Solved

Securing SSIS Package Deployment on Test and Production Servers

Posted on 2011-03-06
4
763 Views
Last Modified: 2012-05-11
Hi,

I am trying to deploy SSIS package on test and production servers. Can you please give me some practical tips/steps to secure ssis package. I have read about implementing certificate/private key stuff. But, I could not get the clear understanding of it.

Can I secure my deployment with configuration file?

It is really important issue to resolve. Please Help!!!


Thanks.
0
Comment
Question by:ezkhan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
Tony303 earned 167 total points
ID: 35053778
The methods explained here are the way to go...
http://msdn.microsoft.com/en-us/library/ms141747.aspx

Look at the options here....I think you are up to option 2...

Typically, you change the protection level as listed in the following steps:

1.During development, leave the protection level of packages set to the default value, EncryptSensitiveWithUserKey. This setting helps ensure that only the developer sees sensitive values in the package. Or, you can consider using EncryptAllWithUserKey, or DontSaveSensitive.

2.When it is time to deploy the packages, you have to change the protection level to one that does not depend on the developer's user key. Therefore you typically have to select EncryptSensitiveWithPassword, or EncryptAllWithPassword. Encrypt the packages by assigning a temporary strong password that is also known to the operations team in the production environment.

3.After the packages have been deployed to the production environment, the operations team can re-encrypt the deployed packages by assigning a strong password that is known only to them. Or, they can encrypt the deployed packages by selecting EncryptSensitiveWithUserKey or EncryptAllWithUserKey, and using the local credentials of the account that will run the packages


0
 
LVL 10

Assisted Solution

by:itcouple
itcouple earned 333 total points
ID: 35054710
Hi

The way I do it is all configuration (changing information) is kept in SQL Server Configuration Table which only certain people have access to and populates package variable at run time. Package is set to don't save sensitive. SSIS Configuration Table connection string is set using indirect configuration (environment variable).

Regards
Emil
0
 

Author Comment

by:ezkhan
ID: 35073287
The way it is working is without configuration files and with EncryptSensitveWithUserKey on development server. Now i want to implement on test and production server and trying to implement the following approach.

Anticipated Aproach is: with EncryptAllWithPassword and storing all connections, variables and passwords in sql server configuration table and using xml configurations to point to the table. This approach still did not work.

In the meanwhile i am making sure configuration files path is same on development computer and production server as I read it somewhere it has to be same.

One more important point one of the servers involved in ssis is SQL Server 2000 and its using SQL Server Authentication with sa login. When i try to use configuration files or any other security level than EncryptSensitiveWithUserKey or EncryptAllWithUserKey it does not work and complains about authentication to server is failed.


Any Thoughts!!!!!
0
 
LVL 10

Assisted Solution

by:itcouple
itcouple earned 333 total points
ID: 35093624
Hi

" xml configurations to point to the table. This approach still did not work."

What exactly didn't work? Are you using local drive? so it is always C:\folder on each machine?
EncryptAllWithPassword can also cause some issues. I personally use "don't save sensitive" the reason for that is that the value are in variables so it doesn't make any difference comparing to other protection level properties.

Regards
Emil
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
Via a live example, show how to shrink a transaction log file down to a reasonable size.

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question