Please Note:

Administration
Quick Start
Additional Deployment Methods
- Install CDP on a SQL Server node configured with availability group
- Install multiple meta-databases on a single SQL instance
- Install CDP on a passive machine in a SQL Server cluster
  - Install CDP on a passive machine in a SQL Server cluster
  - Manually install CDP on a passive node in SQL Server cluster
Tasks
- Encrypt a column
- Decrypt a column
- Re-encrypt data with new key
- Configure column-level encryption settings
- Set encryption parameters for multiple columns
- Delete data after encryption or decryption
- Delete views and triggers
- Recreate view and triggers
- Altering encrypted tables
  - Add unencrypted column
  - Add column to encrypt
  - Delete decrypted column
  - Delete encrypted column
  - Resize unencrypted column
  - Resize an encrypted column
  - Grant/revoke table and column permissions
- Upgrade CDP
  - Upgrade CDP in clustered environment
  - Upgrade a standalone CDP
- Uninstall CDP
- Upgrade database version
- Obscure Password
- View job history
- Export keys from CipherTrust Manager
- Fast search on encrypted data
- Map database user or role to CipherTrust Manager user
- Configure SSL connection
Advanced Topics
- Planning Encryption
  - Standard Encryption
  - Format Preserving Encryption
- Encryption Flow
- Key caching
- Configuration Parameters
  - Network Configuration Parameters
  - Connection Configuration Parameters
  - Local Encryption Configuration Parameters
  - Logging Parameters
  - SSL Configuration Parameters
  - SQL Server Specific Configuration Parameters
- Tables and Views
- Database Objects
  - UDFs for Standard Encryption
  - UDFs for FPE
  - Examples of Direct UDFs Calls
- Sample for setting encryption parameters for multiple columns
- User Mapping
- Error Replacement
- Limitations
Tips and Best Practices
Troubleshooting
FAQs

CDP for MSSQL
Administration

Administration

Overview

The goal of deploying CipherTrust Database Protection (CDP) is to retrofit existing databases so that security can be provided by encrypting and decrypting the data flowing into and out of databases. Deployment starts with encrypting existing databases - a process called data migration.

Data migration is the process of encrypting existing column(s). It also involves altering existing tables so that they can store the resulting ciphertext, and creating views and triggers so that existing applications can seamlessly and automatically encrypt new data and request decrypted data when needed.

CDP ensures various levels of security to protect your data from unauthorized users. Once the data is migrated, users and applications must have permission to send a request from the database to the Key Manager and they must have permission to access the encryption key. If either of these conditions is not met, then the sensitive data is not accessed.

How it Works

Consider an online retailer that stores sensitive customer data in plaintext in its database. The retailer’s applications write customer information, such as credit card numbers, directly to a database and read the plaintext values when needed. The data is stored in plaintext on the database for anyone to access.

No Encryption

To secure the data, the retailer installs CDP and migrates the data. Now, when an authorized application wants to write a credit card number to an encrypted column, CDP automatically sends the credit card number to the CipherTrust Manager for encryption. The CipherTrust Manager encrypts the value and returns the resulting ciphertext. The database writes the ciphertext to the column.

Database Encryption

Supported Platforms

CDP for MSSQL supports all the versions of Windows operating systems that are supported by the database.

Supported Database Versions

CDP for MS SQL Server is supported on a number of databases and in a number of Windows environments. CDP supports the following SQL Server versions:

SQL Server 2014
SQL Server 2016
SQL Server 2017
SQL Server 2019
SQL Server 2022

Compatibility with CipherTrust Manager

When using CDP 8.12.2 or higher with CipherTrust Manager 2.15 or lower, if a user mapping is added or updated, you must execute the pdbctl utility command migrateusermap. This makes the added/updated user mapping compatible with the CipherTrust Manager. Refer to Migrate user mappings for details.

Suggest A Change

Administration

Overview

How it Works

Supported Platforms

Supported Database Versions

Compatibility with CipherTrust Manager

On this page