Automated Push and Pull backup to Shared Devices

Overview

Automated Push and Pull Backup in dbWatch Control Center automates the copying of databases between SQL Server instances—typically from production to development, test, or QA environments.
The feature provides a secure, repeatable, and maintenance-friendly workflow for synchronizing environments.

During job implementation, dbWatch Control Center automatically creates the required SQL Server Shared Devices for both Push and Pull operations.
Important: If the source database is encrypted with Transparent Data Encryption (TDE), the restore on the target instance will fail unless the required encryption keys and certificates are also transferred and installed.

Key Concepts

Push Backup to Shared Devices

A Push operation transfers a database from the source instance to the target instance.
dbWatch automatically prepares a Shared Device for storing and accessing the backup file.

However, TDE-encrypted databases cannot be restored on the target instance unless the target has the correct master key, certificate, and encryption hierarchy restored. If these prerequisites are missing, the Push restore operation will fail.

Pull Backup from Shared Devices

A Pull operation retrieves a database from the source instance to the local instance.
As with Push operations, dbWatch automatically creates the necessary Shared Devices.

If the pulled database is TDE-encrypted, the restore on the target instance will again fail unless the TDE certificate and keys have been manually transferred and configured. dbWatch intentionally does not transfer encryption materials for security reasons.

Automatic Creation of SQL Server Shared Devices

dbWatch Control Center handles Shared Device configuration during job setup:

Automatic creation of Shared Devices on both instances

Consistent naming and paths

Access validation before job execution

Seamless integration with automated backup workflows

Shared Device automation does not override SQL Server security:
TDE encryption still requires manual key and certificate transfer before database restore is possible.

TDE Limitations

When a database is protected with Transparent Data Encryption:

The backup is encrypted

A restore on a different instance requires the TDE certificate and private key

Without these, SQL Server will return an error such as:
“Cannot find server certificate with thumbprint …”

dbWatch Control Center does not automatically transfer TDE certificates, so administrators must manually export and import the required keys before running automated Push/Pull jobs involving encrypted databases.

Benefits

Automated creation of Shared Devices for both job types

Reliable orchestration of backup and restore operations

Reduced manual configuration (except TDE requirements)

Full logging and validation for troubleshooting

Consistent database refresh across environments