Search Knowledge Base
KB #240103: Log Shipping with Encryptionizer (driver v2010.201.10 and later)
Type:
Information
Summary:
Encryptionizer for SQL FIPS 140-2 Validated supports Log shipping using an AES algorithm with up to 256-bit level encryption. Follow the configuration instructions below to implement
Additional Information:
SQL Log shipping with AES 256-bit level encryption is supported using Encryptionizer 2012 for SQL – driver version 2010.201.10 or later.
If you have Encryptionizer versions 2007.101.15 to 2008.401.40 you will need to refer to article KB240072: Log Shiping with Encryptionizer (driver v2008.401.40 and earlier) Using the Admin Wizard on the primary machine:
- Add your database key(s) on the Enable Encryptionizer screen. It is recommended that you use AES-CBC or AES-ECB for your databases and backups. Add one additional key using the AES-CTR algorithm and note the Key number assigned in the list. This last key (Key N) will be assigned later for use with the shipping logs.
- Set the option to “Encrypt New Databases” or “Encrypt New Backups” or “Custom” on the Additional Options screen depending on what else you may wish to encrypt automatically upon creation.
- Choose the “Wizard” button to customize rules. Set Key N (from the step above) to be used with the shipping log file extension (*.trn , Include , 1). (If you need to also encrypt newly created databases and backups, see the Whole Database User Guide for more detailed instructions.)
Click Include to add the condition *.trn to the list, and then Save. Complete the rest of the Administration Wizard.
On the primary machine, using the Encrypt/Decrypt Wizard, encrypt the database files using an encryption key profile that matches one of the encryption keys set in the Admin Wizard (except Key N).
Set up the backup machine with the identical settings.
Related Topics:
240072: Log Shipping with Encryptionizer (driver v2008.401.40 and earlier)
Last modified: 4/1/2020