共用方式為


SQL Server Connector Public Preview Update

A new update of the SQL Server Connector is available!

The SQL Server Connector is currently in public preview, and we’ve worked hard in the last few months to create a more lightweight and more secure SQL Server Connector. It no longer runs as a service, and we’ve simplified it down to a single DLL. Today, the newest version of the SQL Server Connector is available at the Microsoft Download Center.

For those not familiar with the SQL Server Connector, it enables SQL Server to use Azure Key Vault as an Extensible Key Management (EKM) Provider for its SQL encryption keys. This means that you can use your own encryption keys and protect them in Azure Key Vault, a cloud-based external key management system which offers central key management, leverages hardware security modules (HSMs), and allows separation of management of keys and data, for additional security. This is available for the SQL encryption keys used in Transparent Data Encryption (TDE), Column Level Encryption (CLE), and Backup encryption.

When using these SQL encryption technologies, your data is encrypted with a symmetric key (called the database encryption key) stored in the database. Traditionally (without Azure Key Vault), a certificate that SQL Server manages would protect this data encryption key (DEK). With Azure Key Vault integration for SQL Server through the SQL Server Connector, you can protect the DEK with an asymmetric key that is stored in Azure Key Vault. This way, you can assume control over the key management, and have it be in a separate key management service outside of SQL Server.

Encryption Key Hierarchy - traditional vs with Azure Key Vault

 

 

 

 

 

 

 

 

 

 

The SQL Server Connector is available to SQL Server and SQL IaaS users. For SQL Server on-premises scenarios, it can be downloaded while following the set up for Azure Key Vault for SQL Server as described in the Setup Steps for Extensible Key Management Using the Azure Key Vault. For SQL IaaS scenarios, the SQL Server Connector can be installed through the Azure Key Vault integration feature, which automates much of the configuration for accessing Azure Key Vault through SQL Server in an Azure VM.

The SQL Server Connector for Microsoft Azure Key Vault is available for all Enterprise versions of SQL Server starting with 2008/2008 R2 through the recently released version of 2016.

Learn more about the SQL Server Connector on the following MSDN pages:

Tell us what you think about the SQL Server Connector! We’ll be listening on: