Are you talking about encryption of the SQL Server database? Transparent Data Encryption (TDE), introduced in SQL Server 2008, should be just that, transparent to the application. Not used it myself, and would obviously heavily caveat that with, test yourself, speak directly to Snow for an official statement, etc, but see no reason why it wouldn't work.
So we went through this a few months back, the database cannot be encrypted, because the end user application (SLM GUI, Inventory Server) cannot read the data.
You'd have to encrypt the file system, but not the database, as there's nowhere in Snow to add in the encryption keys for Snow to then read the data. :-)
The method of just encrypting the database, no version supports it at the moment
TDE may work as mentioned by @Colin Hardie​, but it would be worth checking with Snow if this is 'supported' or if it would cause issues down the line on your actual support contract with Snow
Hi,
Snow was contacted and the response was:
We can encrypt data in SQL.
https://community.flexera.com/s/article/TechnicalDescriptionSecurityConsiderationsinSnowLicenseManagerandSnowInventory
If you need more the sales teams, can talk to presales and figure out what are you looking to have encrypted.
Can encrypt data in SQL in SQL (encryption at rest) enterprise version of SQL only
This does make any trouble shooting harder as all the results will have *** for IP, computer name, things like this.
Also, you will lose the ability to do 'named' user license as it will nave not names.
​
Regards,
Greg Rigby
Well the line 'Can encrypt data in SQL in SQL (encryption at rest) enterprise version of SQL only' does sound like TDE, so that's good, sounds like it's supported/supportable but I would press the point just to make sure. Incidentally, TDE is available from SQL Server 2008+ Enterprise but from SQL Server 2019 it is also included in Standard Edition.
Regarding the statement around "This does make any trouble shooting harder as all the results will have *** for IP, computer name, things like this.", I think they are conflating encryption with anonymisation. From the documentation you link to, you have the option to...
Was it TDE that you looked at? From my reading of this, it looks like no changes to application layer is required...
I know there is also Always Encrypted that was introduced in SQL Server 2016, that appears to requires changes to how the application accesses the data, was this maybe what you were looking at?
Hi Gregory,
Are you talking about encryption of the SQL Server database? Transparent Data Encryption (TDE), introduced in SQL Server 2008, should be just that, transparent to the application. Not used it myself, and would obviously heavily caveat that with, test yourself, speak directly to Snow for an official statement, etc, but see no reason why it wouldn't work.
Hi,
Thanks, I believe this is the answer.
Hey,
So we went through this a few months back, the database cannot be encrypted, because the end user application (SLM GUI, Inventory Server) cannot read the data.
You'd have to encrypt the file system, but not the database, as there's nowhere in Snow to add in the encryption keys for Snow to then read the data. :-)
Hey Gregory,
The method of just encrypting the database, no version supports it at the moment
TDE may work as mentioned by @Colin Hardie​, but it would be worth checking with Snow if this is 'supported' or if it would cause issues down the line on your actual support contract with Snow
Well the line 'Can encrypt data in SQL in SQL (encryption at rest) enterprise version of SQL only' does sound like TDE, so that's good, sounds like it's supported/supportable but I would press the point just to make sure. Incidentally, TDE is available from SQL Server 2008+ Enterprise but from SQL Server 2019 it is also included in Standard Edition.
Regarding the statement around "This does make any trouble shooting harder as all the results will have *** for IP, computer name, things like this.", I think they are conflating encryption with anonymisation. From the documentation you link to, you have the option to...
Hi Laim,
Was it TDE that you looked at? From my reading of this, it looks like no changes to application layer is required...
I know there is also Always Encrypted that was introduced in SQL Server 2016, that appears to requires changes to how the application accesses the data, was this maybe what you were looking at?
Hey Colin,
We didn't do a lot of work into it because it was more of a 'is it possible, y/n', but this is what we got from Snow back in August
*Excuse the yellow highlight, I had to search for it in my inbox lol