EasyConnect - Database Connection

Similar documents
Step-by-step installation guide for monitoring untrusted servers using Operations Manager

Configuration of Microsoft Live Communications Server for Partitioned Intradomain Federation

Secure IIS Web Server with SSL

Ubiquity Server Manual

SAPO Trust Centre: Certificate Installation on Exchange Manual

Installation Instructions for SAS Activity-Based Management 6.2

VMware Horizon JMP Server Installation and Setup Guide. 13 DEC 2018 VMware Horizon 7 7.7

Framework Database Connectivity Guide. Microsoft SQL Server Databases

Microsoft SQL Installation and Setup

Setup Guide for AD FS 3.0 on the Apprenda Platform

Password Reset Server Installation

Installation Guide. Mobile Print for Business version 1.0. July 2014 Issue 1.0

Scenarios for Setting Up SSL Certificates for View. Modified for Horizon VMware Horizon 7 7.3

IceWarp SSL Certificate Process

Configure the IM and Presence Service to Integrate with the Microsoft Exchange Server

Best Practices for Security Certificates w/ Connect

Mitel MiVoice Connect Security Certificates

The information in this document is based on these software and hardware versions:

Server Manager User and Permissions Setup

NETWRIX WINDOWS SERVER CHANGE REPORTER

VMware Horizon JMP Server Installation and Setup Guide. Modified on 19 JUN 2018 VMware Horizon 7 7.5

Using SSL to Secure Client/Server Connections

Scenarios for Setting Up SSL Certificates for View. VMware Horizon 6 6.0

Version Installation Guide. 1 Bocada Installation Guide

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: November 10, 2011

AD Sync Client Install Guide. Contents

Ekran System v.6.1 Deployment Guide

Lab - System Utilities in Windows

ms-help://ms.technet.2004apr.1033/ad/tnoffline/prodtechnol/ad/windows2000/howto/mapcerts.htm

NBC-IG Installation Guide. Version 7.2

LDAP Directory Integration

Jonas Activity Management Technical Deployment Guide

For my installation, I created a VMware virtual machine with 128 MB of ram and a.1 GB hard drive (102 MB).

Prophet 21 Middleware Installation Guide. version 12.16

Securing ArcGIS Services

DOCUMENT REVISION HISTORY

Entrust Connector (econnector) Venafi Trust Protection Platform

NETWRIX GROUP POLICY CHANGE REPORTER

Module 3 Remote Desktop Gateway Estimated Time: 90 minutes

Reconfiguring VMware vsphere Update Manager. Update 1 VMware vsphere 6.5 vsphere Update Manager 6.5

Configuring Windows 7 VPN (Agile) Client for authentication to McAfee Firewall Enterprise v8. David LePage - Enterprise Solutions Architect, Firewalls

ConnectUPS-X / -BD /-E How to use and install SSL, SSH

VMware AirWatch Certificate Authentication for EAS with ADCS

Configuring Cisco Unified MeetingPlace Web Conferencing Security Features

Microsoft Dynamics GP Web Client Installation and Administration Guide For Service Pack 1

Guide to Installing DYNAMICS Security Pack

IQSweb Installation Instructions Version 5.0

20411D D Enayat Meer

Millennium Expert/Enterprise Installation Guide Version Table of Contents

LDAP Directory Integration

Knowledge Portal 2.6. Installation and Configuration Guide

New World ERP-eSuite

Lasso CDP. Lasso. Administration Tool Guide. August 2005, Version Lasso CDP Administration Tool Guide Page 1 of All Rights Reserved.

Installation and Configuration Guide

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Sharepoint 2007

Partner Integration Portal (PIP) Installation Guide

NETWRIX ACTIVE DIRECTORY CHANGE REPORTER

Click Studios. Passwordstate. High Availability Installation Instructions

Installation Guide. Last Revision: Oct 03, Page 1-

Click Studios. Passwordstate. Remote Session Launcher. Installation Instructions

Please select your version. Installation Instructions for BIG-IP F5 version 9.x and 10.x. Installation Instructions for F5 BIG-IP version 11

Perform a Server Move for Junxure

Managing Certificates

Installing and Configuring vcenter Multi-Hypervisor Manager

SQL Server 2016 installation/setup instructions

AirWatch Mobile Device Management

Log Server Configuration Utility

UC for Enterprise (UCE) NEC Centralized Authentication Service (NEC CAS)

DBXL AZURE INSTALLATION GUIDE

FUSION REGISTRY COMMUNITY EDITION SETUP GUIDE VERSION 9. Setup Guide. This guide explains how to install and configure the Fusion Registry.

Reliable High-Speed Connection to Publication Database for Synchronization

Module 9. Configuring IPsec. Contents:

SQL Server Deployment Installation Manual. Call a Hygiena representative for more information or support

Using Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)

CLEO VLTrader Made Simple Guide

PERFORMING A CUSTOM INSTALLATION

BROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017

CIS 231 Windows 10 Install Lab # 3

Installation and Configuration Guide

APPENDIX B: INSTALLATION AND SETUP

Module 1 Web Application Proxy (WAP) Estimated Time: 120 minutes

INSTALLATION GUIDE Spring 2017

Workspace ONE UEM Certificate Authentication for EAS with ADCS. VMware Workspace ONE UEM 1902

UPGRADING SEER-HD TO SEER- HD

SCCM Plug-in User Guide. Version 3.0

Bomgar Vault Server Installation Guide

NETWRIX PASSWORD EXPIRATION NOTIFIER

Installation and Configuration Guide

Setting up SSL for. Autodesk Vault

NetWrix Group Policy Change Reporter

Reconfiguring VMware vsphere Update Manager. 17 APR 2018 VMware vsphere 6.7 vsphere Update Manager 6.7

Preupgrade. Preupgrade overview

SAS Activity-Based Management Server Software 6.1 for Windows

VMware AirWatch Integration with RSA PKI Guide

Copyright SolarWinds. All rights reserved worldwide. No part of this document may be reproduced by any means nor modified, decompiled,

Installing the PC-Kits SQL Database

scconnect v1.x ADMINISTRATION, INSTALLATION, AND USER GUIDE

Introduction. How Does it Work with Autodesk Vault? What is Microsoft Data Protection Manager (DPM)? autodesk vault

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP

FireFox. CIS 231 Windows 10 Install Lab # 3. 1) Use either Chrome of Firefox to access the VMware vsphere web Client.

Transcription:

Application Note TKa 09/2015 EasyConnect - Database Connection Important note: This application note is only valid beginning with Easy on-pc software version 2.0.1.04 and EasyOne Pro / LAB software version 2.0.1.05. This application note describes how to use and manage SQL server databases in general. The tested versions include Microsoft SQL Server 2008 and Microsoft Server 2014. There is not a high amount of storage required. If you use 30 devices on a daily basis over 5 years, they would create around 16GB of data. This information applies to EasyOne Pro as well as Easy on PC; i.e. to all products that use the software EasyWare Pro. Content EasyConnect - Database Connection... 1 1 Database possibilities... 2 1.1 Set up a file based database... 2 Create a new file based database... 2 Select a file based database... 4 Update an old file based database... 6 1.2 Set up a Microsoft SQL Server based database... 7 Microsoft SQL server based database connection with Microsoft Windows authentication... 7 Microsoft SQL server based database connection with Microsoft SQL Server authentication... 10 2 Microsoft SQL Database management... 13 3 Encrypting Connections to Microsoft SQL Server... 16 3.1 Create a server certificate... 16 Certificate Requirements... 16 Option 1: Certificate signed by a public certificate authority... 16 Option 2: Self-Signed Certificate... 16 Option 3: Wildcard certificate (signed by a public certificate authority)... 17 3.2 Install the certificate on the server that runs Microsoft SQL Server... 17 3.3 Activate SSL on Microsoft SQL Server... 17 3.4 Install the certificate on the client (only if using a self-signed certificate)... 18 3.5 Test your client connection... 18 3.6 How to: View Certificates with the MMC Snap-in... 18 ndd Medizintechnik AG CH 8005 Zurich www.ndd.ch Seite 1 von 18

1 Database possibilities With the software update of Easy on-pc and EasyOne Pro / LAB from V1.9 to V2.X, the database type changed from Access to SQL / SQLite. Now you can choose between a file based database (SQLite) which is stored locally and a Microsoft SQL server based database which is a network database. The option to store the file based database on your network is still possible as with previous versions. The new Microsoft SQL database is encrypted and password protected. It is possible to create an encrypted SSL connection, but this is dependent upon your server. In order to set up an SSL connection go to point 3. The Microsoft SQL server solution is recommended when there will be a large number of users (>5) and / or large databases (>1 GB). 1.1 Set up a file based database In order to create, select and update a database follow the instructions below. File paths may differ from OS to OS or from an Easy on-pc system to an EasyOne Pro system. Create a new file based database Go to Utilities Configuration ndd Medizintechnik AG CH 8005 Zurich www.ndd.ch Seite 2 von 18

Tab: Storage and click on New For EasyOne Pro / LAB users type in 8005 to log in. Make sure you check the file based option and click on New. Select the folder where the database is stored, rename the database if you want and click Save. ndd Medizintechnik AG CH 8005 Zurich www.ndd.ch Seite 3 von 18

Double check the path and click OK. Click OK to apply the changes. The software will restart automatically and load the new database. You can now start to use the new database. Select a file based database Go to Utilities / Configuration / tab: Storage and click Select For EasyOne Pro / LAB users type in 8005 to log in. ndd Medizintechnik AG CH 8005 Zurich www.ndd.ch Seite 4 von 18

Make sure you check the file based option and click Select. Select the database and click Open. Double check the path and click OK. ndd Medizintechnik AG CH 8005 Zurich www.ndd.ch Seite 5 von 18

Click OK to apply the changes. The software will restart automatically and load the new database. You can now start to use your selected database. Update an old file based database If you already have been using an Easy on-pc or an EasyOne Pro / LAB with versions older than V2.X and you created more than one database, simply use the select option and the software will automatically ask you if you want to update your database while the software performs the automatic restart. ndd Medizintechnik AG CH 8005 Zurich www.ndd.ch Seite 6 von 18

1.2 Set up a Microsoft SQL Server based database In order to connect to a Microsoft SQL Server based database with two different authentications follow the instructions below. Microsoft Windows authentication is your Windows account login. Make sure that the user is created and that windows authentication is used. Microsoft SQL Server authentication is a predefined user with a password. You can configure, create users and adjust database permissions with Microsoft SQL Server Management Studio Express. Microsoft SQL server based database connection with Microsoft Windows authentication Go to Utilities / Configuration / tab: Storage and click New or Select For EasyOne Pro / LAB users type in 8005 to log in. Check the SQL Server based option and type the server name where your Microsoft SQL server is installed or click into the Server Name Combobox and let the system fill in the server names available in your network. ndd Medizintechnik AG CH 8005 Zurich www.ndd.ch Seite 7 von 18

Select the Microsoft Windows authentication mode and click Connect. For EasyOne Pro / LAB, configure an ndduser login. For example: Login Name: nddwss01\ndduser After successfully connecting, you can select your database in the dropdown list. In order to create a new database, select <create new database >, enter the name of the new database and click OK. ndd Medizintechnik AG CH 8005 Zurich www.ndd.ch Seite 8 von 18

Confirm the database creation with Yes and OK. You can now find the newly created database in the dropdown list. The logged in user needs to have the permissions on the server to create a new database. The other option would be to use an empty Microsoft SQL Server database (a backup that can be provided from ndd) and load it onto the server manually. Contact for backup: support@ndd.ch Click OK Click OK and the software will restart automatically. You can now start to use your database. ndd Medizintechnik AG CH 8005 Zurich www.ndd.ch Seite 9 von 18

Microsoft SQL server based database connection with Microsoft SQL Server authentication Go into Utilities / Configuration / tab: Storage and click New or Select For EasyOne Pro / LAB users type in 8005 to log in. Check the SQL Server based option and type the server name where your Microsoft SQL server is installed or click into the Server Name Combobox and let the system fill in the server names available in network ndd Medizintechnik AG CH 8005 Zurich www.ndd.ch Seite 10 von 18

Select the Microsoft SQL Server authentication mode, enter the User name and password and click Connect. After successfully connecting, you can select your database in the dropdown list and click OK. See 1.2.1 Microsoft Windows authentication mode for how to create a new database. Click OK and the software will restart automatically. You can now start to use your database. ndd Medizintechnik AG CH 8005 Zurich www.ndd.ch Seite 11 von 18

If this error appears, talk to your server administrator. Your Login likely does not have permission to view the database. ndd Medizintechnik AG CH 8005 Zurich www.ndd.ch Seite 12 von 18

2 Microsoft SQL Database management Start your Microsoft SQL Server Management Studio and connect to your server. Example: nddwss01\epdm Browse to Security / Logins Here you can manage the login accounts that have access to your databases. Right clicking on Logins allows you to create new logins. ndd Medizintechnik AG CH 8005 Zurich www.ndd.ch Seite 13 von 18

In order to have access on an SQL server database with an EasyOne Pro / LAB, you need to create a login for the default Windows login of your EasyOne Pro / LAB. Enter your SQL server name and ndduser into Login Name as shown in the example. Go to the User Mapping page Here you can check the databases that you want to have access to on your EasyOne Pro / LAB. Below check what the user can do with this database. For example db_owner has complete access and read and write permissions. Click OK You should see the ndduser login account in your Logins now. ndd Medizintechnik AG CH 8005 Zurich www.ndd.ch Seite 14 von 18

You can also check the login entry when you browse into Databases / Name of your database / Security / Users. ndd Medizintechnik AG CH 8005 Zurich www.ndd.ch Seite 15 von 18

3 Encrypting Connections to Microsoft SQL Server Enabling SSL encryption increases the security of data transmitted across networks between instances of Microsoft SQL Server and applications. Easy on-pc and EasyOne Pro / LAB can make use of Microsoft SQL Server s ability to encrypt data transmission between the server and the application by using Secure Sockets Layer (SSL). (Excerpts from https://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx) Microsoft SQL Server can use Secure Sockets Layer (SSL) to encrypt data that is transmitted across a network between an instance of SQL Server and a client application. The SSL encryption is performed within the protocol layer and is available to all SQL Server clients except DB Library and MDAC 2.53 clients. The level of encryption used by SSL, 40-bit or 128-bit, depends on the version of the Microsoft Windows operating system that is running on the application and database computers. 3.1 Create a server certificate Certificate Requirements Under normal circumstances you don t have to configure any advanced options when creating the certificate / certificate signing request (CSR). If you still want to know the requirements for the SQL Server certificate refer to https://technet.microsoft.com/enus/library/ms189067(v=sql.105).aspx / Certificate Requirements. Option 1: Certificate signed by a public certificate authority If the instance of SQL Server is running on a computer that has been assigned a certificate from a public certification authority, identity of the computer and the instance of SQL Server is vouched for by the chain of certificates that lead to the trusted root authority. Such server validation requires that the computer on which the client application is running be configured to trust the root authority of the certificate that is used by the server. Many public root authorities are pre-configured on your Windows system. View them by executing How to: View Certificates with the MMC Snap-in and navigate to Root > Trusted Root Certificate Authorities > Certificates. If you install a certificate issued by one of those authorities, no additional certificate configuration is needed on the client. Option 2: Self-Signed Certificate Encryption with a self-signed certificate is possible, but a self-signed certificate offers only limited protection (SSL connections that are encrypted by using a self-signed certificate are susceptible to man-in-the-middle attacks. You should not rely on SSL using self-signed certificates in a production environment or on servers that are connected to the Internet). Your security policy may determine whether you can use self-signed certificates. Ask your admin or IT security officer. ndd Medizintechnik AG CH 8005 Zurich www.ndd.ch Seite 16 von 18

Option 3: Wildcard certificate (signed by a public certificate authority) A wildcard certificate secures an unlimited number of subdomains. *.yourcompany.com secures all your hosts / subdomains below your-company.com, e.g. sqlserver.yourcompany.com, www.yourcompany.com, mail.your-company.com etc Wildcard certificates are support from SQL Server 2008 R2 and SQL Server 2008 R2 Native Client onwards. 3.2 Install the certificate on the server that runs Microsoft SQL Server Parts of installation process are described here: https://support.microsoft.com/en-us/kb/316898 Execute How to: View Certificates with the MMC Snap-in using admin privileges on the server that runs MS SQL Server and navigate to the certificates container of the personal certificates. Click to select the Personal folder in the left-hand pane. Right-click in the right-hand pane, point to All Tasks, and then click Request New Certificate... The Certificate Request Wizard dialog box opens. Click Next. Select Certificate type "computer". In the Friendly Name text box you can type a friendly name for the certificate or leave the text box blank, and then complete the wizard. After the wizard finishes, you will see the certificate in the folder with the fully qualified computer domain name. 3.3 Activate SSL on Microsoft SQL Server You can also try to use https://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx / Configuring SSL for SQL Server but this method is not always successful. This is why we prefer the registry key method as follows: The certificate used by SQL Server to encrypt connections is specified in the following registry key: HKLM = HKEY_LOCAL_MACHINE HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.x\MSSQLServer\SuperSocketNetLib\Certificate This key contains a property of the certificate known as thumbprint that identifies each certificate in the server. Navigate to the certificate store where the FQDN certificate is stored. On the properties page for the certificate, go to the Details tab and copy the thumbprint value of the certificate to a Notepad window. Remove the spaces between the hex characters in the thumbprint value in Notepad. Start regedit, navigate to the following registry key, and copy the value from step 2: HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\<instance>\MSSQLServer\SuperSocketNetLib\Certificate ndd Medizintechnik AG CH 8005 Zurich www.ndd.ch Seite 17 von 18

3.4 Install the certificate on the client (only if using a selfsigned certificate) In order for the encrypted SQL Server connection to work, your client must trust your server certificate. As you certificate is not signed by a public certification authority, you must tell your client to trust your server certificate. You will need to install the certificate into the Trusted Root Certification Authorities store. See http://community.spiceworks.com/how_to/1839-installing-self-signed-ca-certificate-in-windows 3.5 Test your client connection See https://support.microsoft.com/en-us/kb/316898 To test with SQL Server Management Studio, follow these steps: Navigate to the SQL Server Client <version> Configuration page in SQL Server Configuration Manager. In the properties windows, set the Force protocol encryption option to "Yes." Connect to the server that is running SQL Server by using SQL Server Management Studio. Monitor the communication by using Microsoft Network Monitor or a network sniffer. Connect to you SQL Server using the same FQDN (fully qualified domain name) as stated in the certificate. Otherwise SQL Server Management Studio will return an exception. Execute this query in SQL Server Management Studio: SELECT encrypt_option FROM sys.dm_exec_connections WHERE session_id = @@SPID Remove the WHERE clause to see all connections. 3.6 How to: View Certificates with the MMC Snap-in See https://msdn.microsoft.com/en-us/library/ms788967(v=vs.110).aspx Open the certificates stores for the local computer (step 11 skip steps 12 + 13) ndd Medizintechnik AG CH 8005 Zurich www.ndd.ch Seite 18 von 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback