Does the SQL MA utilise encryption?
I am wondering if the SQL MA would be able to communicate with a SQL Server data source that has a cert installed and forces encryption? There are no configuration parameters in the SQL MA for encryption and I haven't been able to find any documentation
on this. Does anyone know how the SQL MA handles encryption or if it does?
Thanks!
April 27th, 2011 4:34pm
It should as long as the Sync Server trusts the SSL cert used by the SQL Server.
Configuring SQL Connections to be encrypted is done at the SQL layers.
http://msdn.microsoft.com/en-us/library/ms191192.aspx
On the SQL Server you use the SQL Server Configuration Manager to configure the server (after installing a certificate).
Then either on the SQL Server or the SQL Client machine (in this case the Sync Server) you configure the Force Encryption Option.
Doing that on the SQL Server forces all connections to it to be encrypted, and will cause connections to fail unless they trust the SSL certificate used by the SQL Server or they have been configured to trust the cert on the server (ignore trust chain validation).
Doing it on the SQL Client (the Sync Server) means that all connections made by that client to SQL Servers must be encrypted or they fail.
So it can be done but you can see that these compromises may not work for all folks.David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html
Free Windows Admin Tool Kit Click here and download it now
May 4th, 2011 7:08pm
It should as long as the Sync Server trusts the SSL cert used by the SQL Server.
Configuring SQL Connections to be encrypted is done at the SQL layers.
http://msdn.microsoft.com/en-us/library/ms191192.aspx
On the SQL Server you use the SQL Server Configuration Manager to configure the server (after installing a certificate).
Then either on the SQL Server or the SQL Client machine (in this case the Sync Server) you configure the Force Encryption Option.
Doing that on the SQL Server forces all connections to it to be encrypted, and will cause connections to fail unless they trust the SSL certificate used by the SQL Server or they have been configured to trust the cert on the server (ignore trust chain validation).
Doing it on the SQL Client (the Sync Server) means that all connections made by that client to SQL Servers must be encrypted or they fail.
So it can be done but you can see that these compromises may not work for all folks.David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html
May 4th, 2011 7:08pm