Migrate SQL server to TDE encrypted location
Step-by-step guide
- Set up TDE
- Install TDE client
- Create a smartpoint to the database location on disk
- The SQL Smartpoint must allow these apps encrypt/decrypt permission. Other applications may be necessary depending on the environment.
- C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlsrvr.exe
- C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlagent.exe
- C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\ReportingServicesService.exe
- C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\msmdsrv.exe
- C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\AccessToSql.exe
- C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\DatabaseMail.exe
- C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLMaint.exe
- The SQL Smartpoint must allow these apps encrypt/decrypt permission. Other applications may be necessary depending on the environment.
- Move a MS SQL database to a new location. To move a SQL server database, the database must be detached, then the files must be moved to a new location and then the database can be attached again.
Change the file locations with an ALTER DATABASE command:
SQLUSE master; --do this all from the master ALTER DATABASE foo MODIFY FILE (name='DB_Data1' ,filename='X:\NewDBFile\DB_Data1.mdf'); --Filename is new location
Note
Changes to the path do take effect immediately but will be applied the next time the database starts.
Take the database offline. Using WITH ROLLBACK IMMEDIATE will disconnect all users and roll back all currently open transactions:
SQLALTER DATABASE foo SET OFFLINE WITH ROLLBACK IMMEDIATE;
Copy the files to the new location using your
CODECOPY C:\sqlfiles\DB_Data1.mdf X:\NewDBFile\DB_Data1.mdf
Do not use any “Move” functions to copy the database files to their new location or transparent disk encryption will not be applied.
Bring the database online.
SQLALTER DATABASE foo SET ONLINE;