Ócáid
Mar 31, 11 PM - Apr 2, 11 PM
An ócáid foghlama SQL, Fabric and Power BI is mó. Márta 31 – 2 Aibreán. Bain úsáid as cód FABINSIDER chun $ 400 a shábháil.
Cláraigh inniuExtensible Key Management Using Azure Key Vault (SQL Server)
Applies to: 
SQL Server
The SQL Server Connector for Microsoft Azure Key Vault enables SQL Server encryption to use the Azure Key Vault service as an Extensible Key Management (EKM) provider to protect SQL Server encryption keys.
This topic describes the SQL Server connector. Additional information is available in Setup Steps for Extensible Key Management Using the Azure Key Vault, Use SQL Server Connector with SQL Encryption Features, and SQL Server Connector Maintenance & Troubleshooting.
SQL Server provides several types of encryption that help protect sensitive data, including Transparent Data Encryption (TDE), Column Level Encryption (CLE), and Backup Encryption. In all of these cases, in this traditional key hierarchy, the data is encrypted using a symmetric data encryption key (DEK). The symmetric data encryption key is further protected by encrypting it with a hierarchy of keys stored in SQL Server. Instead of this model, the alternative is the EKM Provider Model. Using the EKM provider architecture enables SQL Server to protect the data encryption keys by using an asymmetric key stored outside of SQL Server in an external cryptographic provider. This model adds an additional layer of security and separates the management of keys and data.
The following image compares the traditional service-manage key hierarchy with the Azure Key Vault system.
The SQL Server Connector serves as a bridge between SQL Server and Azure Key Vault, so SQL Server can leverage the scalability, high performance, and high availability of the Azure Key Vault service. The following image represents how the key hierarchy works in the EKM provider architecture with Azure Key Vault and SQL Server Connector.
Azure Key Vault can be used with SQL Server installations on Microsoft Azure Virtual Machines and for on-premises servers. The key vault service also provides the option to use tightly controlled and monitored Hardware Security Modules (HSMs) for a higher level of protection for asymmetric encryption keys. For more information about the key vault, see Azure Key Vault.
The following image summarizes the process flow of EKM using the key vault. (The process step numbers in the image are not meant to match the setup step numbers that follow the image.)
Nóta
Versions 1.0.0.440 and older have been replaced and are no longer supported in production environments. Upgrade to version 1.0.1.0 or later by visiting the Microsoft Download Center and using the instructions on the SQL Server Connector Maintenance & Troubleshooting page under "Upgrade of SQL Server Connector."
For the next step, see Setup Steps for Extensible Key Management Using the Azure Key Vault.
For use scenarios, see Use SQL Server Connector with SQL Encryption Features.
Acmhainní breise
Oiliúint
Deimhniú
Microsoft Certified: Azure Database Administrator Associate - Certifications
Administer an SQL Server database infrastructure for cloud, on-premises and hybrid relational databases using the Microsoft PaaS relational database offerings.
Doiciméadúchán
-
Use SQL Server Connector encryption with Azure Key Vault - SQL Server
Learn how to use the SQL Server Connector with common encryption features such as TDE, encrypting backups, and column level encryption using Azure Key Vault.
-
Set up Transparent Data Encryption (TDE) Extensible Key Management with Azure Key Vault - SQL Server
Install and configure the SQL Server Connector for Azure Key Vault.
-
Enable TDE on SQL Server Using EKM - SQL Server
Enable transparent data encryption in SQL Server to protect a database key by using an asymmetric key in an extensible key management module with Transact-SQL.