Hi as i try to find document only find it on mssql on-premise.
Can be commvault backup azure sql with tde feature ?
Thank you to much.
https://documentation.commvault.com/2023e/expert/back_up_sql_server_data.html
Answer
Commvault backup azure sql with tde mode.
+2Best answer by Sunil
Hi
Is this Service-managed TDE or customer-managed TDE? Service-managed TDE is not supported. This is a restriction from Microsoft. Only customer-managed TDE is supported and the customer needs to make sure the encryption key is available for restores later.
Copy-only backups - SQL Server | Microsoft Learn
In Azure SQL Managed Instance, copy-only backups can't be created for a database encrypted with service-managed Transparent Data Encryption (TDE). Service-managed TDE uses internal key for encryption of data, and that key can't be exported, so you couldn't restore the backup anywhere else. Consider using customer-managed TDE instead to be able to create copy-only backups of encrypted databases, but make sure to have encryption key available for later restore.
If it is Azure SQL, it’s transparent to us from backup perspective. Though the Database is TDE encrypted, the exported BACPAC files are not encrypted.
When you export a TDE-protected database, the exported content of the database isn't encrypted. This exported content is stored in unencrypted BACPAC files. Be sure to protect the BACPAC files appropriately and enable TDE after import of the new database is finished.
Thanks,
Sunil-
+13- Vaulter
- Answer
Hi
Is this Service-managed TDE or customer-managed TDE? Service-managed TDE is not supported. This is a restriction from Microsoft. Only customer-managed TDE is supported and the customer needs to make sure the encryption key is available for restores later.
Copy-only backups - SQL Server | Microsoft Learn
In Azure SQL Managed Instance, copy-only backups can't be created for a database encrypted with service-managed Transparent Data Encryption (TDE). Service-managed TDE uses internal key for encryption of data, and that key can't be exported, so you couldn't restore the backup anywhere else. Consider using customer-managed TDE instead to be able to create copy-only backups of encrypted databases, but make sure to have encryption key available for later restore.
If it is Azure SQL, it’s transparent to us from backup perspective. Though the Database is TDE encrypted, the exported BACPAC files are not encrypted.
When you export a TDE-protected database, the exported content of the database isn't encrypted. This exported content is stored in unencrypted BACPAC files. Be sure to protect the BACPAC files appropriately and enable TDE after import of the new database is finished.
Thanks,
Sunil-
+13- Vaulter
Hi Sunil, Thank you very much.
Hi
Just so you’re aware, we have added an enhancement to switch to DacFX based export automatically when a SQL Managed instance database is TDE encrypted with System managed keys. You may visit this doc link to if you would like.
https://documentation.commvault.com/11.42/software/configure_backups_for_tde_protected_database.html
Thanks,
Sunil-
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.