Solved

Securing SSIS Package Deployment on Test and Production Servers

Posted on 2011-03-06
4
753 Views
Last Modified: 2012-05-11
Hi,

I am trying to deploy SSIS package on test and production servers. Can you please give me some practical tips/steps to secure ssis package. I have read about implementing certificate/private key stuff. But, I could not get the clear understanding of it.

Can I secure my deployment with configuration file?

It is really important issue to resolve. Please Help!!!


Thanks.
0
Comment
Question by:ezkhan
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
Tony303 earned 167 total points
ID: 35053778
The methods explained here are the way to go...
http://msdn.microsoft.com/en-us/library/ms141747.aspx

Look at the options here....I think you are up to option 2...

Typically, you change the protection level as listed in the following steps:

1.During development, leave the protection level of packages set to the default value, EncryptSensitiveWithUserKey. This setting helps ensure that only the developer sees sensitive values in the package. Or, you can consider using EncryptAllWithUserKey, or DontSaveSensitive.

2.When it is time to deploy the packages, you have to change the protection level to one that does not depend on the developer's user key. Therefore you typically have to select EncryptSensitiveWithPassword, or EncryptAllWithPassword. Encrypt the packages by assigning a temporary strong password that is also known to the operations team in the production environment.

3.After the packages have been deployed to the production environment, the operations team can re-encrypt the deployed packages by assigning a strong password that is known only to them. Or, they can encrypt the deployed packages by selecting EncryptSensitiveWithUserKey or EncryptAllWithUserKey, and using the local credentials of the account that will run the packages


0
 
LVL 10

Assisted Solution

by:itcouple
itcouple earned 333 total points
ID: 35054710
Hi

The way I do it is all configuration (changing information) is kept in SQL Server Configuration Table which only certain people have access to and populates package variable at run time. Package is set to don't save sensitive. SSIS Configuration Table connection string is set using indirect configuration (environment variable).

Regards
Emil
0
 

Author Comment

by:ezkhan
ID: 35073287
The way it is working is without configuration files and with EncryptSensitveWithUserKey on development server. Now i want to implement on test and production server and trying to implement the following approach.

Anticipated Aproach is: with EncryptAllWithPassword and storing all connections, variables and passwords in sql server configuration table and using xml configurations to point to the table. This approach still did not work.

In the meanwhile i am making sure configuration files path is same on development computer and production server as I read it somewhere it has to be same.

One more important point one of the servers involved in ssis is SQL Server 2000 and its using SQL Server Authentication with sa login. When i try to use configuration files or any other security level than EncryptSensitiveWithUserKey or EncryptAllWithUserKey it does not work and complains about authentication to server is failed.


Any Thoughts!!!!!
0
 
LVL 10

Assisted Solution

by:itcouple
itcouple earned 333 total points
ID: 35093624
Hi

" xml configurations to point to the table. This approach still did not work."

What exactly didn't work? Are you using local drive? so it is always C:\folder on each machine?
EncryptAllWithPassword can also cause some issues. I personally use "don't save sensitive" the reason for that is that the value are in variables so it doesn't make any difference comparing to other protection level properties.

Regards
Emil
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why is this different from all of the other step by step guides?  Because I make a living as a DBA and not as a writer and I lived through this experience. Defining the name: When I talk to people they say different names on this subject stuff l…
The Delta outage: 650 cancelled flights, more than 1200 delayed flights, thousands of frustrated customers, tens of millions of dollars in damages – plus untold reputational damage to one of the world’s most trusted airlines. All due to a catastroph…
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.
Viewers will learn how the fundamental information of how to create a table.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question