How does TDE (transparent data encryption) work with LiteSpeed?
Here are a few important things to note about TDE and LiteSpeed:
1. Since the database is encrypted with TDE, the LiteSpeed backup wont compress very well, but it may compress a bit. You should choose compression level of 1 to minimize CPU if they want to compress, since using a higher-level of compression will only cause CPU to increase without any real benefit on the backup file size. If you dont care about compressing the TDE databases, you can choose Compression Level 0 which does not attempt any compression at all.
2. When using TDE, its important to backup the database encryption key and move that to the DR site. There is no way to recover the data without the key. When you export a database encryption key, the exported key is encrypted using a password you choose at export time. While it may not be best practice to attach the encrypted key with the actual backup file, one of Microsofts greatest fears is that customers will lose their keys and be unable to restore their TDE databases. Therefore, we believe the best thing to do is to export the key and include the encrypted key file in the backup using Attached Files feature. That way they are together in the same LiteSpeed backup.
3. To further protect the backup, you can use LiteSpeed Encryption with TDE databases to add a secondary layer or protection to the backup.
LiteSpeed does recognize the database is using TDE and therefore does not automatically export the encryption key.