Many people who've played around with TDE seem to have had trouble with restoring a TDE database on an alternate server, and the confusion seems to stem primarily from the deep encryption heirarchy for TDE. It's not too hard, however, once you realize that you can ignore most of the stack. The lynchpin is the certificate that is just above the TDE database in the heirarchy. If you use the certificate backup option to export the certificate's private key and protect it by password, then you can restore the certificate to any instance of SQL Server of the same version or later. Once the certificate has been restored, you should also be able to restore the TDE database that was protected by that certificate.
I've attached a .zip with a detailed document and a T-SQL script to help you experiment with TDE. Here are the topics in the document:
Before you invest a lot of time with TDE, consider my standard lecture #8: Since there are many good alternatives to using TDE and since there are costs imposed by using TDE, it shouldn't be used unless there are specific reasons for which the alternatives are inadequate and the costs are justifiable. In practice, this means that TDE should rarely be implemented.
See Also:
http://blogs.technet.com/b/fort_sql/archive/2012/02/23/does-the-dod-stig-require-transparent-da...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.