What’s in Enterprise only? (Transparent Data Encryption)

Starting with version 2008, SQL Server solves the problem of protecting data at rest, encrypting databases both on the hard drive and consequently on backup media.

To benefit from this out of the box functionality though, you must be running the Enterprise edition (or a Developer Edition or an Evaluation Edition, both of which behave exactly like the Enterprise does. The only difference among them three is their licensing.). Not running an Enterprise edition and trying to create the database encryption key (through the CREATE DATABASE ENCRYPTION KEY DDL statement) necessary to later enable Transparent Data Encryption will raise error 33117 “Transparent Data Encryption is not available in the edition of this SQL Server instance. See books online for more details on feature support in different SQL Server editions.”

Errors also occur if a non-Enterprise edition instance of SQL attempts to startup a database (from a backup or from a set of files attached to the instance) which has TDE enabled.

In that case, the database startup process would fail to bring it online, the database will be marked suspect to indicate that something went wrong during startup, and will report error 33117 in the Application Event Log and in SQL Server’s ERRORLOG. The descriptive message for that error is “Transparent Data Encryption is not available in the edition of this SQL Server instance. See books online for more details on feature support in different SQL Server editions.” That error will be followed by error 933 “Database '%.*ls' cannot be started because some of the database functionality is not available in the current edition of SQL Server.”

This post is part of the a series I decided to call “Understanding the value of the Enterprise Edition, one feature at a time” which I started in September 2011 and will grow on a weekly basis, having a new post incorporated to the family every Friday.