Microsoft SQL Server Extensible Key Management (EKM)
Microsoft SQL Server Extensible Key Management (EKM) provides data encryption capabilities. EKM integrates with the CipherTrust Manager for key storage and keys related cryptographic operations. This is a more secure solution because the encryption keys do not reside with encrypted data. SQL Server provides support for Transparent Data Encryption (TDE) and cell level encryption via EKM.
The advantages of integrating MSSQL Server with the CipherTrust Manager are as follows:
Additional security is provided by separation of administrative access. For example, the system can be set up so that Safenet ProtectApp Security Administrator can access only the keys, and the database administrator can access only the database.
Helps achieve PCI security standards.
Centralized storage and management of encryption keys.
Supported Product Versions
CipherTrust Manager
- CipherTrust Manager 2.0 and higher
MSSQL Server
MSSQL Server 2012
MSSQL Server 2014
MSSQL Server 2016
MSSQL Server 2017
MSSQL Server 2019 (CTP 2.4)
SafeNet ProtectApp MSSQL EKM Provider
- SafeNet ProtectApp MSSQL EKM Provider 8.4.0 and higher
Supported Algorithms and Key Size
Refer Supported Algorithms and Key Size
Prerequisites
Ensure that the CipherTrust Manager is installed and configured. For more details, refer to the CipherTrust Manager documentation.
Ensure that MSSQL EKM is installed and configured. Refer to the Microsoft Documentation for more information.
MSSQL EKM communicates with the CipherTrust Manager using the Network Attached Encryption (NAE)-XML Interface. Ensure that the NAE-XML interface is configured and the port configured on NAE-XML interface is accessible from EKM machine. Refer to the CipherTrust Manager Documentation for more details.
Steps for Integration
After completing the above steps, you can:
