Windows Server 2008 Data Security Protection

Data security is a key requirement in any data services solution, and Windows Server 2008 and SQL Server 2008 combine to provide an end-to-end data protection through a powerful set of encryption-based technologies.

Windows Server 2008 relies on built-in IP Security (IPSec) support to provide encrypted data transfer over a network connection. Windows Server 2008 provides an enhanced IPSec implementation that simplifies configuration and reduces administrative overhead.

Compression: Includes the ability to compress or decompress drives, folders, or specific files.

File Encryption: It greatly enhances security.

Better scalability: Partitioning NTFS partitions is much larger than FAT partitions. When partition size increases, NTFS performance does not decrease, and in this case FAT performance is degraded.

Logging for recovery disk activity: It allows NTFS to recover information as soon as possible after a power outage or other system problem. NTFS is required to install domain controllers and Active Directory.

Remote Storage: Extends disk space by making removable media (such as tape) more accessible.

Disk Quota: Can be used to monitor and control the amount of disk space used by a single user.

Windows Server 2008, NTFS for transactions, allows all operations in the NTFS file system to be controlled in a single transaction, allowing the operating system services to join a transaction through the new kernel transaction manager.

Server 2008 The FILESTREAM data type allows large binary data, such as documents and images, to be stored directly into an NTFS file system; documents and images are still a major part of the database and maintain transactional consistency.

FILESTREAM allows traditional large database-managed binary data to be stored as separate files outside of the database, which can be accessed using an NTFS streaming API. Use the NTFS Streaming API to enable normal file operations to be performed efficiently, while providing all the rich database services, including security and backup.

NTFS for transactions can also communicate with MS DTC (Distributed Transaction Center). In this way, the application can be composed of database calls, as well as file system operations (such as document management systems). This transaction function is built on the SMB 2.0 (Server Message Module) protocol, so a distributed file operation can be included in a single transaction.

Transparent Data Encryption (TDE) in SQL Server 2008, you can choose to use cell-level encryption as in SQL Server 2005, or use TDE for full database-level encryption, or File-level encryption provided by Windows.

It is designed to provide static protection for the entire database without affecting existing applications. Encrypting a database has traditionally involved complex application changes, such as modifying table schemas, removing functions, and significant performance degradation.