Once the Database Mirroring is configured, one or more Utimaco HSMs can be used along with the internal/external keystore. For illustration purposes, one HSM is configured in this SQL Server Database Mirroring configuration.
To configure the EKM Provider on the cluster nodes, refer to the section on Enable Extensible Key Management.
The Keys can be used from the internal keystore or the external keystore; for creating keys, refer to the section Creating Keys.
RSA algorithm is not supported in FIPS mode.
-
On the Principal Server Instance, use the Mirrored Database for creating keys using Utimaco HSMs.
-
Create an asymmetric key in the
TestDB1database.
USE TestDB1;
GO
CREATE ASYMMETRIC KEY tdekey
FROM PROVIDER utimaco
WITH ALGORITHM = RSA_2048, PROVIDER_KEY_NAME = 'tdekey',
CREATION_DISPOSITION=CREATE_NEW;
GO
-
Insert the data into the table.
USE TestDB1
GO
CREATE TABLE Customers (FirstName varchar (MAX), SecondName varchar(MAX),
CardNumber varbinary(MAX));
GO
INSERT INTO Customers (FirstName, SecondName, CardNumber)
VALUES ('Iain', 'Hood', ENCRYPTBYASYMKEY (ASYMKEY_ID('RSA2048Key'),
'2048204820482048'));
GO
-
The Key and Database are created in the Principal Server using the Utimaco HSM. The data is synchronized automatically in the Mirror Server.