It performs real-time I/O encryption and decryption of the data and log files, that is the entire database. For achieving that, it uses a database encryprion key stored in the database boot record.
A derived benefit of TDE is that whenever a database using TDE is backed up, the backup set is also encrypted.
All of the above provide significant data security in SQL Server 2008.
The procedure for encrypting a database is provided below by T-SQL Code example:
--Step 1: Create a Master Key
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'password_goes_here';
--Step 2: Create or obtain a certificate protected by the master key
CREATE CERTIFICATE MyServerCert WITH SUBJECT = 'MyCertificate'
--Step 3: Create a database encryption key and protect it by the certificate
CREATE DATABASE ENCRYPTION KEY
WITH ALGORITHM = AES_128
ENCRYPTION BY SERVER CERTIFICATE MyServerCert
--Step 4: Set the database to use encryption
ALTER DATABASE [DATABASE_NAME]
SET ENCRYPTION ON
After the above are performed, the database will enter the "Encrypted" state.
1 (Important SQL Server 2008 notice regarding TDE). When enabling TDE, you should immediately back up the certificate and the private key associated with the certificate . This is absolutely necessary when trying to restore or attach the encrypted database on another server because you will need to use these keys and certificates. In the opposite case the database will not be accessible. Additionally the encrypting certificate should be retained even if TDE is no longer enabled on the database as it may need to be accessed for some operations.
2. Steps 3 and 4 can be performed from within SQL Server 2008 Management Studio by right-clicking on the database and selecting Tasks --> Manage Database Encryption.
3. Note that four encryption are currently provided:
4. The entire TDE on a database is completely transparent to the user as it is performed in the background and on the fly.
More information regarding Transparent Data Encryption in SQL Server 2008 can be found in the following link.