Setting Up a Microsoft SQL Server Cluster for TDE
When you set up a failover cluster, you will share the same Key Set and Cloud VM Set that you created for the primary VM.
-
Complete all of the previous steps to create and configure the primary VM of your SQL Server cluster.
-
Install and register the Policy Agent on your failover SQL Server VM.
Note: The failover VM must be registered to the same Cloud VM Set that you created for the primary VM.
-
Enable TDE on the failover SQL Server VM.
-
Create a database connector for the Failover SQL Server VM on the same Key Set that you used for the primary SQL Server VM. Use a name that indicates that this connection is to the failover VM, for example, tde_connect_failover.
-
Select the database connector that you just created, and select Actions > Generate Access Token.
On the Generate Access Token window, the new access token is created and displays both an identity and a secret. You will need to copy these to use when configuring the cryptographic provider.
-
Using the identity and secret that you copied when you generated the access token, create a credential file in json format. This file should have the same name and path that you used for the Primary SQL Server, for example, C:\Users\Administrator\sqlcred.conf. Please make sure that Windows did not add an extra .txt extension to the filename.
Copy{
"identity" : "<the identity copied from the access token>",
"secret" : "<the secret copied from the access token>"
}
At this point, you can use the Windows Failover Manager to failover to this node and check that all of your keys are visible.
