SQL Server Management Studio improvements for Always Encrypted

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

A couple of months ago we released a new version of the Always Encrypted Wizard that now supports secure enclaves and in-place encryption. With the new release of SSMS 19.2 we introduced a bunch of extra performance improvements and a big Always Encrypted Wizard enhancement. In this blog post I’m going to give you an overview of the new wizard capability and the performance improvements.

 

Always Encrypted Wizard – Enable Secure Enclaves

We made the wizard smart! When your database is not configured with a secure enclave, the wizard will give you the opportunity to enable a secure enclave. Using an enclave enables you to run cryptographic operations in-place, without moving data out of the database. We strongly recommend you enable a secure enclave to improve the performance of the initial encryption.

To enable the secure enclave, simply click the “Enable Secure Enclaves” button.

 

PieterVanhove_1-1701334987391.png

 

This will only take a couple of seconds to enable a VBS enclave on the database.

 

PieterVanhove_2-1701335016675.png

 

 

Performance Improvements

DacFx

While testing a very simple Always Encrypted scenario, encrypting 1 record with the wizard, we noticed that DacFx sends 3000+ T-SQL calls to the database. Out of these calls only 2-3% were unique statements. These commands not only unnecessarily overload the SQL Server, but it also added considerable delay in the overall encryption process.

 

We have optimized the repeating T-SQL calls and improved the encryption and decryption process with approximately 20%!

 

SSMS and Wizard Fixes

We also made some bug fixes in SSMS that were reported to us.

  • SSMS wizard fails if randomly encrypted columns already exist with and index.
  • SSMS should not allow the user to Encrypt Columns of a database that is not in an online state.
  • Cancelling the AE wizard/Set-SqlColumnEncryption cmdlet does not delete temporary tables.
  • The table owner is changed after encryption.
  • Encryption of computed columns should not be allowed.

 

Next Steps

Download the latest SQL Server Management Studio
Configure column encryption using Always Encrypted Wizard - SQL Server | Microsoft Learn
Tutorial: Getting started with Always Encrypted - SQL Server | Microsoft Learn

 

We’d love to hear your feedback – please contact us at alwaysencryptedpg@microsoft.com

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.