Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Securing SSIS Package Deployment on Test and Production Servers

Posted on 2011-03-06
4
Medium Priority
?
774 Views
Last Modified: 2012-05-11
Hi,

I am trying to deploy SSIS package on test and production servers. Can you please give me some practical tips/steps to secure ssis package. I have read about implementing certificate/private key stuff. But, I could not get the clear understanding of it.

Can I secure my deployment with configuration file?

It is really important issue to resolve. Please Help!!!


Thanks.
0
Comment
Question by:ezkhan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
Tony303 earned 668 total points
ID: 35053778
The methods explained here are the way to go...
http://msdn.microsoft.com/en-us/library/ms141747.aspx

Look at the options here....I think you are up to option 2...

Typically, you change the protection level as listed in the following steps:

1.During development, leave the protection level of packages set to the default value, EncryptSensitiveWithUserKey. This setting helps ensure that only the developer sees sensitive values in the package. Or, you can consider using EncryptAllWithUserKey, or DontSaveSensitive.

2.When it is time to deploy the packages, you have to change the protection level to one that does not depend on the developer's user key. Therefore you typically have to select EncryptSensitiveWithPassword, or EncryptAllWithPassword. Encrypt the packages by assigning a temporary strong password that is also known to the operations team in the production environment.

3.After the packages have been deployed to the production environment, the operations team can re-encrypt the deployed packages by assigning a strong password that is known only to them. Or, they can encrypt the deployed packages by selecting EncryptSensitiveWithUserKey or EncryptAllWithUserKey, and using the local credentials of the account that will run the packages


0
 
LVL 10

Assisted Solution

by:itcouple
itcouple earned 1332 total points
ID: 35054710
Hi

The way I do it is all configuration (changing information) is kept in SQL Server Configuration Table which only certain people have access to and populates package variable at run time. Package is set to don't save sensitive. SSIS Configuration Table connection string is set using indirect configuration (environment variable).

Regards
Emil
0
 

Author Comment

by:ezkhan
ID: 35073287
The way it is working is without configuration files and with EncryptSensitveWithUserKey on development server. Now i want to implement on test and production server and trying to implement the following approach.

Anticipated Aproach is: with EncryptAllWithPassword and storing all connections, variables and passwords in sql server configuration table and using xml configurations to point to the table. This approach still did not work.

In the meanwhile i am making sure configuration files path is same on development computer and production server as I read it somewhere it has to be same.

One more important point one of the servers involved in ssis is SQL Server 2000 and its using SQL Server Authentication with sa login. When i try to use configuration files or any other security level than EncryptSensitiveWithUserKey or EncryptAllWithUserKey it does not work and complains about authentication to server is failed.


Any Thoughts!!!!!
0
 
LVL 10

Assisted Solution

by:itcouple
itcouple earned 1332 total points
ID: 35093624
Hi

" xml configurations to point to the table. This approach still did not work."

What exactly didn't work? Are you using local drive? so it is always C:\folder on each machine?
EncryptAllWithPassword can also cause some issues. I personally use "don't save sensitive" the reason for that is that the value are in variables so it doesn't make any difference comparing to other protection level properties.

Regards
Emil
0

Featured Post

Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
It is possible to export the data of a SQL Table in SSMS and generate INSERT statements. It's neatly tucked away in the generate scripts option of a database.
Viewers will learn how the fundamental information of how to create a table.
Viewers will learn how to use the SELECT statement in SQL and will be exposed to the many uses the SELECT statement has.

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question