Exam Ref 70-764 Administering a SQL

Database Infrastructure Victor Isakov

Visit to download the full and correct content document:
https://ebookmass.com/product/exam-ref-70-764-administering-a-sql-database-infrast
ructure-victor-isakov/
Exam Ref 70-764 Administering a
SQL Database Infrastructure

Victor Isakov
Exam Ref 70-764 Administering a SQL Database Infrastructure
Published with the authorization of Microsoft Corporation by: Pearson
Education, Inc.
Copyright © 2018 by Pearson Education
All rights reserved. Printed in the United States of America. This publication
is protected by copyright, and permission must be obtained from the
publisher prior to any prohibited reproduction, storage in a retrieval system,
or transmission in any form or by any means, electronic, mechanical,
photocopying, recording, or likewise. For information regarding permissions,
request forms, and the appropriate contacts within the Pearson Education
Global Rights & Permissions Department, please visit
www.pearsoned.com/permissions/. No patent liability is assumed with
respect to the use of the information contained herein. Although every
precaution has been taken in the preparation of this book, the publisher and
author assume no responsibility for errors or omissions. Nor is any liability
assumed for damages resulting from the use of the information contained
herein.
ISBN-13: 978-1-5093-0383-0
ISBN-10: 1-5093-0383-9
Library of Congress Control Number: 2017953072
First Printing September 1 17
Trademarks
Microsoft and the trademarks listed at https://www.microsoft.com on the
“Trademarks” webpage are trademarks of the Microsoft group of companies.
All other marks are property of their respective owners.
Warning and Disclaimer
Every effort has been made to make this book as complete and as accurate as
possible, but no warranty or fitness is implied. The information provided is
on an “as is” basis. The authors, the publisher, and Microsoft Corporation
shall have neither liability nor responsibility to any person or entity with
respect to any loss or damages arising from the information contained in this
book or programs accompanying it.
Special Sales
For information about buying this title in bulk quantities, or for special sales
opportunities (which may include electronic versions; custom cover designs;
and content particular to your business, training goals, marketing focus, or
branding interests), please contact our corporate sales department at
[email protected] or (800) 382-3419.
For government sales inquiries, please contact
[email protected].
For questions about sales outside the U.S., please contact
[email protected].
Editor-in-Chief
Greg Wiegand
Acquisitions Editor
Trina MacDonald
Development Editor
Troy Mott
Managing Editor
Sandra Schroeder
Senior Project Editor
Tracey Croom
Editorial Production
Backstop Media
Copy Editor
Christina Rudloff
Indexer
Julie Grady
Proofreader
Christina Rudloff
Technical Editor
Martin ‘MC’ Brown
Cover Designer
Twist Creative, Seattle
Contents at a glance
Introduction
Preparing for the exam
Chapter 1 Configure data access and auditing
Chapter 2 Manage backup and restore of databases
Chapter 3 Manage and monitor SQL Server instances
Chapter 4 Manage high availability and disaster recovery
Index
Contents
Introduction
Organization of this book
Microsoft certifications
Acknowledgments
Microsoft Virtual Academy
Quick access to online references
Errata, updates, & book support
We want to hear from you
Stay in touch
Preparing for the exam
Chapter 1 Configure data access and auditing
Skill 1.1: Configure encryption
Implement column-level encryption
Implement Always Encrypted
Configure transparent data encryption
Implement backup encryption
Configure encryption for connections
Troubleshoot encryption errors
Skill 1.2 Configure data access and permissions
Create and maintain users
Create and maintain custom roles
Manage database object permissions
Configure row-level security
Configure dynamic data masking
Configure user options for Azure SQL Database
Skill 1.3: Configure auditing
 Configure an audit on SQL Server
Query the SQL Server audit log
Manage a SQL Server audit
Configure an Azure SQL Database audit
Analyze audit logs and reports from Azure SQL Database
Thought experiment
Thought experiment answers
Chapter summary
Chapter 2 Manage backup and restore of databases
Skill 2.1: Develop a backup strategy
Design a backup strategy
Back up databases
Back up VLDBs
Manage transaction log backups
Configure backup automation
Skill 2.2 Restore databases
Design a restore strategy
Restore a database
Perform piecemeal restores
Perform page recovery
Perform point-in-time recovery
Restore a filegroup
Develop a plan to automate and test restores
Skill 2.3 Manage database integrity
Implement database consistency checks
Identify database corruption
Recover from database corruption
Thought experiment
Thought experiment answers
 Chapter summary
Chapter 3 Manage and monitor SQL Server instances
Skill 3.1: Monitor database activity
Monitor current sessions
Identify sessions that cause blocking activity
Identify sessions that consume tempdb resources
Configure the data collector
Skill 3.2 Monitor queries
Manage the Query Store
Configure Extended Events and trace events
Identify problematic execution plans
Troubleshoot server health using Extended Events
Skill 3.3 Manage indexes
Identify and repair index fragmentation
Identify and create missing indexes
Identify and drop underutilized indexes
Manage existing columnstore indexes
Skill 3.4 Manage statistics
Identify and correct outdated statistics
Implement Auto Update Statistics
Implement statistics for large tables
Skill 3.5 Monitor SQL Server instances
Configure database mail
Create and manage operators
Create and manage SQL Agent alerts
Define custom alert actions
Define failure actions
Configure policy based management
Identify available space on data volumes
Identify the cause of performance degradation
 Thought experiment
Thought experiment answers
Chapter summary
Chapter 4 Manage high availability and disaster recovery
Skill 4.1: Design a high availability solution
Skill 4.2: Design a disaster recovery solution
Skill 4.3: Implement log shipping
Architect log shipping
Configure log shipping
Monitor log shipping
Skill 4.4: Implement Availability Groups
Architect Availability Groups
Configure Windows clustering
Create an Availability Group
Configure read-only routing
Monitor Availability Groups
Manage failover
Create Distributed Availability Group
Skill 4.5: Implement failover clustering
Architect failover clustering
Configure failover clustering
Manage Shared Disks
Configure Cluster Shared Volumes
Thought experiment
Thought experiment answers
Chapter summary

Index

What do you think of this book? We want to hear from you!

Microsoft is interested in hearing your feedback so we can continually
improve our books and learning resources for you. To participate in a brief
online survey, please visit:
https://aka.ms/tellpress
Introduction
First and foremost, thank you for your purchase and all the best of luck in
your endeavor to become certified and an expert in the SQL Server data
platform. The 70-764 exam is intended for database professionals who
perform installation, maintenance, and configuration tasks on the SQL Server
platform. Other responsibilities include setting up database systems, making
sure those systems operate efficiently, and regularly storing, backing up, and
securing data from unauthorized access.
This book is geared toward database administrators who are looking to
train in the administration of SQL Server 2016 infrastructure. To help you
prepare for the exam you can use Microsoft Hyper-V to create SQL Server
virtual machines (VMs) and follow the examples in this book. You can
download an evaluation copy of Windows Server 2016 from
https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016/.
SQL Server 2016 can be downloaded for free from
https://www.microsoft.com/en-us/sql-server/sql-server-downloads. You can
download the AdventureWorks databases from
https://msftdbprodsamples.codeplex.com/. The Wide World Importers
database can be downloaded from https://github.com/Microsoft/sql-server-
samples/releases/tag/wide-world-importers-v1.0.
This book covers every major topic area found on the exam, but it does not
cover every exam question. Only the Microsoft exam team has access to the
exam questions, and Microsoft regularly adds new questions to the exam,
making it impossible to cover specific questions. You should consider this
book a supplement to your relevant real-world experience and other study
materials. If you encounter a topic in this book that you do not feel
completely comfortable with, use the “Need more review?” links you’ll find
in the text to find more information and take the time to research and study
the topic. Great information is available on MSDN, TechNet, and in blogs
and forums.

Organization of this book

This book is organized by the “Skills measured” list published for the exam.
The “Skills measured” list is available for each exam on the Microsoft
Learning website: https://aka.ms/examlist. Each chapter in this book
corresponds to a major topic area in the list, and the technical tasks in each
topic area determine a chapter’s organization. If an exam covers six major
topic areas, for example, the book will contain six chapters.

Microsoft certifications
Microsoft certifications distinguish you by proving your command of a broad
set of skills and experience with current Microsoft products and technologies.
The exams and corresponding certifications are developed to validate your
mastery of critical competencies as you design and develop, or implement
and support, solutions with Microsoft products and technologies both on-
premises and in the cloud. Certification brings a variety of benefits to the
individual and to employers and organizations.

More Info All Microsoft certifications

For information about Microsoft certifications, including a full
list of available certifications, go to
https://www.microsoft.com/learning.

Acknowledgments
Victor Isakov I would like to dedicate this book to Christopher, Isabelle,
Marcus and Sofia. With your love and “infinite patience” I am the luckiest
guy on this planet! It would be remiss of me not to also thank Trina
MacDonald and Troy Mott for their “infinite patience” in helping me
complete this “impossible task.”

Microsoft Virtual Academy

Build your knowledge of Microsoft technologies with free expert-led online
training from Microsoft Virtual Academy (MVA). MVA offers a
comprehensive library of videos, live events, and more to help you learn the
latest technologies and prepare for certification exams. You’ll find what you
need here:
https://www.microsoftvirtualacademy.com
Quick access to online references
Throughout this book are addresses to webpages that the author has
recommended you visit for more information. Some of these addresses (also
known as URLs) can be painstaking to type into a web browser, so we’ve
compiled all of them into a single list that readers of the print edition can
refer to while they read.
Download the list at https://aka.ms/exam764administersql/downloads.
The URLs are organized by chapter and heading. Every time you come
across a URL in the book, find the hyperlink in the list to go directly to the
webpage.

Errata, updates, & book support

We’ve made every effort to ensure the accuracy of this book and its
companion content. You can access updates to this book—in the form of a
list of submitted errata and their related corrections—at:
https://aka.ms/exam764administersql/errata
If you discover an error that is not already listed, please submit it to us at
the same page.
If you need additional support, email Microsoft Press Book Support at
[email protected].
Please note that product support for Microsoft software and hardware is
not offered through the previous addresses. For help with Microsoft software
or hardware, go to https://support.microsoft.com.

We want to hear from you

At Microsoft Press, your satisfaction is our top priority, and your feedback
our most valuable asset. Please tell us what you think of this book at:
https://aka.ms/tellpress
We know you’re busy, so we’ve kept it short with just a few questions.
Your answers go directly to the editors at Microsoft Press. (No personal
information will be requested.) Thanks in advance for your input!

Stay in touch
Let’s keep the conversation going! We’re on Twitter:
http://twitter.com/MicrosoftPress.
Important: How to use this book to study
for the exam
Certification exams validate your on-the-job experience and product
knowledge. To gauge your readiness to take an exam, use this Exam Ref to
help you check your understanding of the skills tested by the exam.
Determine the topics you know well and the areas in which you need more
experience. To help you refresh your skills in specific areas, we have also
provided “Need more review?” pointers, which direct you to more in-depth
information outside the book.
The Exam Ref is not a substitute for hands-on experience. This book is not
designed to teach you new skills.
We recommend that you round out your exam preparation by using a
combination of available study materials and courses. Learn more about
available classroom training at https://www.microsoft.com/learning.
Microsoft Official Practice Tests are available for many exams at
https://aka.ms/practicetests. You can also find free online courses and live
events from Microsoft Virtual Academy at
https://www.microsoftvirtualacademy.com.
This book is organized by the “Skills measured” list published for the
exam. The “Skills measured” list for each exam is available on the Microsoft
Learning website: https://aka.ms/examlist.
Note that this Exam Ref is based on publicly available information and the
author’s experience. To safeguard the integrity of the exam, authors do not
have access to the exam questions.
Chapter 1. Configure data access and
auditing

Important Have you read page xiii?

It contains valuable information regarding the skills you need to
pass the exam.

An organization’s data is one of its most important assets, and in the twenty-
first century securing your data is paramount. In this chapter we will exam
the skills required to protect sensitive data through encryption, to control data
access, and importantly to audit data access. In a lot of sectors there are
common compliances and governance requirements, and SQL Server has
technology and tools to help you achieve any such compliance.
Data loss comes in many forms, including hardware failure, database
corruption, malicious activity, and user error, so you should develop a DRP
to protect against all of these eventualities. It is common for organizations to
have data governance requirements, requiring you to factor these into your
data disaster strategy.
Skill 1.1 starts with the encryption of data within your SQL Server
instance. We will examine how you can encrypt data at the column-level
within the tables of your database, at the database level, and at the database
backup level. Most data breaches within organizations are performed by
employees, so it is important to configure the appropriate data access controls
and audit potential unauthorized data access. In Skill 1.2 we turn our
attention to how you control data access within your SQL Server instance.
SQL Server logins, database users, server roles, database roles, and object
permissions are covered because they might be in the exam. We will also
focus on row-level security and dynamic data masking. Finally, in Skill 1.3
we cover how to configure auditing at the server and database level within
SQL Server.
Pay attention to the new security features in SQL Server 2016, which are
Always Encrypted, row-level security, and dynamic data masking. These new
technologies make great candidates for exam questions, but of course you
must be prepared for many other technologies as well.

Skills in this chapter:

Configure encryption
Configure data access and permissions
Configure auditing

Skill 1.1: Configure encryption

Let’s start this section with how to configure encryption in SQL Server. We
will examine how you can encrypt both data at rest and data in flight. Each
encryption technology will have its own strengths, weaknesses and
administrative complexity. Some encryption technology will restrict the types
of operations that you can perform on your data.
Let’s begin by examining how you can encrypt columns within tables
using column-level encryption and the new Always Encrypted capability. We
will then move to the database level and look at how to encrypt the entire
database and the database backups. Finally, we will cover how to configure
encryption for connections, and how to troubleshoot encryption.
When configuring encryption it is critical to choose the order of which
algorithms, certificates, and keys to operate. It is important to understand
what the different encryption technologies encrypt, what they protect against,
and how to configure them. The exam may require you to choose the
appropriate encryption mechanism, list the proper business requirements, and
describe the technical constraints.

This section covers how to:

Implement column-level encryption
Implement Always Encrypted
Configure transparent data encryption
Implement backup encryption
Configure encryption for connections
Troubleshoot encryption errors
Implement column-level encryption
The ability to encrypt data at the column level is a critical capability in any
modern database engine. Column-level encryption has been supported since
SQL Server 2005. Although this capability has seen improvements through
releases of SQL Server, its core architecture has remained the same.
Consequently, I would not expect many questions on column-level
encryption in the exam because it represents older technology.
To understand and implement encryption in SQL Server you need to
understand its encryption hierarchy and key management architecture. Layers
of encryption are protected by preceding layers of encryption that can use
asymmetric keys, certificates, and symmetric keys.
Extensible Key Management SQL Server EKM enables the
encryption keys that protect the database files to be stored outside of
the SQL Server environment such as a smartcard, a USB device, and
the EKM module of Hardware Security Module (HSM). It also helps
secure the SQL Server instance from database administrators because
they will not necessarily have access to the external EKM/HSM
module.
Service Master Key The Service Master Key (SMK) is the root of the
database engine’s encryption hierarchy and is generated automatically
the first time it is needed to encrypt another key. By default, the SMK
is encrypted using the Windows data protection API (DPAPI) at the
operating system level, which uses the local machine key. The SMK
can only be opened by the Windows service account that created it, or
by a principal that knows the service account name and its password.
Database Master Key The Database Master Key (DMK) is a
symmetric key used to protect the private keys of certificates and
asymmetric keys that are present in the database. When created it is
encrypted using AES_256 and a password you provide. Query the
[sys].[symmetric_keys] catalog view to get information about the
DMK.
Asymmetric Key An asymmetric key consists of a private and
corresponding public key. Asymmetric encryption is computationally
more expensive, but more secure than symmetric encryption. You can
use an asymmetric key to encrypt a symmetric key within a database.
 Symmetric Key A symmetric key is a single key that uses encryption.
Symmetric encryption is generally used over asymmetric encryption
because it is faster and less computationally expensive.
Certificate Certificates are a digitally signed security object that
contain a public (and optionally a private) key for SQL Server, which
can generate certificates. You can also use externally generated
certificates, and just like with asymmetric keys, certificates can be used
in asymmetric encryption.
Figure 1-1 shows SQL Server’s encryption hierarchy. Note that there are
multiple ways to protect the encrypted data within the database.

FIGURE 1-1 SQL Server encryption hierarchy

When implementing column-level encryption, consider the following:
Encrypted data cannot be compressed, but compressed data can be
encrypted.
When using compression, you should compress data before
encrypting it for optimal results.
Stronger encryption algorithms consume more processor resources.
Starting with SQL Server 2016 the database engine can take
advantage of hardware acceleration, using Intel AES-NI, when
performing encryption/decryption tasks.
Starting with SQL Server 2016 the only algorithms that are supported
with database compatibility 130 or above are AES-128, AES_192, and
AES_256.
Older encryption algorithms, including DES, Triple DES,
TRIPLE_DES_3KEY, RC2, RC4, 128-bit RC4, and DESX are only
supported under a database compatibility level of 120 or lower.
You should not use these older, unsupported encryption algorithms
because they are fundamentally less secure.
If you are encrypting a lot of data it is recommended that you encrypt
the data using a symmetric key, and then encrypt the symmetric key
with an asymmetric key.
For all intents and purposes, once you encrypt a column, indexes on
that column typically become useless for searching. Consider removing
the indexes. In some cases you can add a helper column to the table,
such as in the example of the last 4 digits of a credit card.
The database administrator generally still has complete control over the
SQL Server environment and consequently the ability to potentially
view the encrypted data. In the next section of this chapter we will
examine Always Encrypted and how this can be used to protect
unauthorized access from the database administrator.
Perform the following tasks to encrypt data:
1. Create DMK
2. Create a certificate that will be protected by the DMK
3. Create SMK using the certificate that will be used by column
encryption
 4. Encrypt the column using the SMK
It’s important to appreciate that these high-level tasks only represent one
technique for implementing column level encryption. As you saw in Figure
1-1 there are multiple encryption paths that you can deploy, that can use a
myriad of encryption functions.

Need more Review? Encryption system functions

SQL Server supports a number of different system functions that
support encryption, decryption, digital signing, and validation of
digital signatures. To familiarize yourself with these functions
for the function visit https://docs.microsoft.com/en-us/sql/t-
sql/functions/cryptographic-functions-transact-sql.

Listing 1-1 starts with a simple example where you can encrypt data using
a symmetric key protected by a password. Note that the best practice of
backing up the keys and certificates has been excluded. Pay attention to what
our “clever” CTO does.

LISTING 1-1 Implementing column-level encryption using a password

Click here to view code image
USE tempdb;
GO

-- Create sample table

CREATE TABLE Employees (
EmployeeID INT PRIMARY KEY,
EmployeeName VARCHAR(300),
Position VARCHAR(100),
Salary VARBINARY(128)
);
GO
-- Create SMK
CREATE SYMMETRIC KEY SMK_Emp
WITH ALGORITHM = AES_256 ENCRYPTION BY PASSWORD =
'Pa$$w0rd';
GO
-- Open SMK
OPEN SYMMETRIC KEY SMK_Emp DECRYPTION BY PASSWORD =
'Pa$$w0rd';
GO
-- Verify open keys
SELECT * FROM sys.openkeys;
GO
-- Insert data
INSERT Employees VALUES (1, 'Marcus', 'CTO',
ENCRYPTBYKEY(KEY_GUID('SMK_Emp'),
'$100000'));
INSERT Employees VALUES (2, 'Christopher', 'CIO',
ENCRYPTBYKEY(KEY_GUID('SMK_Emp'),
'$200000'));
INSERT Employees VALUES (3, 'Isabelle', 'CEO',
ENCRYPTBYKEY(KEY_GUID('SMK_Emp'),
'$300000'));
GO
-- Query table with encrypted values
SELECT * FROM Employees;
GO
-- Query table with decrypted values
SELECT *, CONVERT(VARCHAR, DECRYPTBYKEY(Salary)) AS
DecryptedSalary
FROM Employees;
GO
-- Close SMK
CLOSE SYMMETRIC KEY SMK_Emp
GO
-- Query table with decrypted values after key SMK is
closed
SELECT *, CONVERT(VARCHAR, DECRYPTBYKEY(Salary)) AS
DecryptedSalary
FROM Employees;
GO
-- Clever CTO updates their salary to match CEO's salary
UPDATE Employees
SET Salary = (SELECT Salary FROM Employees WHERE Position
= 'CEO')
WHERE EmployeeName = 'Marcus';
GO
-- Open SMK and query table with decrypted values
OPEN SYMMETRIC KEY SMK_Emp DECRYPTION BY PASSWORD =
'Pa$$w0rd';
SELECT *, CONVERT(VARCHAR, DECRYPTBYKEY(Salary)) AS
DecryptedSalary
FROM Employees;
 GO
-- Cleanup
DROP TABLE Employees;
DROP SYMMETRIC KEY SMK_Emp;
GO

As you can see, the CTO is able to substitute their salary with the CIO’s
salary, knowing full well that it is higher than his. There is no need to decrypt
and re-encrypt the actual salary. This highlights the importance of
understanding what various encryption and security techniques protect
against, and how they can be potentially overcome. It also highlights how
you should also implement other techniques, which we’ll look at in later
sections in this chapter, such as security and the use of auditing to secure
your data.
In this instance the ciphertext was created with no integrity checks that
could help in the whole-value substitution of the encrypted value. A number
of the SQL Server encryption functions support an authenticator parameter,
which helps by adding contextual information to the plaintext before
encrypting it. Upon adding an authenticator, the same value must be used
during decryption that was used with encryption. If it is different, the
decryption will fail. Microsoft recommends using a column that contains a
unique, immutable value, such as the primary key, as the authenticator. Be
aware that if the authenticator value changes, you might lose access to the
data.

Need more Review? Encryption authenticators

For more information on authenticators SQL Server supports a
number of different system functions that support encryption,
decryption, digital signing and validation of digital signatures.
To familiarize yourself with these functions visit
https://technet.microsoft.com/en-
us/library/ms365192(v=sql.105).aspx.

A major disadvantage of encrypting data using a symmetric key protected

by a password is that the password needs to be embedded somewhere, which
represents a security risk. Consequently, using certificates is generally the
preferred technique. Listing 1-2 shows an example of how column-level
encryption can be implemented using a certificate. Note that the best practice
of backing up the keys and certificates has been excluded.

LISTING 1-2 Implementing column-level encryption using a certificate

Click here to view code image

USE WideWorldImporters;
GO
-- Create database master key
CREATE MASTER KEY ENCRYPTION BY PASSWORD =
'GoodLuckWithExam!'
-- Create certificate
CREATE CERTIFICATE Cert_BAN
WITH SUBJECT = 'Bank Account Number';
GO
-- Create SMK
CREATE SYMMETRIC KEY Key_BAN
WITH ALGORITHM = AES_256
ENCRYPTION BY CERTIFICATE Cert_BAN;
GO
-- Create a column to store encrypted data
ALTER TABLE Purchasing.Suppliers
ADD EncryptedBankAccountNumber varbinary(128);
GO
-- Open the SMK to encrypt data
OPEN SYMMETRIC KEY Key_BAN
DECRYPTION BY CERTIFICATE Cert_BAN;
GO
-- Encrypt Bank Account Number
UPDATE Purchasing.Suppliers
SET EncryptedBankAccountNumber =
EncryptByKey(Key_GUID('Key_BAN'), BankAccountNumber);
GO
-- Close SMK
CLOSE SYMMETRIC KEY Key_BAN
GO
/*
Verify encryption was successful
*/
-- Query 1: Check encryption has worked
SELECT TOP 5 SupplierID, SupplierName, BankAccountNumber,
EncryptedBankAccountNumber,
CONVERT(NVARCHAR(50),
DecryptByKey(EncryptedBankAccountNumber)) AS
DecryptedBankAccountNumber
 FROM Purchasing.Suppliers
GO
-- Query 2: Open the SMK
OPEN SYMMETRIC KEY Key_BAN
DECRYPTION BY CERTIFICATE Cert_BAN;
GO
-- Query with decryption function
SELECT NationalIDNumber, EncryptedNationalIDNumber
AS 'Encrypted ID Number',
CONVERT(nvarchar,
DecryptByKey(EncryptedNationalIDNumber))
AS 'Decrypted ID Number'
FROM HumanResources.Employee;
-- Results can be seen in Figure 1-3
GO
-- Close SMK
CLOSE SYMMETRIC KEY Key_BAN;
GO

Figure 1-2 shows the result set of Query 1 in Listing 1-2 where we
attempted to decrypt the encrypted column without opening the symmetric
key. Note how SQL Server Management Studio returns NULLs for the
encrypted column.

FIGURE 1-2 Unsuccessful decryption

Figure 1-3 shows the result set of query 2 in Listing 1-2 where the
symmetric key has been opened before the encrypted column has been
queried. In this case you can see that the encrypted data has been successfully
decrypted.
 FIGURE 1-3 Successful decryption
Another problem with using certificates to encrypt data in SQL Server is
that any user who is a [dbo] within the database will be able to view the
encrypted data. In the next section of this chapter we will examine Always
Encrypted and how this can be used to protect unauthorized access from the
database administrator.
Finally, be aware of the performance impact of encrypting columns within
databases. For all intents and purposes, indexes on encrypted columns are
useless and consume needless resources in most cases. Figure 1-4 shows an
example where an index has been created on an encrypted column, but cannot
be used by any query because it is encrypted. Various techniques can
potentially be used to help improve performance in such cases, such as
creating a separate column and storing the hashed value of the sensitive
column and incorporating that in your queries.
 FIGURE 1-4 Execution plan for search on encrypted, indexed column

Need more Review? Extensible Key Management (EKM)

SQL Server’s EKM enables third party EKM/HSM vendors to
integrate the solutions with the database engine. This allows you
to store both asymmetric keys and symmetric keys in the EKM
solution, taking advantage of advanced capabilities such as key
aging and key rotation. For more information on SQL Server’s
EKM visit https://docs.microsoft.com/en-us/sql/relational-
databases/security/encryption/extensible-key-management-ekm.
SQL Server can take advantage of Microsoft’s EKM solution in
Azure. The SQL Server Connector for Microsoft Azure Key
Vault enables encryption within the database engine to use the
Azure Key Vault service. For more information visit
https://docs.microsoft.com/en-us/sql/relational-
databases/security/encryption/extensible-key-management-
using-azure-key-vault-sql-server.

Implement Always Encrypted

Always Encrypted (AE) is a new feature in SQL Server 2016 that allows you
encrypt both data at rest and data in flight. This differentiates it from column-
level encryption and transparent database encryption, which we will look at
in the next section. Perhaps its most important capability is its ability to
secure the data with your database outside of the database engine in the client
application. This effectively means that the database administrator can no
longer get access to the encrypted data within any database because the keys
needed for decryption are kept and controlled outside of their domain.
AE was designed so that encryption and decryption of the data happens
transparently at the driver level, which minimizes the changes that have to be
made to existing applications. However, existing applications will have to be
changed to leverage AE. AE’s primary use case is to separate the duties of
the database administrator from your application administrators. It can be
used where both the data and the application is on-premise, or both are in the
cloud. But it really shines where the data is in the cloud and the application is
on-premise. In this use case the cloud database administrators will not be able
to access your sensitive data. The data remains until it is decrypted by your
client application, that you control!
At a high level the AE architecture works as shown in Figure 1-5:
1. The client application issues a parameterized query. It uses the new
Column Encryption Setting=Enabled; option in the
connection string.
2. The enhanced ADO.NET driver interrogates the database engine using
the [sp_describe_parameter_encryption] system stored
procedure to determine which parameters target encrypted columns. For
each parameter that will require encrypting the driver retrieves the
encryption algorithm and other information that will be used during the
encryption phase
3. The driver uses the Column Master Key (CMK) to encrypt the
parameter values before sending the ciphertext to the database engine.
4. The database engine retrieves the result set, attaching the appropriate
encryption metadata to any encrypted columns, and sends it back to the
client application. The data is encrypted both at rest within the database
and in flight from the database engine to the client application.
5. The client application’s driver decrypts any encrypted columns in the
result set and returns the plaintext values to the application.

FIGURE 1-5 Always Encrypted architecture

Need more Review? sp_describe_parameter_encryption

The [sp_describe_parameter_encryption] system
stored procedure analyses the specified query and its parameters
 to determine which parameters correspond to database columns
that are protected by AE. It is used by the database engine to
return the encryption metadata for the parameters that
correspond to encrypted columns. For more information visit
https://docs.microsoft.com/en-us/sql/relational-
databases/system-stored-procedures/sp-describe-parameter-
encryption-transact-sql.

AE supports the following two types of encryption:

Deterministic Deterministic encryption uses a method that always
generates the same ciphertext for any given plaintext value.
It allows for the transparent retrieval of data through equality
comparisons. Point lookups, equality joins, grouping and indexing
are all supported through deterministic encryption.
With deterministic encryption a BINARY2 collation, such as
Latin1_General_BIN2, must be used for character columns.
Users might be able to guess encrypted columns values for columns
with a small domain of values, such as an example of the[Gender] or
[State] fields.
Randomized With randomized encryption, different ciphertext will be
generated for the same plaintext. This makes randomized encryption
much more secure than deterministic encryption.
Effectively no search/comparison operations are allowed.
Use randomized encryption for columns that you want to retrieve.
Being a first release technology in SQL Server 2016, AE has a number of
limitations:
Only the AEAD_AES_256_CBC_HMAC_SHA_256 encryption
algorithm is supported.
The following data types are not supported:
FILESTREAM
GEOGRAPHY
GEOMETRY
HIERARCHYID
 IMAGE
NTEXT
ROWVERSION
SQL_VARIANT
TEXT
TIMESTAMP
XML
You cannot alter a column and encrypt it. You must add a new column
and add/import the data. SQL Server Management Studio supports such
functionality.
Queries can perform equality comparison on columns encrypted using
deterministic encryption.
All other operations (like greater/less than, pattern matching using
the LIKE operator, or arithmetical operations) are not supported.
Queries on columns encrypted by randomized encryption cannot
perform operations on those columns.
Indexing columns encrypted using randomized encryption is not
supported.
Temporal tables cannot include encrypted columns.
Triggers may fail if they reference encrypted columns.
Queries must be passed with properly typed parameters, such as
SqlCommand and SqlParameter.
Ad-Hoc queries against encrypted data will raise an exception.
Only ADO.NET, through the .NET 4.6 framework is supported.
The initial release only supported the SQL Server client driver.
Support for ODBC and JDBC will released later.
Change Data Capture (CDC) does not work on encrypted columns.
Change tracking is supported, although it only tracks changes of
encrypted values.
Replication is not officially supported.
Availability Groups and Log Shipping is supported.
Performance will be potentially impacted. Expect performance to be
 significantly slower compared to non-encrypted inserts and updates.
More space will be consumed by encrypted columns when compared
to unencrypted columns. Compressions benefits will be minimal.
AE uses the following two types of keys:
Column Master Key (CMK) The CMK is used to protect the keys
used to encrypt the column encryption keys.
CMKs must be stored in a trusted key store such as the Azure Key
Vault, Windows Certificate Store, or Hardware Security Modules
(HSMs). More information can be found at
https://docs.microsoft.com/en-us/sql/relational-
databases/security/encryption/create-and-store-column-master-keys-
always-encrypted.
The CMKs need to be accessible by client applications that will
encrypt or decrypt data.
Information about the CMKs, including their location is stored in the
database’s [sys].[column_master_keys] system catalog view.
Column Encryption Key (CEK) The CEK is used to encrypt sensitive
data stored in table’s columns.
All values in a column can be encrypted using a single CEK.
You should store column encryption keys in a secure/trusted location
for backup.
Each CEK can have 2 encrypted values from 2 CMKs to allow
master key rotation. Rotating AE keys is a complicated process that
you can get5 more information on at https://docs.microsoft.com/en-
us/sql/relational-databases/security/encryption/rotate-always-
encrypted-keys-using-powershell.
Encrypted values of column encryption keys are stored in the [sys].
[column_encryption_key_values] system catalog views.

Need more Review? Creating Always Encrypted keys

Although you would most likely use SQL Server Management
Studio to create the AE keys, you should familiarize yourself
with how to create the CMK and CEK using Transact-SQL. For
more information on creating the CMK visit
 https://docs.microsoft.com/en-us/sql/t-sql/statements/create-
column-master-key-transact-sql. For more information on
creating the CEK visit https://docs.microsoft.com/en-us/sql/t-
sql/statements/create-column-encryption-key-transact-sql.

Given the potential complexity of AE, Microsoft has made it as easy as

possible to implement AE in SQL Server Management Studio. Use the
following steps to implement AE.
1. Create a sample table with some sample data as shown in Listing 1-3.
Figure 1-6 shows the results.

LISTING 1-3 Implementing column-level encryption using a certificate

Click here to view code image
USE tempdb;
GO
-- Create table
CREATE TABLE dbo.Customers(
CustomerID INT ,
Name NVARCHAR(50) NULL,
City NVARCHAR(50) NULL,
BirthDate DATE NOT NULL
);
GO
-- Insert sample data
INSERT Customers VALUES (1, 'Victor', 'Sydney',
'19800909');
INSERT Customers VALUES (2, 'Sofia', 'Stockholm',
'19800909');
INSERT Customers VALUES (3, 'Marcus', 'Sydney',
'19900808');
INSERT Customers VALUES (4, 'Christopher', 'Sydney',
'19800808');
INSERT Customers VALUES (5, 'Isabelle', 'Sydney',
'20000909');
GO
-- Query unencrypted data
SELECT * FROM Customers;
GO
 FIGURE 1-6 Querying unencrypted data
2. Right click on the table and select Encrypt Columns to start the Always
Encrypted Wizard, shown in Figure 1-7.

FIGURE 1-7 Always Encrypted Wizard

3. In the Column Selection page of the Always Encrypted Wizard select
 the columns that you want to encrypt and choose the encryption type, as
shown in Figure 1-8. Notice the warning for the character column that
says “The collation will be changed fromLatin1_General_CI_AS to
Latin1_General_BIN2”. The wizard will automatically create the CEK
for you. You can choose to apply CEK to all columns that you plan to
encrypt.

FIGURE 1-8 Always Encrypted wizard Column Selection page

4. In the Master Key Configuration page of the Always Encrypted Wizard
leave the default options, as shown in Figure 1-9:
Auto generate column master keyStore
Select a master key source: Current User
FIGURE 1-9 Always Encrypted wizard Master Key Configuration page
5. In the Run Settings page of the Always Encrypted Wizard select the
Proceed To Finish Now, as shown in Figure 1-10, to perform the
required actions to implement AE. Alternatively, you can script the
actions to a PowerShell script to run later.
 FIGURE 1-10 Always Encrypted Wizard Run Settings page
6. In the Summary page of the Always Encrypted Wizard you can review
the summary of your configuration, as shown in Figure 1-11. Select
Finish.
 FIGURE 1-11 Always Encrypted Wizard
7. Once the Always Encrypted Wizard completes its task, review the
summary information, as shown in Figure 1-12, and click on close.
 FIGURE 1-12 Always Encrypted Wizard Results page
If you query the encrypted table in SQL Server Management Studio the
data in the AE encrypted columns will be shown as ciphertext, as shown in
Figure 1-13. You may notice that four customers have the same ciphertext for
the [City] field. This is because they all live in the same city, and we used
deterministic encryption. This highlights the potential vulnerability of using
deterministic encryption.
 FIGURE 1-13 Always Encrypted column ciphertext
To transparently query the AE encrypted columns in SQL Server
Management Studio you can use the column encryption setting = enabled
connection string parameter as shown in Figure 1-14.

FIGURE 1-14 Column encryption setting connection string

 If you now query the table again, the data is shown automatically in
plaintext, as shown in Figure 1-15.

FIGURE 1-15 Always Encrypted column plaintext

Listing 1-4 shows the column master key, column encryption key, and the
changes made to the underlying table.

LISTING 1-4 Implementing Always Encrypted

Click here to view code image
-- Create CMK
CREATE COLUMN MASTER KEY [CMK_Auto1]
WITH
(
KEY_STORE_PROVIDER_NAME = N'MSSQL_CERTIFICATE_STORE',
KEY_PATH =
N'CurrentUser/my/21CC13CA4E733072106BF516CB7BF51939C397A6'
);
GO
-- Create CEK
CREATE COLUMN ENCRYPTION KEY [CEK_Auto1]
WITH VALUES
(
COLUMN_MASTER_KEY = [CMK_Auto1],
ALGORITHM = 'RSA_OAEP',
ENCRYPTED_VALUE =
0x016E000001630075007200720065006E0074007
5007300650072002F006D0079002F003200310063006300310033006300
…
61003400650037003300330030003700320031003000360062006600350
1E60B9B4D7E6EB28F3A834FD8435A84421A80F36C14D2B371ED55C6D0AB
37117FCE4444E64A9C6D4B1CCC8053C0FFE
)
GO
 CREATE TABLE [dbo].[Customers](
[CustomerID] [int] NULL,
[Name] [nvarchar](50) NULL,
[City] [nvarchar](50) COLLATE Latin1_General_BIN2
ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY =
[CEK_Auto1],
ENCRYPTION_TYPE = Deterministic,
ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256') NULL,
[BirthDate] [date]
ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY =
[CEK_Auto1],
ENCRYPTION_TYPE = Randomized,
ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256') NOT
NULL
)
GO

Listing 1-5 shows the PowerShell script generated by the Always

Encrypted Wizard.

LISTING 1-5 Always Encrypted Powershell script

Click here to view code image
-- Create CMK
Import-Module SqlServer
# Set up connection and database SMO objects

$sqlConnectionString = "Data Source=DBA;Initial

Catalog=tempdb;Integrated Security=True;
MultipleActiveResultSets=False;Connect
Timeout=30;Encrypt=False;TrustServerCertificate=T
rue;Packet Size=4096;Application Name=`"Microsoft SQL
Server Management Studio`""
$smoDatabase = Get-SqlDatabase -ConnectionString
$sqlConnectionString

# If your encryption changes involve keys in Azure Key

Vault, uncomment one of the lines
below in order to authenticate:
# * Prompt for a username and password:
#Add-SqlAzureAuthenticationContext -Interactive

# * Enter a Client ID, Secret, and Tenant ID:

#Add-SqlAzureAuthenticationContext -ClientID '<Client ID>'
 -Secret '<Secret>' -Tenant
'<Tenant ID>'

# Change encryption schema

$encryptionChanges = @()

# Add changes for table [dbo].[Customers]

$encryptionChanges += New-SqlColumnEncryptionSettings -
ColumnName dbo.Customers.City
-EncryptionType Deterministic -EncryptionKey "CEK_Auto1"
$encryptionChanges += New-SqlColumnEncryptionSettings -
ColumnName dbo.Customers.
BirthDate -EncryptionType Randomized -EncryptionKey
"CEK_Auto1"

Set-SqlColumnEncryption -ColumnEncryptionSettings
$encryptionChanges -InputObject
$smoDatabase
GO

Configure transparent data encryption

So far, we have looked at how you can selectively encrypt columns within a
database. We have seen how client applications need to be modified with
these various column level implementations. SQL Server also allows you to
encrypt the entire database transparently to the client applications through a
feature called Transparent Database Encryption (TDE).
TDE works by encrypting the database pages only on the storage
subsystem. This is commonly referred to as encrypting data “at rest.” Pages
are encrypted as they are written back to the storage subsystem. Pages are
decrypted as they are read from the storage subsystem to the buffer pool.
TDE was introduced in SQL Server 2008 and is only supported in Enterprise
Edition. In SQL Server 2016 Microsoft added the following enhancements:
Hardware acceleration through support for Intel’s Advanced
Encryption Standard New Instructions (AES-NI), which has been
available since Intel’s Westmere architecture.
Microsoft has observed that hardware acceleration through AES-NI
results in only a 2-3% performance impact.
The memory optimized filegroup used by In-Memory OLTP are now
 also encrypted if TDE is enabled for a database.
TDE works with backup compression. In earlier versions of SQL
Server, backup compression was not recommended for TDE enabled
databases because there was no reduction in the backup set size. Now
you can get the benefits of backup compression for TDE-enabled
databases.

Important Compressing backups on TDE enabled databases

To take advantage of TDE with backup compression you must
explicitly specify a MAXTRANSFERSIZE greater than 65536
in the BACKUP command. A MAXTRANSFERSIZE = 65537
might not be an optimal value for your backups. You will need
to test with different sizes to find the optimum
MAXTRANSFERSIZE. We will cover backups in more detail in
Chapter 2, “Manage backup and restore of databases.”

TDE has the following pros:

Encryption of database files, log files, and backup files using AES or
3DES encryption algorithms without changing existing applications.
Encryption is transparent to applications that do not have to be
modified.
TDE has the following cons:
TDE does not encrypt data in the database engine’s buffer pool.
Consequently, any user can potentially read the data if they have
sufficient permissions.
TDE only works with Enterprise Edition.
TDE will consume more processor resources, especially in cases where
AES-NI cannot be leveraged.
The [tempdb] system database is also encrypted. This can be
undesirable in certain scenarios.
FILESTREAM data is not encrypted even when TDE is enabled.
Files used by buffer pool extension (BPE) are not encrypted when TDE
is enabled. You must use file system level encryption tools, like
Bitlocker, for BPE-related files.
 You can’t access the database if the certificates and keys used by TDE
are lost.
Use TDE in the following use cases:
You need to encrypt the data at rest in your database for compliance
reasons without any client application changes.
You want to help prevent stolen backup files of your database to be
restored on another SQL Server.
You want to help prevent database files to being detached, stolen and
then attached on another SQL Server.
TDE uses a database encryption key (DEK), which is stored in the
database boot record and used during recovery. This DEK is a symmetric key
secured by using a certificate stored in the master system database of the
database engine, or an asymmetric key protected by an extensible key
management (EKM) module. Figure 1-16 shows this TDE architecture and
the steps required to enabled TDE:
1. Create a master key.
2. Create or obtain a certificate protected by the master key.
3. Create a database encryption key and protect it by the certificate. The
following encryption algorithms can be used:
AES_128
AES_192
AES_256
TRIPLE_DES_3KEY
4. Enable transparent database encryption for the user database.
Another random document with
no related content on Scribd:
himself was mounted on a magnificent grey steed, whose saddle
appeared to be of a solid mass of gold, so richly was it embroidered;
and the other trappings were also sumptuously adorned with gold
and silver. He rode in advance, and the hundred Dreeds who
followed him were on horses not much inferior to that of their proud
and haughty chief. When within about a hundred yards of the Prince,
Smeeda dismounted, and approached on foot to kiss his hand. On
resuming his seat in the saddle, he took up his position to his
master’s left, whilst his attendants fell back in the rear of our party.”
The Prince was enthusiastically fond of hunting. Every day, when
he had the opportunity, he was engaged in it. The chase of gazelles
was his favourite sport, and it was one in which success was neither
easily nor frequently achieved. “It is a grand sight,” says Mr Davis,
“to behold these slender-limbed and feeble-looking tiny creatures
defying the most spirited horse in speed. When pursued, they
actually often stopped to nibble the grass,—as if to challenge the
rider and ridicule his efforts, and treat him, his horse and hounds
alike, with contempt.” They were frequently seen in companies of
about twenty together. On the day after Smeeda and his Dreeds
joined the expedition, a great many gazelles were chased by the
Prince’s cavalry and the Arabs, but not a single one was killed. This,
it is alleged, was owing, firstly, to the rough and broken character of
the soil; secondly, to the burning heat which prevailed; and thirdly,
the shirocco wind, which sometimes, as it blew in their faces, seemed
as if it carried along with it flames of fire, and caused the riders to
check the speed of their horses. But to compensate the party for their
bootless efforts, Smeeda sent his servants for his well-trained hawks.

“In half an hour about twenty of these birds of prey, of an unusually large size,
were brought, accompanied by several Dreeds, expert in hawking. Smeeda,—who is
rather a short, but very corpulent man, with a handsome face, ornamented by a
fine black, neatly-trimmed beard, and most penetrating dark eyes,—was this day
mounted on a beautiful white horse, decked out with the same saddle and
trappings his grey horse exhibited the day before. The dress of the rider was
elegant and rich in the extreme. As soon as he had protected his hands from the
talons by gauntlets, partly covered with plates of gold, a hawk was handed to him
by one of his attendants. He undid the hood which confined the head of the bird,
and prevented his quick eye from beholding the objects around. In an instant the
hawk was seen soaring up to the sky. Another and another followed, and in this
manner about twelve or fifteen were despatched. A few seconds elapsed, when one
after the other pounced upon his prey. Hares and rabbits, partridges and other
birds, were thus secured in abundance. The servants were busily engaged running
in all directions to secure both the hawks and the prey,—the former, in order to
adjust their hoods for a short time previous to being despatched again; and the
latter, ‘to cut the throat’ before life is extinct, so as to render them lawful food for
the true believer.”

In connection with this love of the chase, we must mention an

incident which occurred as the expedition was approaching Cairwan,
and which shows how little prevalent is any rule but the “law of the
strongest” in those quarters, and how naturally men take to deceit as
a refuge against lawless force. Mr Davis and some others of the party
came to half-a-dozen Arab tents, where, to their great surprise, a
general stillness and gloom prevailed. The men and children sat on
the ground with an air of profoundest melancholy; whilst the women,
usually so active, were resting from their labours, and exhibiting
grief by floods of tears.

“‘What has happened, Ali, that you are all so much cast down?’ asked one of our
party, addressing an old man.
‘Such is the will of God,’ was the only reply.
‘But what has happened, Ali?’
‘Maktoob,—it is so preordained!’ answered the old man, shaking his head, and
clasping his hands.
‘Has any one died?’
To this he only replied with a sigh, and pointed us to the interior of his tent. But
instead of participating in his grief, my friend abruptly asked him,—Where is the
sloghi (greyhound) of last year?’
‘How can you put such a question to me, when you witness my grief and
distress?’
‘Who, then, is dead?’ pursued my inquisitive companion.
‘My wife!’ replied the old Arab, again pointing us to the interior of the tent,
where apparently she lay, covered with a kind of blanket.
‘But what have you done with the lovely (greyhound)?’
Old Ali now indignantly expressed his surprise that such a question should be
put to him at a time when his mind was so differently occupied. He thought it
manifested hard-heartedness, if not cruelty.
‘But are you sure your wife is quite dead?’
‘Do not mock me, O Moslems!’
 The interrogator then called a soldier, who happened to be near, and gave him
his horse to hold, while he himself ruthlessly entered the tent. On removing the
blanket, he found the Arab’s wife, all alive, and holding the pet sloghi in her arms.
On being thus detected, the poor woman cried out most beseechingly, ‘Do not take
the dog!’ and the whole company, men, women, and children, most imploringly re-
echoed the cry.
The intruder then turned to old Ali, and with an ironical smile said,—‘You see
your dear wife is not quite dead!’”

The Prince, as we have said, was a keen sportsman, and not one of
his dogs could compare with Ali’s sloghi; but his veneration for
justice predominated even over his love of the chase. “Ali is rich,”
said he, when the hound was brought to him, “and money will not
tempt him, else I would gladly offer it him. Send the sloghi instantly
back!”
The day after the junction of Smeeda and his noble Dreeds, the
expedition entered the district of the Majer,—a tribe (numbering 200
tents, or 1200 souls) of a peculiarly rascally character, and the larger
portion of whose scanty resources is obtained by the robbery and
murder of travellers. For these outrages they are rarely brought to
account, save when the Prince, or other representative of the
Regency of Tunis, makes a tour in person among the tribes. On the
present occasion they had a heavy debt to pay,—the value of a life, in
the Desert, being generally reckoned at from twenty-five to thirty
camels. Within the precincts of this tribe are the ruins of Spaitla, the
ancient Sufetula; and, by the favour of the Prince, our author set out
to visit them. Under the guidance of the Majer chief, and escorted by
twenty soldiers well mounted, and armed to the teeth—after a gallop
over a beautiful plain, and thence crossing a district of hill and dale,
“all covered with verdure, and occasionally bordering upon the
picturesque,” Mr Davis and his party arrived at the ruins. On their
first approach all was perfectly still. Not a sound but their own was
audible, save the rippling of a brook which glides past the ruins on
their north-eastern side. Not a human being was to be seen, either
among the ruins or in their vicinity; and even animal life seemed to
have for ever departed from the sombre walls and mansions of the
ancient Sufetulans. But such was not really the case. In the holes,
caverns, and clefts of the rocks on which the city stands, were
dispersed numbers of the followers and subjects of the Majer chief.
From their dwellings they issued forth imperceptibly to the
travellers. And most unpleasant company they must have been; for,
says our author, “all the corrupt ramifications of the human heart,—
all the vile actions of which man is capable, could be traced, and that
distinctly, in the features of these sons of Ghiath.”
The situation of this ancient city is delightful. It is built upon an
eminence, commanding a panoramic view of an expanse of country
which, even in its present barren and deserted condition, has a
charming aspect. Wild olive, juniper, and almond trees in abundance
stud the banks of the brook. Of the place itself, Mr Davis says, “I had
no conception of the extent of the ruins to be found here; so that my
companions, as well as myself, were absolutely amazed on beholding
the magnificence of some of them. As I viewed these from some
angles, I could almost fancy myself again on the majestic ruins of
Baalbec.” He especially notices a sumptuous triumphal arch of the
Corinthian order, with a lesser arch on each side. From this he
proceeded to three temples,—upon which time, and the innate
destructive disposition of the Arabs, have left evident traces. “Parts
are in a most dilapidated condition, yet it is surprising to meet with
so much which, with very little trouble and expense, might easily be
restored to its former grandeur. The front and entrance to the
temples are in ruins, and large masses of stone are lying about in all
directions, and block up the ingress; but the backs, which face the
triumphal arch, are in capital repair.”
On his return from visiting the ruins of Spaitla, our author and his
companions, miscalculating the movements of the main body of the
expedition, found themselves very much out of their reckoning.
Night came on,—their guide, the Majer chief, disappeared at the very
time his presence was most required; and what with the fear of his
rascally tribe before their eyes, as well as of the wild beasts of the
desert, the night which the little party had to pass on the sands
before they could rejoin the main body was anything but a
comfortable one.
Lions are common in these parts, and their tracks were
occasionally visible; but the king of beasts nowhere appeared in
person, and the Prince, who longed to try his skill on this lordly
tenant of the wastes, was balked of his sport. Hyenas are likewise to
be met with; and the manner in which they are taken by the Arabs in
these parts is very peculiar. Its subterranean abode, it appears, is so
narrow as not to permit of the animal turning about in it; and hence,
to use the Arab phraseology, it has “two doors,” by one of which it
enters, and by the other goes out. The Arabs, lying perdus in the
vicinity of one of these dens, watch the particular hole by which the
hyena enters, and then proceed to place a strong rope net over the
opposite hole,—whilst one of their fraternity, skilled in the business,
and prepared with a rope, works his way in by “the door” which the
animal has entered. As he nears the brute (which cannot turn upon
him), he “charms it,” according to our author’s informants, saying,
—“Come, my dear little creature; I will lead you to places where
many carcases are prepared for you,—plenty of food awaits you. Let
me fasten this rope to your beautiful leg, and stand quiet whilst I do
so.” This sentence, or something very similar to it, is repeated till the
operation is effectually achieved; when the daring son of the Sahara
begins to gore the brute with a dagger, till he is forced to rush out,
when he is caught in the net, and either killed on the spot or carried
off alive. If any blunder happens, however,—as is sometimes the case
—through which the hyena is enabled to struggle and re-enter its
abode, the “charmer,” in spite of his charming, falls a victim to its
savage rage, and frequently his companions can scarcely contrive to
get clear without feeling something of its effects.
The powerful Hamama tribe was the next which our travellers fell
in with,—two hundred of this tribe coming to pay their respects to
the heir-apparent of the throne, and escort him to the city of Cafsa.
“There was much in their appearance,” says Mr Davis, “to make me
regard this tribe with a great degree of interest. They are genuine
Arabs, and of this they are very proud. ‘Their hand is against every
man, and every man’s hand is against them.’ An officer from the
reigning sovereign of Tunis, (who has just joined our expedition)
with a number of cavalry soldiers, is now amongst them, in order to
enforce a fine of 2000 camels, for murders and other outrages
committed by these genuine descendants of Ishmael. They are at
enmity with the Dreeds, jealous of the Farasheesh, and almost
constantly at war with the Mamshe—a tribe inhabiting the western
borders of the regency, quite as powerful and as full of pretensions as
their own.” As seldom more than thirty camels are ever demanded
for a single life, these two thousand camels symbolise upwards of
sixty murders committed by this tribe, and known to the
Government!
His Highness the Prince made his entry in grand style into Cafsa,—
the Mamlooks on their choice horses, and in their best uniforms—a
native band playing their national tunes—a host of unfurled banners
—and at the wings several companies of cavalry. In all, including the
various tribes that had joined, the camp now amounted to no less
than 30,000 men, about 50,000 camels, and 2000 horses and
mules! “A just estimate of the size of the expedition,” says our
author, “can only be formed by viewing it from some eminence as it
is moving along, either in some large plain, or over the seas of sand
which now and then it is traversing. Often have I taken my position
on a little hillock, and could see nothing for miles before me or
behind but the living masses which composed the inhabitants of our
canvass city. How similar to this must have been the marching of the
Children of Israel in the wilderness, on their way from Egypt to the
Promised Land!”
The morning was lovely as they approached Cafsa. Not a speck
could be discovered in the sky, and everything around seemed to
have an aspect of contentment and cheerfulness. The city is
surrounded by gardens, gay with clusters of date, olive, lemon,
orange, pomegranate, pistacchio, and other fruit trees. “In walking
among these gardens, richly watered by a delicious brook, which has
its supply from two fountains, one within the citadel, and the other in
the centre of the city, a stranger can imagine himself in some more
temperate region, and among a people more advanced in
civilisation.” But on entering the city, the charm (as usual) vanishes.
Cafsa is the ancient Capsa, (built three hundred years before
Carthage), the stronghold of Jugurtha; of the inhabitants of which
place Florus says, “They are in the midst of their sands and serpents,
which defend them better from those that would attack them than
armies and ramparts would.” Marius, however, after some adroit
manœuvring, pounced upon and took the city;—and as the
inhabitants were strongly attached to the Numidian prince, the
Roman general, after giving the place up to be plundered by his
soldiers, levelled it with the ground, and put the inhabitants to the
sword, or sold them as slaves. The modern city, built on the ruins of
the ancient one, is situated upon a rising ground, and has a
population of about three or four thousand inhabitants. Within it
there is a spring, the waters of which, at their source, are tepid, but
are considerably cooled in the large basin into which they discharge
themselves. This is in all probability the Tarmid of Edrisi and the
Jugis aqua of Sallust. A small kind of fish, about two or three inches
in length, is to be found in this slightly tepid basin.
The capture of one of the Hamana tribe at this place, who had been
“preaching up a kind of crusade against the Government, and
instilling Chartist principles,” (!) not unnaturally suggests to Mr
Davis the recollection of certain cases of capital punishment which
he had witnessed at Tunis. One of these he thus describes:—

“A crowd near the Carthagenian gate attracted my attention, and on inquiry I

found that the five or six hundred persons had assembled to see the sentence of
their despot carried into execution. In a few minutes six hambas (policemen) made
their appearance on the wall, some forty yards distant from the gate, and about
thirty feet in height, leading two culprits, whose hands were pinioned in front.
They stepped firmly, and seemed quite callous and indifferent about their doom.
The hambas set at once about their work. They fastened ropes round the necks of
the criminals, which they secured to the battlements, on the wall. No ecclesiastic
was present to administer any religious consolation; but the executioners now and
then ejaculated the words, Maktoob, ‘it is so predestinated,’ and Hacka yehab
rubby, ‘such is the will of God.’ When desired to take the position pointed out to
them, they did so without manifesting the slightest reluctance, or exhibiting the
least symptom of fear. Each took his seat between two of the battlements, their feet
hanging over. They looked for a moment on the crowd beneath; and when one of
the hambas desired them to pronounce their creed, they cried out, ‘O Moslems!
pray for us.’ Then, turning their eyes heavenwards, they pronounced in a clear,
distinct, and audible voice, the words,’There is no God but God, and Mohammed is
his apostle.’ When the last word was uttered, the executioners pushed them
simultaneously off the wall, and thus the wretched men were launched into
eternity. The conduct of the assembled spectators was very orderly—indeed, grief
seemed depicted on every countenance.”

In Mohammedan law, sentences, whether capital or otherwise, are

no sooner pronounced than they are carried into execution. There is
a delectable variety in the modes of exit from this world, which the
law prescribes for capital offenders. Arabs are generally hanged,
seldom decapitated; Turks are mostly strangled; Jews are dealt with
after the manner of Arabs. Women are drowned; and the higher
classes, and princes, enjoy the privilege of being poisoned. In some
few cases, criminals are sentenced to be burned. One mode of death
—which we Europeans regard as rather an honourable one—is
regarded by the Koran-readers and the orthodox portion of the
community as heterodox in the extreme. A knowledge of Roger
Bacon’s invention, gunpowder, never having been vouchsafed to the
Prophet in any of his revelations, the Faithful, of course, are unable
to find a single passage in the Koran to justify sentencing a soldier to
be shot. But in this, as in many other instances, the common sense or
convenience of the Pasha leads him to deviate from the Cadi’s
opinion, and to overrule the Sharrah.
On leaving Cafsa, our travellers found themselves fairly in the
Sahara. “As the day advanced,” says Mr Davis, “the heat increased,
and by noon became almost intolerable. Besides the excessive heat of
a burning sun, we had to endure the noxious influence of the
southerly wind, which, fortunately for us, did not blow with all its
wonted fury. Its effect, however, was apparent, not only on myself,
but also on some of my friends. The weakness and lassitude these
combined agencies produced, manifested themselves by the perfect
stillness and sullenness which prevailed in every group of travellers,
as they either walked or rode along. The heat it collected in its sweep
across the burning sands, it now freely vented on us,—and that to
such a degree that some of its puffs actually resembled in their
effects the flames issuing from a furnace.” No wonder that the Psylli
of old should have attempted the extermination of so destructive a
tenant of the waste! This nation, says Herodotus, who in ancient
times inhabited a district bordering on the Regio Syrtica, having
once had all their reservoirs of water dried up by the south wind,
advanced into the Sahara in order to make war upon it; but the
enemy, defying bow and arrow, opposed them by blowing with
extreme violence, and raised such clouds and torrents of sand that
the poor Psylli were overwhelmed, and all of them perished! What
African traveller does not regret that the victory was on the side of
the noxious element!
Mr Davis never saw the Simoom in its full and dreadful force, nor
did he witness any of those astounding exhibitions of sand-columns,
circling in numbers over the surface of the desert, and overwhelming
everything that come in their way, that Bruce once gazed upon with
awe and wonder. But of snakes and scorpions, and suchlike
poisonous inhabiters of the Desert, our author had his fill. On one
occasion, when about to encamp, they found the ground literally
covered with snakes, whose bite, the Arabs say, is certain death.
“Happily for man,” said one of Mr Davis’s companions, “these
reptiles have not the benefit of sight;—had they not been deficient in
this, the world could not have existed, as these enemies of man
would undoubtedly have extirpated him from the face of the earth!
So powerful is their sting, that they have been known to have
penetrated the large iron stirrup of the Hamama.” The snake thus
alluded to—and we need hardly say, our readers may take the
description cum grano salis—is the liffa or liffach,—a reptile about a
yard in length; and the account which the Arabs give of the death of
those who have been bitten by it tallies very closely with the
description which Lucan gives of the death of Nasidius in the same
locality:—
“A fate of different kind Nasidius found:
A burning prester gave the deadly wound,—
And straight a sudden flame began to spread,
And paint his visage with a glowing red.
With swift expansion swells the bloated skin,
Nought but an undistinguish’d mass is seen:
The puffy poison spreads and heaves around,
Till all the man is in the monster drown’d.”

The next place the expedition reached was Tozar,—a town fairly in
the Sahara, and beyond even the farreaching sway of the old
Dominos rerum and their redoubtable Legionaries. “Before Tozar,”
says our author, “there are a few hillocks, dotted with some majestic
palm-trees; affording a delightful shade: and the silvery rivulet,
winding its way among these in devious directions, adds to the
charm of the scene. As we approached, we found the hillocks and the
trees literally covered with men, women, and children,—assembled
to witness the entry of Prince Mohammed and the camp, with their
shrill notes of lo-lo-lo-lo!” Tozar, like the other cities of the Sahara, is
in one important feature different from those on the coast. Generally
speaking, the streets of all the towns of Barbary, like those in Egypt
and Syria, are exceedingly narrow, so that one camel, laden with
wood or merchandise, is sufficient to obstruct the thoroughfare. But
in the towns of the Sahara the streets are generally very wide,—the
object of which is, to allow the furious winds of the Desert, charged
with immense masses of sand, to sweep clean through, instead of
being checked in their course, and therefore blocking up the streets
with their noxious deposit. From these sand-storms of the desert, the
coast-towns have little to fear, on account of the intervening
mountain-chains robbing those terrible visitants of their deadly
burden; and accordingly the inhabitants of the Barbary towns can
afford to build their streets very narrow, so as to exclude the fierce
rays of the sun,—a luxury which their southern brethren dare not
indulge in.
The population of Tozar amounts to about five thousand,—for the
most part of a swarthy complexion, with a cast of features bordering
upon that of the Negro. Indeed every fresh stage one makes in the
journey into Central Africa, a gradual change is perceptible in the
features and complexion of the population,—the white man, by a
slow but invariable process, changing into a Negro. “Were it
possible,” says Mr Davis, “to introduce into Europe an ethnological
collection, classified latitudinally, from the northern coast to Central
Africa, the greatest sceptic might be convinced of the fact, that time
and place alone made our coloured fellow-creatures what they are.
The slave-dealer, and the Negro-dealer, might thus have an ocular
demonstration of the great truth, that the black man is our brother,
and that circumstances alone, with the nature of which we are not
fully acquainted, made him to differ from us.” He mentions, as an
additional proof of this, that even among the Jews (who, he says,
“have probably lived in this part of Africa from the time the
Phœnicians first settled here”) a striking difference is perceptible
between those on the coast and those residing in the interior. He
adds the curious fact, that in the desert the Jews certainly do not live
for many centuries; and thence deduces the conclusion, that if its
influence is so clearly shown in them, both as regards colour and
features, it is not to be wondered that it should have told to a much
greater extent on those to whom the Sahara has been a home for
thousands of years. Of all these vari-coloured sections of the North
African population, the most merry and gay are unquestionably the
Negroes, whether male or female. To ask a Moor or an Arab if he
danced, would be to offer him a serious insult—the former especially
being too grave to have a regard even for music. But the black people
are almost always cheerful, and enjoy life even when in a state of
bondage. “Often have I seen them,” says Mr Davis, “congregated by
hundreds in some open space, singing and dancing, and playing, for
hours consecutively. The ability of the Negro to accommodate
himself to circumstances is surprising. What would depress and
crush a white man is supported with a marvellous resignation by the
black, whose light heart enables him to toil and to sing, to suffer, and
yet not despair.”
Within the oasis of Tozar, and its date-forest, are half-a-dozen
villages, besides four marabouts with their cupolas, around each of
which are a few huts. The houses of the Desert are generally only one
storey high, and are built, like those of Cafsa, of bricks, with rafters
of palm-wood. The interior of the houses is as humble as their
exterior. The rooms are long and narrow, with only a hole here and
there to admit the light; and from the rafters of the ceiling of every
apartment is suspended the stock of dates which, with milk, forms
the principal articles alike of food and of commerce. It is by the sale,
or rather barter, of their dates to the wandering tribes that the
inhabitants of the oasis of Tozar procure for themselves wheat,
barley, cloth, cattle, &c. In former times their commerce was not of
so simple or so innocent description—for a flourishing business used
to be done here with Tunis in human flesh. A slave was given in
exchange for two or three hundredweight of dates, or at the intrinsic
value of about £3; and when the rich planter’s shed was filled, he
marched the unhappy objects of his purchase northwards to the
coast, where they were shipped for their various destinations.
“Before the abolition of slavery in the regency of Tunis,” says our
author, “I have often seen caravans from this place exposing their
merchandise in the slave-market of the capital, and selling them at
the rate of £12 or £15 per head. But this lucrative business is now
stopped, at least so far as Tunis is concerned, and loud are the
complaints of the Tozarians on this subject.”
Besides the stock of dates pendant from the ceiling, the chief
ornaments which decorate the rooms of the Sahara towns, are a
strange medley of jars, jugs, dishes, plates, bottles, and glasses,
suspended on the wall facing the entrance-door. Here they are
exhibited promiscuously, totally irrespective of size, shape, colour, or
order, and by the quantity of these, an estimate is formed of the
wealth of the owner. A low table, a few stools made of the branches of
the palm-tree, and, in some instances, a couch or divan, complete the
furniture of an apartment,—and an apartment generally forms the
residence of a single family. At night, sheepskins, rugs, or mats, are
spread on the floor, and supply the place of beds. Every household,
we may add, has one or more immense jars, into which any loose or
stray dates are thrown. Within an inch or two of the bottom of these
jars there is a top, by which they draw off a species of date-honey,
which they use in cooking and for other purposes.
Date-honey, however, is not the only species of juice which the
Tozarians obtain from the palm-trees of their oasis; for we are
informed that though the devout believers in the Koran there
scrupulously abstain from wine, they indulge freely in lagmi, or the
juice of the palm-tree, which, when fermented, is quite as
intoxicating in its effects as the beverage prohibited by the Prophet.
This juice is easily obtained, and if possible still more easily
prepared. At a certain season of the year, an incision is made in the
tree just beneath the branches,—a jar is then so fastened as to receive
the liquid as it exudes,—and, in this manner, they usually procure
from a tree, during the course of a night, from a quart to a quart and
a half of lagmi. When drunk immediately, this liquor tastes like
genuine rich milk, and is perfectly free from an intoxicating
influence; but when allowed to stand for a night, or at most for
twenty-four hours—during which time fermentation takes place—“it
partakes (with the exception of the colour, which is whitish) of the
quality and flavour of champagne, and that of a much superior sort
to what is usually offered in the British markets.” This date-tree wine
is to be found in every house, and has its victims reeling through the
streets of Tozar just as beer and whisky have in our streets at home.
But the curious part of the matter is, that “the faithful” openly justify
themselves against the charge of transgressing their Prophet’s
precept. “Lagmi is not wine,” they say, “and the Prophet’s
prohibition refers to wine.”
Of the social relations at Tozar, Mr Davis says:—“My first
impression, on visiting several families, was such as to induce me to
believe that greater domestic happiness prevailed here than in the
Mohammedan cities on the coast. The females are not kept in
distinct and separate apartments, nor do they even cover their faces
when in the presence of strangers, but appear perfectly free, and
seem exceedingly affable.” A closer examination, however, sufficed to
show that the regulations of Mohammedanism in regard to females
produced very much the same results here as elsewhere. Marriage is
usually contracted very early,—so that it is no uncommon thing to
see boys of thirteen and fourteen in possession of wives of eleven or
twelve, or even younger; and the result, here as elsewhere, is, that
girls of twelve look as old as European females do at twenty, and at
thirty they are almost fit to be placed on the retired list. Indeed, as
Colonel Dow in his Ferishta says, polygamy in the East is founded
very much on natural causes, as, owing to early marriages, and the
effects of the climate, a man there keeps his vigour long enough to
see two or three wives bloom and fade in succession. Moslems
consider it wrong, and even sinful, if a man has reached his twentieth
year without marrying. The young couple are joined together on the
good faith of their parents or relations; for they are not permitted to
see each other before the nuptial night. Certain persons, however,—
generally old women, relatives of the parties—are sent from the man,
who examine the lady, and bring him back a report of her bodily
accomplishments. If the man finds himself disappointed, he has a
right to send her back to her parents, without restoring to her the
portion that was promised her,—or rather, the price that was to be
paid for her, as the wife is bought by the husband. The young
damsels, it must be allowed, take all pains to avoid so lamentable a
catastrophe. “Excessive obesity,” says Mr Davis, “is considered the
perfection of female beauty among the Mohammedans on the coast;
hence a young woman, after she is betrothed, receives gold or silver
shackles upon her hands and wrists, and is fed so long till these are
filled up. A kind of seed called drough, and their national dish
coscoso, are used for the purpose. The young lady is literally
crammed, and some actually die under the spoon.”
These African beauties, it would appear, are subject to strange
fantasies and superstitions. The Jenoon, or devil, we are told,
sometimes causes a lady to fancy some article of dress or jewellery;
and until her husband (for the lady is always a married one) procures
her the article, the Jenoon torments her in a most pitiless manner.
But the tormentor is not satisfied by the lady obtaining the article.
He must have something for himself, in return for the trouble he
takes in the matter,—and that something is nothing less than a
splendid feast exclusively of ladies. Our reverend author, however, by
special favour, was once present at a feast of this kind at Nabil, the
ancient Neapolis; and as the spirits do not seem to have stood much
in awe of “the cloth,” he is able to furnish us with the following
account of this Jenoon or devil feast:—

“The room in which it was celebrated was beautifully illuminated, and

surrounded with ottomans, upon which the ladies, amounting to forty, were
luxuriously reclining, and amongst them the lady possessed by the Jenoon. All of
them were beautifully dressed, and none of them, judging from their appearance,
were more than forty years of age, though some of them were still in their teens.
After I had been there a few moments, supper was brought in; and coscoso, the
favourite dish of Barbary, was of course not excluded. They all sat down on the
ground, and some with wooden spoons, whilst others with their hands, partook
freely of the repast. I was invited to join them, which I did, and had also the
pleasure to be favoured with a spoon.” (We hope it was a long one!)
“After supper they all took their former places; and a band of music began to
strike up some of their national tunes. All the ladies sat quiet—till of a sudden one
of them, a young woman of about twenty, arose and began to dance by herself. She
was soon followed by several others, who were wheeling rapidly round; and all of
them worked themselves into such a frenzy that from weakness they dropped to
the ground, where they lay, till, recovering their strength, they recommenced their
madness. This lasted a considerable time. The lady with the Jenoon was sitting
quietly on the ottoman. When the visitors had finished their amusement, she
started up, and followed their example; and when she, like the others, was
stretched on the floor, one of the spectators arose, and asked what article she
fancied,—to which she made no reply. The former then named several articles of
dress, asking whether she wished any of them; and when the article which the
Jenoon lady desired was mentioned, (I believe a shawl), she suddenly started up,—
and this was the signal that the Jenoon feast was considered as ended.”

When Barbary ladies play the Jenoon with their husbands at this
rate, it is not to be wondered at that a separation from such fantastic
spirits should be placed within easy reach of the man. Barbary
husbands, at least if they be Moslems, can take back their divorced
partners after a first divorce, but not after a second, unless—strange
provision!—she has in the interim been married to another man. A
husband may oblige his divorced wife to nurse any infant she has
borne him, until it is two years old; and no man can marry a divorced
woman sooner than four months and a half after her total separation
from the former husband. The facility with which a divorce can be
procured in Northern Africa, even for the most trivial causes, cannot
be otherwise than most pernicious to the social welfare of the
community. Mr Davis narrates the following anecdote in illustration
of this ridiculous as well as most mischievous license:—

“A servant of mine of the name of Ali, once very pressingly applied for leave to go
out for a short time. It was not my custom to inquire into the nature of his
business, but, on that occasion something unaccountable prompted me to put the
question,—‘And where are you going to, Ali?’
“Holding up a piece of paper, he very coolly answered,—‘To give my wife this
divorce; and shall soon be back, Arfi,’ (my master).
“‘To give your wife a divorce! Well, you may go; but remember, if you divorce
her, I from this very moment divorce you.’
“Handing me the paper, Ali exclaimed,—‘Here, master, take it; on such
conditions I shall not divorce my wife.”’

Tozar was the most southerly point which the expedition reached;
and here it remained for the space of three weeks, during which time
Mr Davis and his three French companions made excursions to the
neighbouring oases. Accompanied by the Governor and Cadi of
Nefta, with a retinue of some twenty well-mounted servants, they set
out over the sands to visit that place. “Never,” says Mr Davis, “had
the propriety of styling the camel the ship of the Desert been so
apparent to me as this day. The whole way from Tozar to Nefta, the
Desert had completely the aspect of a vast bed of an ocean, and we
seemed to plough the sandy waves of the Sahara as the ship does
those of the sea. The morning was rather hazy, and the sky was
overcast with a number of detached small white clouds, which
(particularly those along the horizon) very often assumed the form of
a variety of sailing crafts; and thus added considerably to the
delusion, under the influence of which we Europeans were quite
willing to abide, viz. of navigating some expansive lake. By seven
o’clock, however, the sun burst forth in all his brilliance; every cloud
was speedily dispersed, and a clear, blue ethereal sky was stretched
over us as far as the eye could reach.” When fairly launched upon the
Deserts, the sameness of the scenery becomes most oppressive.
Seldom is the traveller’s eye refreshed by anything in the shape of a
mountain or a green plain. One sea of sand succeeds another; and
were it not for an occasional mirage, which for a time diverts them,
or, for the circumstance that the glaring sun and drifting sand-clouds
compels them sometimes for hours together to envelop their faces in
the bornoos, or cloak, so that they are able to dream of the fantastic
groups of date-trees, and the gentle rivulets winding amongst them
in their native land, their journey through such portions of the
Desert would be the most intolerable and dreary imaginable. These
alleviations, or “comforts,” as an old voyager of the Desert called
them, being mere illusions, are rather calculated to vex the heart of
the inexperienced traveller. But those who have been in the habit of
crossing the sandy ocean from their infancy, and to whom every spot
on its surface is familiar, are diverted, and even cheered by such
illusions. “It is a change for them,” said one of these veteran
voyagers, “and any change in a monotonous life is agreeable.”
On the present occasion, however, our travellers were embarked
on a much shorter journey. A few hours’ ride sufficed to carry them
over the waste, and bring them to the oasis of Nefta—of the extreme
antiquity of which town the Cadi had the most assured belief.
“Nefta,” said he, “was built—or, rather the foundation of it was laid—
by Saidna Noah (our Lord Noah): peace be upon him! Here he
discovered the first dry spot; and hence he disembarked here, and
erected an abode for his family.” The inhabitants of these oases of the
Desert are not without their etiquette; and on approaching the town,
the Governor assumed his dignified aspect, made his entry with all
possible gravity, and was no sooner seated in his own residence than
the sheikhs and aristocracy of Nefta assembled to welcome him,
some kissing his head, some his shoulder, some his elbow, and some
the palm of his hand. The worthy Governor, however, who had a
good dash of humour in his composition, loved other things better
than etiquette. “No sooner was the assembly dismissed,” says our
author, “than our lordly host again resumed his easy and affable
manner. When the sound of the feet of the last grandee had died
away, Ibrahim rose up, and assumed an attitude which might have
been a subject for the study of an artist. There he stood, not unlike
what I could fancy a Demosthenes, a Cato, or a Cicero, when on the
point of commencing one of their thrilling orations. Ibrahim
remained in that position a few seconds, and then turning to us, said,
‘I am glad to be free again. Gentlemen! you no doubt are hungry as
well as myself; have you any objection to a good dinner?’”
 Having despatched the dinner, which justified the host’s eulogium
of it, and reposed for a few hours after their fatigues, Mr Davis and
one of his companions set out by themselves to ride all round the
oasis of Nefta. “All went on well at first,” he says, “and we even
enjoyed our ride along the outskirts of the thick forest of magnificent
and majestic date-trees, till we suddenly perceived our horses
sinking beneath us. ‘Pull up! pull up!’ screamed my companion; ‘the
ground is unsafe!’ We were on the brink of getting on the Kilta, a
dangerous swamp, which receives the surplus waters of the head-
fountain, after they have supplied the vast date-plantations. The
Kilta joins the ‘Sea of Pharaoh,’ and never have I seen anything of a
more delusive character. The surface of the swamp had precisely the
same appearance as the solid ground; and had we been riding at full
speed, we might have perished in this deceitful abyss.” The Ras Elain
—“head fountain or spring,”—which is the source of the waad, or
river, constitutes the charm and luxury of this delightful oasis. The
spring is surrounded on three sides by hillocks, and is embowered
amidst a cluster of palm-trees, so thickly and eccentrically placed
that our travellers had much difficulty in approaching it so as to taste
its waters. Fi kol donya ma atsh’ kaifho’,—“In the whole world there
is nothing like it!” exclaimed their guide. “And I must candidly
confess,” says Mr Davis, “that though he had never left the locality of
his birth, he was pretty correct on this point. Never did I taste more
delicious water; and we unanimously agreed that the Neftaweens
might well be proud of their Ras Elain. What a boon is this spring,
located as it is amidst the burning sands!”
But the great marvel of this district is the mysterious Bakar
Faraoon, the “Sea of Pharaoh.” The whole tribes of the vicinity look
with awe and terror upon this so-called “sea,” and superstitions
innumerable are connected with it. Not only has the army of that
wicked monarch after whom the sea is called, perished in it, but
hosts of infidel sovereigns, persecutors of the Faithful, with their
myriads of warriors, been engulfed in it, and are still sinking down
its bottomless abyss! Such are the reports of the Moslems, confirmed
by the weighty asseverations of our author’s learned friend, the Cadi
of Nefta. “Not only have numberless armies been seen marching and
re-marching on its surface by night,” said that erudite expounder of
the Koran, “but repeatedly have they been seen during broad
daylight. Giants on monstrously large horses, have been seen
galloping about in various directions, advancing and receding, and
then suddenly disappearing again in that ‘sea.’”

“‘Have you ever, my Lord Cadi, seen any of those submarine warriors?’
Cadi.—‘No, I never have.’
‘Can you mention any trustworthy person of your acquaintance who has?’
Cadi.—‘I certainly cannot.’
‘Then what evidence have you for the truth of those marvellous apparitions?’
Cadi.—‘Every one believes in all I have told you.’
‘Is it not possible that all this belief may be the result of the fevered imagination
of some superstitious individual?’
Cadi.—‘It certainly is possible,—but all believe it.’”

This wonderful “sea” is a vast lake, dry for about nine months of
the year, extending about seventy miles in length, by forty broad at
its widest part. It receives several streamlets, such as the Ras Elain of
Nefta; and, during the rainy season, the torrents from the mountains
which on two sides at least adjoin it. During the winter, portions of
the lake-bed retain for a short time the waters thus poured into it;
but during the greater part of the year, a deposit of salt only is visible
on its sandy surface. It abounds in marshes, quicksands, and trap-
pits; and at no time can it be crossed save by a single route, which is
pointed out by trunks of palm-trees, placed at short distances,—and
hence its proper name, the Lake of Marks. Tufts of very sickly-
looking grass, and mounds clothed with consumptive shrubs, fringed
its shores at the time our travellers visited it; and its surface was
wavy, and covered with saline incrustations. Towards the north-east
part of the lake there is a kind of island, about four miles in
circumference, which is covered with palm-trees. The Arabs say that
those trees have grown up from the kernels left there by Pharaoh’s
troops,—and this they regard as an additional proof that the
Egyptian monarch and his army perished there!
At last the three weeks’ stay at Tozar drew to a close, and a most
lovely night was that which preceded their departure. Mr Davis
seldom indulges in scenic description; and we give the following as a
rare and charming picture of a night-scene in the Desert:—
 “At half-past ten, when every inmate of my establishment had retired to rest,—
the tranquillity, the universal stillness, and balmy atmosphere seemed to invite me
to leave my tent again. All was serene and calm without, and everything appeared
to inspire the mind with serious and sober reflection.

‘Nature was hush’d, as if her works adored,

Still’d by the presence of her living Lord.’

The sultry heat of the day had now ceased, and a cool northerly breeze gently
waved the branches of the stately palm-trees. The darkness gradually vanished
before the bright rays of the moon, whose silvery light streamed through the forest;
and in a few minutes, she rode high above the loftiest of its countless trees, and by
her splendour and brilliancy so illuminated every object around, that day appeared
again perfectly restored. And the stars, too,—

‘Those quenchless stars! so eloquently bright.

Untroubled sentries of the shadowy night,’—

vied with each other in lustre, to contribute to the magnificence of this majestic
scene,—to add dazzling refulgence to the prodigious theatre exhibited for the
admiration of wondering man!
“Here we have our white canvass city, and, a little beyond it, the sombre
buildings of Tozar. Here again is the thick forest of graceful palms, with their
clusters of ‘fruits of gold,’ pendant beneath their feathery branches. The rippling
brook flows on in its eccentric course, bearing on its surface the reflection of the
host of stars in the firmament. All nature—animate and inanimate—as far as my
vision could embrace, not only declared the omnipotence and benevolence of the
great Eternal, but seemed to proclaim universal peace and safety,—

‘’Twas a fair scene,—a land more bright

Never did mortal eye behold!’

“The only sound audible, besides that of the sentries, and the rippling stream
close by, was the voice of a dervish or saint, who was entertaining the inmates of a
tent, pitched a short distance from mine, with some extraordinary Mecca legends. I
was on the point of re-entering my tent, when one of the party, attracted by the
scene without, called upon his companions to behold the wonderful works of God.
All obeyed; and my thin texture partition enabled me to listen to their repeated
exclamations of Allah Kabeer, ‘God is great!’ Thus the Moslem, like the Christian,
was led, from a survey of the stupendous works of nature, to contemplate nature’s
omnipotent God.”

We need not follow the steps of the expedition as it slowly retraced

its path northwards through the Desert, from oasis to oasis, till it
fairly reentered the region of verdure and perennial waters. Nor can
we stay, even in passing, to tell of the many French deserters who
have sought refuge among the tribes and towns of the Sahara, nor of
their strange adventures, nor of the hardship and death which in so
many cases has overtaken them. We merely reconduct Mr Davis,
with a velocity unknown to desert-travelling, back to Tunis, and
there leave him. His book is a very creditable performance,—though
one-half of it might have been as well written (and perhaps was so)
in comfortable lodgings in London as in “My Tent” in the Balad
Ejjareed. It is not a book of personal adventure. The author is a
reverend gentleman, who has no ambition to rival the feats of
Gordon Cumming among the lions and hippopotamuses of the
African wastes; still less is he inclined to become a “free lance” in the
ranks of General Pelissier’s Zouaves, and spin us thrilling tales of
hairbreadth escapes, such as have lately issued from the press of
Germany. But he has been a considerable time—six years—in
Northern Africa, and has made himself well acquainted with the
language and customs of its people,—upon which subjects we know
of no writer in whom we would place more confidence. He is also
well acquainted with the works of adventure and travel already
published on this part of the world, and of which he very properly
makes use to lend additional value or interest to his own. Indeed we
think we have recognised several anecdotes in his book which we
have already quoted in our pages, when reviewing the foreign works
in which they originally appeared. Hence these Evenings in my Tent
do not contain so much fresh matter as we anticipated; yet the
substance of their pages is, on the whole, both good and readable—if
we except the antiquated chapter on the Slave-trade, and a few
passages where the author’s clerical habits incline him to sermonise
rather more than may suit the tastes of his lay readers.