Encryption and Mirroring

DbDefence can be used on mirrored databases. You may encrypt both databases: on principal and on mirror server. Or one of them. Encryption works independently.

Principal Server

To encrypt the database on principal server (the database to be mirrored) you need to break the mirror first. It is required because encryption process needs to take the database offline, but SQL Server does not allow that for the mirrored database.

Steps to encrypt mirrored database on Principal Sserver:

1. Stop mirroring for the database.

2. Encrypt the database.

3. Backup the database. You need this to setup mirroring. If you don't plan to encrypt the mirror, create unencrypted backup.

Mirror Server

4. Drop the mirror database.

5. Create empty database and encrypt it with the same password as the source.

6. Restore the database from encrypted backup (with WITH NORECOVERY option as required for mirroring).

Setting up mirroring on Principal Server

If your favorite tool to manage database is SSMS, then provide access for SSMS to the encrypted database. If you prefer SQL, then just unlock access to encrypted database with the following query:

OPEN SYMMETRIC KEY dbdx DECRYPTION BY PASSWORD='MyPassword'

then run SQL script to setup a mirror.