Can anyone give me some tips on enabling encryption on an active/active
cluster? the particulars as I understand them:
1. Encryption is enabled on each node, and
2. Each nodes encryption is based on a certificate from Certificate
services
3. Certificate services that must be installed on the node
4. and the certificate is tied to the node name
5. After failover, decryption for the newly acquired resources would fail
because the certificate would not be valid.
What am i missing?
Our situation is that we have various columns spread throughout our
databases that need to be encrypted (they may contain SSN's for example).
We don't intend to encrypt entire tables or databases.
Thanks for your ideas!
You need to have the certificate issued to the FQDN of the virtual server
and install it on all nodes. Then the service master key gets encrypted
with that cert and the rest of the chain works just fine.
Geoff N. Hiten
Senior Database Administrator
Microsoft SQL Server MVP
"Steve" <steve.schneider1@.comcast.net> wrote in message
news:unuv%23spVHHA.4028@.TK2MSFTNGP04.phx.gbl...
> Can anyone give me some tips on enabling encryption on an active/active
> cluster? the particulars as I understand them:
> 1. Encryption is enabled on each node, and
> 2. Each nodes encryption is based on a certificate from Certificate
> services
> 3. Certificate services that must be installed on the node
> 4. and the certificate is tied to the node name
> 5. After failover, decryption for the newly acquired resources would fail
> because the certificate would not be valid.
> What am i missing?
> Our situation is that we have various columns spread throughout our
> databases that need to be encrypted (they may contain SSN's for example).
> We don't intend to encrypt entire tables or databases.
> Thanks for your ideas!
>
Tuesday, March 20, 2012
Active/Active Cluster Encryption
Labels:
active,
activecluster,
cluster,
database,
enabled,
enabling,
encryption,
microsoft,
mysql,
oracle,
particulars,
server,
sql,
them1
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment