Data security in Windows Server 2008

Data security is a key requirement in any data service solution, and Windows Server 2008 and SQL Server 2008 combine to provide an end-to-end data protection through a powerful collection of cryptographic technologies.

Windows Server 2008 relies on built-in IP security (IPSEC) support to provide encrypted data transfer over a network connection. Windows Server 2008 provides an enhanced IPSec execution that simplifies configuration and lowers administrative costs.

Ntfs:

Compression features: includes the ability to compress or decompress drives, folders, or specific files.

File encryption: It greatly enhances security.

Better scalability: Partitioning an NTFS partition is much larger than a FAT partition, and when the partition size increases, the performance of NTFS does not degrade, and in this case FAT performance degrades.

Restore log logging of disk activity: it allows NTFS to recover information as quickly as possible when a power outage or other system problem occurs. The installation of domain controllers and Active Directory requires the use of NTFS.

Remote Storage expands disk space by making removable media, such as tapes, accessible.

Disk quotas: Can be used to monitor and control the amount of disk space used by individual users.

Windows Server 2008, which supports NTFS for transactions, allows all operations in the NTFS file system to be controlled in one transaction, allowing the operating system service to be added to a transaction through the new Kernel transaction manager.

The Server 2008 FILESTREAM data type enables large binary data, such as documents and pictures, to be stored directly in an NTFS file system; Documents and pictures are still the main components of the database and maintain transactional consistency.

FILESTREAM enables traditional database-managed large binary data to be stored outside the database as separate files, which can be accessed by using an NTFS streaming API. Use the NTFS streaming API to enable normal file operations to execute efficiently, while providing all the rich database services, including security and backup.

The NTFS of the transaction can also communicate with Ms DTC (distributed Transaction Center). This allows the application to be made up of database calls, as well as the operation of the file system (such as a document management system). This transaction capability is based on the SMB 2.0 (Server message Module) protocol, so a distributed file operation can be included in a transaction.

TDE:

Transparent data encryption (TDE) in SQL Server 2008, you can choose to use cell-level encryption as in SQL Server 2005, either using TDE for full database-level encryption or file-level encryption provided by Windows.

It is designed to provide static protection for the entire database without affecting existing applications. Encrypting a database traditionally involves complex application changes, such as modifying table schemas, removing functions, and noticeable performance degradation.