Solved

Securing SSIS Package Deployment on Test and Production Servers

Posted on 2011-03-06
4
749 Views
Last Modified: 2012-05-11
Hi,

I am trying to deploy SSIS package on test and production servers. Can you please give me some practical tips/steps to secure ssis package. I have read about implementing certificate/private key stuff. But, I could not get the clear understanding of it.

Can I secure my deployment with configuration file?

It is really important issue to resolve. Please Help!!!


Thanks.
0
Comment
Question by:ezkhan
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
Tony303 earned 167 total points
ID: 35053778
The methods explained here are the way to go...
http://msdn.microsoft.com/en-us/library/ms141747.aspx

Look at the options here....I think you are up to option 2...

Typically, you change the protection level as listed in the following steps:

1.During development, leave the protection level of packages set to the default value, EncryptSensitiveWithUserKey. This setting helps ensure that only the developer sees sensitive values in the package. Or, you can consider using EncryptAllWithUserKey, or DontSaveSensitive.

2.When it is time to deploy the packages, you have to change the protection level to one that does not depend on the developer's user key. Therefore you typically have to select EncryptSensitiveWithPassword, or EncryptAllWithPassword. Encrypt the packages by assigning a temporary strong password that is also known to the operations team in the production environment.

3.After the packages have been deployed to the production environment, the operations team can re-encrypt the deployed packages by assigning a strong password that is known only to them. Or, they can encrypt the deployed packages by selecting EncryptSensitiveWithUserKey or EncryptAllWithUserKey, and using the local credentials of the account that will run the packages


0
 
LVL 10

Assisted Solution

by:itcouple
itcouple earned 333 total points
ID: 35054710
Hi

The way I do it is all configuration (changing information) is kept in SQL Server Configuration Table which only certain people have access to and populates package variable at run time. Package is set to don't save sensitive. SSIS Configuration Table connection string is set using indirect configuration (environment variable).

Regards
Emil
0
 

Author Comment

by:ezkhan
ID: 35073287
The way it is working is without configuration files and with EncryptSensitveWithUserKey on development server. Now i want to implement on test and production server and trying to implement the following approach.

Anticipated Aproach is: with EncryptAllWithPassword and storing all connections, variables and passwords in sql server configuration table and using xml configurations to point to the table. This approach still did not work.

In the meanwhile i am making sure configuration files path is same on development computer and production server as I read it somewhere it has to be same.

One more important point one of the servers involved in ssis is SQL Server 2000 and its using SQL Server Authentication with sa login. When i try to use configuration files or any other security level than EncryptSensitiveWithUserKey or EncryptAllWithUserKey it does not work and complains about authentication to server is failed.


Any Thoughts!!!!!
0
 
LVL 10

Assisted Solution

by:itcouple
itcouple earned 333 total points
ID: 35093624
Hi

" xml configurations to point to the table. This approach still did not work."

What exactly didn't work? Are you using local drive? so it is always C:\folder on each machine?
EncryptAllWithPassword can also cause some issues. I personally use "don't save sensitive" the reason for that is that the value are in variables so it doesn't make any difference comparing to other protection level properties.

Regards
Emil
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Occasionally there is a need to clean table columns, especially if you have inherited legacy data. There are obviously many ways to accomplish that, including elaborate UPDATE queries with anywhere from one to numerous REPLACE functions (even within…
Ever needed a SQL 2008 Database replicated/mirrored/log shipped on another server but you can't take the downtime inflicted by initial snapshot or disconnect while T-logs are restored or mirror applied? You can use SQL Server Initialize from Backup…
Viewers will learn how to use the SELECT statement in SQL and will be exposed to the many uses the SELECT statement has.
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now