i'm going to be upgrading two Instances to Enterprise and thenI'm going to be installing TDE on two sides of a Windows Cluster. All of the databases are on one storage device and whichever Instance is active accesses the databases from that server.
After I install TDE and encrypt the databases my users will test. If successful, I'll fail over to the secondary and upgrade it to Enterprise and then install the certificate and key.
My question is, will there be a problem with that secondary Instance since it won't have Enterprise installed yet or the certificate and key?
I hope I've provided enough information and thank you all in advance for any help you can provide.
Thomas
Best Answer
Several versions of SQL Server do not let you upgrade a Standard CLUSTERED installation of SQL Server to Enterprise. Are you sure you can do this in your environment? To clarify: If you are already clustered, upgrading to enterprise is not supported in many scenarios. Secondly, TDE is a enterprise edition option. You're not going to get to failover and test it without being on enterprise, but maybe 2016 enabled it for STD edition, I haven't heard of that though. Have you tested this solution yet with your team?
At the bottom of the MS supported upgrade scenario's it reads in the :
Supported Version and Edition Upgrades
The documentation makes it look like you can until you get to the end and read that tiny snippet.
As far as TDE goes, it depends on how you do it. In my implementation, the master key is encrypted by the Windows DPAPl (I think that's the right acryonym) service, but then the generated key is in the Master DB that gets moved between nodes as you stated on the database instance level.