However, not everyone will want to use SQL Clone against a live database, especially a production database. Fortunately, SQL Clone allows you to build an image from a backup file.
How does this work with a TDE-encrypted backup? Let’s take a look.
Building a data image from a TDE-protected database backup
The first step in building a SQL Clone database is to create an image. When I choose to create an image, I get this:
In the last article, we used a SQL Server database to create the image. In this one, let’s choose a backup. We’ll walk through the process of creating a data image from a TDE-protected backup, once creating the image on the same instance as the TDE-protected source database, and once creating the image on a separate instance.
Creating a data image on the same instance
First, we need to specify the backup location. I’ve previously added a folder, but you can easily click New Backup Location to pick a new one. This is a folder to which the SQL Clone Agent service has access.
Once I’ve specified the location, I need to specify a SQL Server instance, as SQL Clone needs to create a temporary database on this instance in order to restore the backup. In essence, the process of restoring the backup is what creates the data image. I’ll choose my SQL2016 named instance, which also hosts the source database.
The last item to specify is the backup file(s). Since a backup can span multiple files, I would need all the files listed here.
Now the form is filled, I click NEXT. I pick a destination for the image, which is a shared location that all of my SQL Clone agents can access.
Once I do this, I give the image a name and review my choices.
Click CREATE IMAGE and the image creation runs. As you can see, SQL Clone creates a temporary database on my instance in order to perform the restore:
The process completes, and I have an image. Adding a clone follows the same steps as described in the previous article, so I won’t go over them again here.
Creating a data image on a separate instance
What if we need to create a data image from a TDE-protected backup, but use a different instance for the restore process? In this case, I need to add a new backup location and associate this with a new instance.
To do this, I’ll click New Backup Location when I start to create a new image. I fill out the location and instance. I copied the same TDE-protected backup file that we used previously to this location.
Now we can use the backup file to create the image. I’ll select the same image location, and then enter the image name. My settings look the same as before, though this restore is using a different instance.
On this instance, however, I don’t have the certificate that protects my TDE database.
I would assume this means the restore can’t take place and therefore that the image won’t be created. So, what happens when I click CREATE IMAGE? As expected, I get a server thumbprint error.
This is expected behavior when restoring a TDE-encrypted backup. I need the server certificate in order to decrypt the DEK and then read my encrypted data. I’ll restore the certificate as I did in the first article. Once I do that, I’ll see my server certificate in master.
I can restart my image creation process, and this time it runs.
No error, my image is created, and I see it in my list in the dashboard.
I can then create clones from this new image, just as I did in the first article.
SQL Clone and TDE ‘just works’
TDE is a great feature that provides a layer of security. It’s fairly simple, and easy to implement. It is also easy to move TDE databases across servers, if you understand how to move a certificate.
As you can see, SQL Clone builds on the SQL Server platform, and integrates nicely with TDE, provided you have the certificates created on the instances where you need to build images or SQL Clone databases.
Also in Blog
The recent State of Database DevOps Report revealed that within two years, 80% of companies will adopt DevOps. That’s an interesting finding in itself, but the report also showed that 75% of compani...
Also in Database DevOps & DLM
Even with the right tooling, it can be tricky figuring out how to get an automated database deployment pipeline up and running. That's why each month we host an hour-long DevOps webinar with an end-to...
Also in Redgate products
Our goal is to show how to use SQL Compare Pro command line with PowerShell to automate the following processes:
Getting a new database into version control, or updating the object scripts in th...
Also about Database DevOps
Visual Studio 2017 is released today, and its new features like Live Unit Testing and configurable code style rules have already been grabbing the headlines. But inside the Visual Studio 2017 installe...
Also about SQL Clone
Competition time! To celebrate the launch of SQL Clone, we're giving away 25 Amazon Echo Dots and 5 SQL Clone licenses.
We had a bit of fun creating a skill for Alexa that provisions databases using ...