Hi Michael,

We use Transparent Data Encryption (TDE) with SQL Server which is encryption at rest of the database. That works transparently with our Powerbuilder applications.  It doesn't handle TLS, but that is done by using "Encrypt=1" in the connect string (DBParm), so our communication between client and server is encrypted as well as the database at rest.

TDE is different to Always Encrypted though so it depends on what your specific requirements are.  While TDE is transparent to the client, Always Encrypted requires some client modifications. Here is an article which explains the differences between TDE and Always Encrypted: https://azure.microsoft.com/en-us/blog/transparent-data-encryption-or-always-encrypted/

Hi Michael, There was a tech session at Elevate 2023 how to use the new Strict Encryption feature of SQL Server with PowerBuilder 2022 R3.  Here is the recording: https://www.youtube.com/live/H87gpnEt3mU?si=oVl9AiUyohI0ASN1&t=1860

Hi Michael;

  That is a great question to which I have no SS experience in that aspect.  However, I have used that feature via the Sybase ASE DBMS and it worked transparently to the PB Apps or IDE. ASE encrypts the server data & transmits it in the same fashion. However the native DB client (ie: SQLCA.DBMS = "ASE") decrypts the data stream (inbound to the PB App) and then hands that decrypted data stream over to the PB DB interface (PBASE.dll). So no changes to what the DB DB Client would normally see in a non-encrypted world.

   The reverse happens on the outbound request as the PB DB Driver hands the non-encrypted data stream over to the ASE DB Client which then now encrypts the data stream on its way to ASE DBMS server.

  I assume (hope) that MS-SS does it the same way. It will be interesting though to hear if any SS customers have used this SS feature and what their experiences were both functionally and performance wise.   ;-)

Regards .. Chris