25 May,2023 by Rambler
Part of setting up an AWS Database Migration Service (DMS) Migration Task includes createing Endpoints . The Endpoints are broken down into two types: Source & Target.
One of the Endpoint configuration options is to enable Secure Socket Layer as part of the connection configuration . This option is available for Source & Targe connections.
The SSL options are :
none "The connection is not encrypted. This option is not secure, but requires less overhead"
require "The connection is encrypted using SSL (TLS) but no CA verification is made. This option is more secure, and requires more overhead"
verify-ca "The connection is encrypted. This option is more secure, and requires more overhead. This option verifies the server certificate"
verify-full "The connection is encrypted. This option is more secure, and requires more overhead. This option verifies the server certificate and verifies that the server hostname matches the hostname attribute for the certificate"
Making a decision on which option to choose could depend on a number of factors including : organisation policy , data classification
For example purposes , if we wanted to create an Encrypted connection to a source SQL Server , we'd need to first complete some preparatory steps on SQL Server. Read the Microsoft documentation for information how to Configure SQL Server Database Engine for encrypting connections
If encryption is required from the SQL Server , and the Endpoint is configured as None then a message similar to the below will appear:
Test Endpoint failed: Application-Status: 1020912, Application-Message: Cannot connect to ODBC provider Network error has occurred, Application-Detailed-Message: RetCode: SQL_ERROR SqlState: 08001 NativeError: 101 Message: [unixODBC]FATAL: no pg_hba.conf entry for host "10.137.222.168", user "xxxxxxxxxx", database "xxxxxxxx", no encryption
Reconfiguring to require , will force an encrypyted connection . To check if the connection is using the encryption_connection , one of the ways is to check sys.dm_exec_connections , for the encryption enabled connection the value should be TRUE
SELECT session_id,connect_time,encrypt_option FROM sys.dm_exec_connections 
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |