Recently, I setup an availability group with 3 nodes. The 2 synchronous nodes are on the same domain, “domain 1”. The third asynchronous (DR) node is on a different domain, “domain 2”. I have a new requirement, to encrypt all databases using TDE on the third (DR) node only. Will this be possible?
I’m assuming that it is possible, but I want to ask your expert opinion and what will be the impact of this setup?
The secondary databases are just “clones” of the primary, so you cannot enable it on just one node.
The way to do it is actually to enable encryption on the primary, then it will replicate by itself if all is well (if you copied the certificate on the secondary nodes).
However, you should really look into MSDN and practice in a virtual lab before doing anything on production. It could be easy to get into an otherwise avoidable situation.