Understanding DbDefence with SQL Server cluster

DbDefence can be used on clustered servers.

Installation

DbDefence has to be installed on each node of the cluster. Each node of the cluster requires a license. Installation is the same for Failover and AlwaysOn High Availability clusters.

1. Install DbDefence on the active node.

2. Activate the DbDefence license.

3. Failover to second node and install DbDefence on the second node.

4. Activate the DbDefence license.

Database encryption with AlwaysOn High Availability

The following assumes that you have working database.

1. Install DbDefence on both nodes.

2. To encrypt the database, you need to temporarily remove it from HA group on the active node:

ALTER AVAILABILITY GROUP [TestGroup] REMOVE DATABASE [TestDB]

3. Encrypt the database on the active node.

4. Return the database to the HA group:

ALTER AVAILABILITY GROUP [TestGroup] ADD DATABASE [TestDB]

5. Failover to the second node. Manual failover requires SYNCHRONOUS_COMMIT mode. More about planned failover here.

6. Remove the database from HA group.

7. Encrypt the database.

8. Return the database to the HA group.

Database encryption with Failover cluster

1. Connect to the active node and encrypt the database.