Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Securing SSIS Package Deployment on Test and Production Servers

Posted on 2011-03-06
4
756 Views
Last Modified: 2012-05-11
Hi,

I am trying to deploy SSIS package on test and production servers. Can you please give me some practical tips/steps to secure ssis package. I have read about implementing certificate/private key stuff. But, I could not get the clear understanding of it.

Can I secure my deployment with configuration file?

It is really important issue to resolve. Please Help!!!


Thanks.
0
Comment
Question by:ezkhan
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
Tony303 earned 167 total points
ID: 35053778
The methods explained here are the way to go...
http://msdn.microsoft.com/en-us/library/ms141747.aspx

Look at the options here....I think you are up to option 2...

Typically, you change the protection level as listed in the following steps:

1.During development, leave the protection level of packages set to the default value, EncryptSensitiveWithUserKey. This setting helps ensure that only the developer sees sensitive values in the package. Or, you can consider using EncryptAllWithUserKey, or DontSaveSensitive.

2.When it is time to deploy the packages, you have to change the protection level to one that does not depend on the developer's user key. Therefore you typically have to select EncryptSensitiveWithPassword, or EncryptAllWithPassword. Encrypt the packages by assigning a temporary strong password that is also known to the operations team in the production environment.

3.After the packages have been deployed to the production environment, the operations team can re-encrypt the deployed packages by assigning a strong password that is known only to them. Or, they can encrypt the deployed packages by selecting EncryptSensitiveWithUserKey or EncryptAllWithUserKey, and using the local credentials of the account that will run the packages


0
 
LVL 10

Assisted Solution

by:itcouple
itcouple earned 333 total points
ID: 35054710
Hi

The way I do it is all configuration (changing information) is kept in SQL Server Configuration Table which only certain people have access to and populates package variable at run time. Package is set to don't save sensitive. SSIS Configuration Table connection string is set using indirect configuration (environment variable).

Regards
Emil
0
 

Author Comment

by:ezkhan
ID: 35073287
The way it is working is without configuration files and with EncryptSensitveWithUserKey on development server. Now i want to implement on test and production server and trying to implement the following approach.

Anticipated Aproach is: with EncryptAllWithPassword and storing all connections, variables and passwords in sql server configuration table and using xml configurations to point to the table. This approach still did not work.

In the meanwhile i am making sure configuration files path is same on development computer and production server as I read it somewhere it has to be same.

One more important point one of the servers involved in ssis is SQL Server 2000 and its using SQL Server Authentication with sa login. When i try to use configuration files or any other security level than EncryptSensitiveWithUserKey or EncryptAllWithUserKey it does not work and complains about authentication to server is failed.


Any Thoughts!!!!!
0
 
LVL 10

Assisted Solution

by:itcouple
itcouple earned 333 total points
ID: 35093624
Hi

" xml configurations to point to the table. This approach still did not work."

What exactly didn't work? Are you using local drive? so it is always C:\folder on each machine?
EncryptAllWithPassword can also cause some issues. I personally use "don't save sensitive" the reason for that is that the value are in variables so it doesn't make any difference comparing to other protection level properties.

Regards
Emil
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
backup and restore 21 27
Stored Proc - Rewrite 42 55
What is this datetime? 1 18
Parse this column 6 23
In this article I will describe the Copy Database Wizard method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Using examples as well as descriptions, and references to Books Online, show the different Recovery Models available in SQL Server and explain, as well as show how full, differential and transaction log backups are performed
Viewers will learn how the fundamental information of how to create a table.

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question