Configuring CAKM for Microsoft SQL Server EKM Provider
To configure the CAKM for Microsoft SQL Server EKM Provider in the Microsoft SQL Server database:
Update the Configuration File
Edit the cakm_mssql_ekm.properties file present in the installation directory and add property VKM_mode with a default value no.
Before proceeding with other steps,ensure that, the NAE_IP and Log_File parameters are set in the cakm_mssql_ekm.properties file.
Note
After any changes in the cakm_mssql_ekm.properties file, restart the Microsoft SQL Server Service.
Enabling EKM in Your Microsoft SQL Server Database
To enable EKM, execute the following query on the Microsoft SQL Server.
sp_configure 'show advanced options', 1;
RECONFIGURE;
sp_configure 'EKM provider enabled', 1;
RECONFIGURE;
Note
Only the users with the sysadmin or serveradmin privileges can execute the sp_configure query to change the server configuration. Whereas, the other users can run this command only to view the server configuration.
Loading the provider DLL
Note
Only the users with the sysadmin privileges can load the DLL.
To load the DLL, execute the following query. This will create a new cryptographic provider named <cakm_ekm_provider_name>.
CREATE CRYPTOGRAPHIC PROVIDER <cakm_ekm_provider_name>
FROM FILE = '<Installation_Directory>\CipherTrust\CAKM For SQLServerEKM\cakm_mssql_ekm.dll'
Configuring EKM Logs
EKM logs are generated at the file location mentioned in the MS_Sql_Ekm_Log property.
The default path is C:\EKM\EKMSql.log.
You can update the file location where you want EKM logs to be generated. For example:
MS_Sql_Ekm_Log = <log_file_path>
You can configure separate log files for different database instances.
