Configuring CAKM for Microsoft SQL Server EKM Provider
To configure the CAKM for Microsoft SQL Server EKM Provider in the Microsoft SQL Server database:
Update the Configuration File
Edit the cakm_mssql_ekm.properties
file present in the installation directory and add property VKM_mode
with a default value no
.
Before proceeding with other steps,ensure that, the NAE_IP
and Log_File
parameters are set in the cakm_mssql_ekm.properties
file.
After any changes in the cakm_mssql_ekm.properties
file, restart the Microsoft SQL Server Service.
Enabling EKM in Your Microsoft SQL Server Database
To enable EKM, execute the following query on the Microsoft SQL Server.
sp_configure 'show advanced options', 1;
RECONFIGURE;
sp_configure 'EKM provider enabled', 1;
RECONFIGURE;
Only the users with the sysadmin or serveradmin privileges can execute the sp_configure
query to change the server configuration. Whereas, the other users can run this command only to view the server configuration.
Loading the provider DLL
• Only the users with the sysadmin privileges can load the DLL.
To load the DLL, execute the following query. This will create a new cryptographic provider named <cakm_ekm_provider_name>
.
CREATE CRYPTOGRAPHIC PROVIDER <cakm_ekm_provider_name>
FROM FILE = '<Installation_Directory>\CipherTrust\CAKM For SQLServerEKM\cakm_mssql_ekm.dll'
Configuring EKM Logs
EKM logs are generated at the file location mentioned in the MS_Sql_Ekm_Log
property.
The default path is C:\EKM\EKMSql.log
.
You can update the file location where you want EKM logs to be generated. For example:
MS_Sql_Ekm_Log = <log_file_path>
You can configure separate log files for different database instances.