3D%22lingo-sub-1815960%22%20slang%3D%22en-US%22%3EDeploy%20a%20database%20with%20the%20PowerShell%20in%20Azure%20and%20verify%20Transparent%20Data%20Encryption%20(TDE)!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1815960%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%20Azure%20friends%2C%3C%2FP%3E%3CP%3EI%20used%20the%20PowerShell%20ISE%20for%20this%20configuration.%20But%20you%20are%20also%20very%20welcome%20to%20use%20Visual%20Studio%20Code%2C%20just%20as%20you%20wish.%26nbsp%3BPlease%20start%20with%20the%20following%20steps%20to%20begin%20the%20deployment%20(the%20Hashtags%20are%20comments)%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23The%20first%20two%20lines%20have%20nothing%20to%20do%20with%20the%20configuration%2C%20but%20make%20some%20space%20below%20in%20the%20blue%20part%20of%20the%20ISE%3C%2FP%3E%3CP%3E%3CSTRONG%3ESet-Location%20C%3A%5CTemp%3C%2FSTRONG%3E%3CBR%20%2F%3E%3CSTRONG%3EClear-Host%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23So%20that%20you%20can%20carry%20out%20the%20configuration%2C%20you%20need%20the%20necessary%20cmdlets%2C%20these%20are%20contained%20in%20the%20module%20Az%20(is%20the%20higher-level%20module%20from%20a%20number%20of%20submodules)%3C%2FP%3E%3CP%3E%3CSTRONG%3EInstall-Module%20-Name%20Az%20-Force%20-AllowClobber%20-Verbose%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23Log%20into%20Azure%3CBR%20%2F%3E%3CSTRONG%3EConnect-AzAccount%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23Select%20the%20correct%20subscription%3CSTRONG%3E%3CBR%20%2F%3E%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CSTRONG%3EGet-AzContext%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CSTRONG%3EGet-AzSubscription%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CSTRONG%3EGet-AzSubscription%20-SubscriptionName%20%22your%20subscription%20name%22%20%7C%20Select-AzSubscription%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%3E%3CDIV%3E%3CSPAN%3E%23Prefix%26nbsp%3Bfor%26nbsp%3Bresources%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%24prefix%26nbsp%3B%3D%26nbsp%3B%22tw%22%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CDIV%3E%3CSPAN%3E%23Let's%26nbsp%3Bcreate%26nbsp%3Ba%26nbsp%3BSQL%26nbsp%3BDB%26nbsp%3Bthat%26nbsp%3Bwe%26nbsp%3Bwill%26nbsp%3Bencrypt%20(never%20use%20secrets%20in%20code%2C%20but%20for%20this%20demo%20it's%20fine!)%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%24Location%26nbsp%3B%3D%26nbsp%3B%22westeurope%22%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%24id%26nbsp%3B%3D%26nbsp%3BGet-Random%26nbsp%3B-Minimum%26nbsp%3B1000%26nbsp%3B-Maximum%26nbsp%3B9999%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%24ResourceGroupName%26nbsp%3B%3D%26nbsp%3B%22%24prefix-sql-%24id%22%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%24SQLServerName%26nbsp%3B%3D%26nbsp%3B%22%24prefix-sql-%24id%22%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%24SQLDatabaseName%26nbsp%3B%3D%26nbsp%3B%22%24prefix-sql-db%22%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%24SQLAdmin%26nbsp%3B%3D%26nbsp%3B%22sqladmin%22%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%24SQLAdminPassword%26nbsp%3B%3D%26nbsp%3BConvertTo-SecureString%26nbsp%3B-String%26nbsp%3B'P%40ssw0rd007!'%26nbsp%3B-AsPlainText%26nbsp%3B-Force%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%24SQLAdminCredentials%26nbsp%3B%3D%26nbsp%3BNew-Object%26nbsp%3B-TypeName%26nbsp%3BSystem.Management.Automation.PSCredential%26nbsp%3B-ArgumentList%26nbsp%3B%24SQLAdmin%2C%24SQLAdminPassword%3C%2FSTRONG%3E%3C%2FDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSPAN%3E%23Now%20create%26nbsp%3Ba%26nbsp%3Bresource%26nbsp%3Bgroup%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%24sqlRG%26nbsp%3B%3D%26nbsp%3BNew-AzResourceGroup%26nbsp%3B-Name%26nbsp%3B%24ResourceGroupName%26nbsp%3B-Location%26nbsp%3B%24Location%3C%2FSTRONG%3E%3C%2FDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSPAN%3E%23Create%26nbsp%3Bthe%26nbsp%3BSQL%26nbsp%3BServer%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%24sqlServerParameters%26nbsp%3B%3D%26nbsp%3B%40%7B%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BResourceGroupName%26nbsp%3B%3D%26nbsp%3B%24sqlRG.ResourceGroupName%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BLocation%26nbsp%3B%3D%26nbsp%3B%24Location%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BServerName%26nbsp%3B%3D%26nbsp%3B%24SQLServerName%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BSqlAdministratorCredentials%26nbsp%3B%3D%26nbsp%3B%24SQLAdminCredentials%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%7D%3C%2FSTRONG%3E%3C%2FDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSTRONG%3E%24sqlServer%26nbsp%3B%3D%26nbsp%3BNew-AzSqlServer%26nbsp%3B%40sqlServerParameters%3C%2FSTRONG%3E%3C%2FDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSPAN%3E%23Create%26nbsp%3Bthe%26nbsp%3Bdatabase%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%24databaseParameters%26nbsp%3B%3D%26nbsp%3B%40%7B%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BResourceGroupName%26nbsp%3B%3D%26nbsp%3B%24sqlRG.ResourceGroupName%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BServerName%26nbsp%3B%3D%26nbsp%3B%24sqlServer.ServerName%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BDatabaseName%26nbsp%3B%3D%26nbsp%3B%24SQLDatabaseName%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BRequestedServiceObjectiveName%26nbsp%3B%3D%26nbsp%3B%22S0%22%26nbsp%3B%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BSampleName%26nbsp%3B%3D%26nbsp%3B%22AdventureWorksLT%22%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%7D%3C%2FSTRONG%3E%3C%2FDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSTRONG%3E%24database%26nbsp%3B%3D%26nbsp%3BNew-AzSqlDatabase%26nbsp%3B%40databaseParameters%3C%2FSTRONG%3E%3C%2FDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSPAN%3E%23Check%26nbsp%3Bthe%26nbsp%3BTDE%26nbsp%3Bsettings%26nbsp%3Band%26nbsp%3Bremove%26nbsp%3Bencryption%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%24tdeParameters%26nbsp%3B%3D%26nbsp%3B%40%7B%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BResourceGroupName%26nbsp%3B%3D%26nbsp%3B%24sqlRG.ResourceGroupName%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BServerName%26nbsp%3B%3D%26nbsp%3B%24sqlServer.ServerName%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BDatabaseName%26nbsp%3B%3D%26nbsp%3B%24database.DatabaseName%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%7D%3C%2FSTRONG%3E%3C%2FDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSTRONG%3EGet-AzSqlDatabaseTransparentDataEncryption%26nbsp%3B%40tdeParameters%3C%2FSTRONG%3E%3C%2FDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSPAN%3E%23Disable%26nbsp%3BTDE%26nbsp%3B(possibly%26nbsp%3Bto%26nbsp%3Bcheck%26nbsp%3Bthe%26nbsp%3Bperformance%20without%20TDE)%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3ESet-AzSqlDatabaseTransparentDataEncryption%26nbsp%3B%40tdeParameters%26nbsp%3B-State%26nbsp%3BDisabled%3C%2FSTRONG%3E%3C%2FDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSPAN%3E%23Enable%26nbsp%3BTDE%26nbsp%3B(now%26nbsp%3Bcheck%26nbsp%3Bthe%26nbsp%3Bperformance%26nbsp%3Bagain%20with%20TDE)%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3ESet-AzSqlDatabaseTransparentDataEncryption%26nbsp%3B%40tdeParameters%26nbsp%3B-State%26nbsp%3BEnabled%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CP%3ENow%20you%20have%20used%20the%20PowerShell%20to%20deploy%20a%20Database%20in%20Azure%20and%20TDE%20verified!%20Congratulations!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23Delete%20all%20resources%20(when%20you%20no%20longer%20need%20it)%3C%2FP%3E%3CDIV%3E%3CDIV%3E%3CSTRONG%3ERemove-AzResourceGroup%26nbsp%3B-Name%26nbsp%3B%24ResourceGroupName%26nbsp%3B-Force%3C%2FSTRONG%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20hope%20this%20article%20was%20useful.%20Best%20regards%2C%20Tom%20Wechsler%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EP.S.%26nbsp%3BAll%20scripts%20(%23PowerShell%2C%20Azure%20CLI%2C%20%23Terraform%2C%20%23ARM)%20that%20I%20use%20can%20be%20found%20on%20github!%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Ftomwechsler%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Ftomwechsler%3C%2FA%3E%3C%2FP%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E
MVP

 

Hi Azure friends,

I used the PowerShell ISE for this configuration. But you are also very welcome to use Visual Studio Code, just as you wish. Please start with the following steps to begin the deployment (the Hashtags are comments):

 

#The first two lines have nothing to do with the configuration, but make some space below in the blue part of the ISE

Set-Location C:\Temp
Clear-Host

 

#So that you can carry out the configuration, you need the necessary cmdlets, these are contained in the module Az (is the higher-level module from a number of submodules)

Install-Module -Name Az -Force -AllowClobber -Verbose

 

#Log into Azure
Connect-AzAccount

 

#Select the correct subscription

Get-AzContext

Get-AzSubscription

Get-AzSubscription -SubscriptionName "your subscription name" | Select-AzSubscription

 

#Prefix for resources
$prefix = "tw"
 
#Let's create a SQL DB that we will encrypt (never use secrets in code, but for this demo it's fine!)
$Location = "westeurope"
$id = Get-Random -Minimum 1000 -Maximum 9999
$ResourceGroupName = "$prefix-sql-$id"
$SQLServerName = "$prefix-sql-$id"
$SQLDatabaseName = "$prefix-sql-db"
$SQLAdmin = "sqladmin"
$SQLAdminPassword = ConvertTo-SecureString -String 'P@ssw0rd007!' -AsPlainText -Force
$SQLAdminCredentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $SQLAdmin,$SQLAdminPassword

#Now create a resource group
$sqlRG = New-AzResourceGroup -Name $ResourceGroupName -Location $Location

#Create the SQL Server
$sqlServerParameters = @{
    ResourceGroupName = $sqlRG.ResourceGroupName
    Location = $Location
    ServerName = $SQLServerName
    SqlAdministratorCredentials = $SQLAdminCredentials
}

$sqlServer = New-AzSqlServer @sqlServerParameters

#Create the database
$databaseParameters = @{
    ResourceGroupName = $sqlRG.ResourceGroupName
    ServerName = $sqlServer.ServerName
    DatabaseName = $SQLDatabaseName
    RequestedServiceObjectiveName = "S0" 
    SampleName = "AdventureWorksLT"
}

$database = New-AzSqlDatabase @databaseParameters

#Check the TDE settings and remove encryption
$tdeParameters = @{
    ResourceGroupName = $sqlRG.ResourceGroupName
    ServerName = $sqlServer.ServerName
    DatabaseName = $database.DatabaseName
}

Get-AzSqlDatabaseTransparentDataEncryption @tdeParameters

#Disable TDE (possibly to check the performance without TDE)
Set-AzSqlDatabaseTransparentDataEncryption @tdeParameters -State Disabled

#Enable TDE (now check the performance again with TDE)
Set-AzSqlDatabaseTransparentDataEncryption @tdeParameters -State Enabled
 

Now you have used the PowerShell to deploy a Database in Azure and TDE verified! Congratulations!

 

#Delete all resources (when you no longer need it)

Remove-AzResourceGroup -Name $ResourceGroupName -Force

 

I hope this article was useful. Best regards, Tom Wechsler

 

P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler

0 Replies