Live SQL DB Migration to TDE encrypted databases

One of the main uses of TDE is to protect SQL databases with transparent encryption.


Please make sure to involve a database administrator when protecting SQL Server.

  1. Make sure the SQL storage location has enough storage (Free space at least = 100% more than the largest database (.mdf) file)

  2. Install TDE Manager

  3. Install TDE Client

  4. STOP SQL <instructions>

    1. Install TDE client 

    2. Create a smartpoint to the database location on disk

      1.  The SQL Smartpoint must allow these apps encrypt/decrypt permission. Other applications may be necessary depending on the environment.

        1. C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
        2. C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlagent.exe
        3. C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\ReportingServicesService.exe
        4. C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\msmdsrv.exe
        5. C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\AccessToSql.exe
        6. C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\DatabaseMail.exe
        7. C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLMaint.exe
  5. START SQL