Follow dba-ninja.com

Subscribe to RSS feed  Follow @jackvamvas - Twitter

*Use the Comments section for questions

dba-ninja.com Links

Dba_db2_button

Sqlserver_dba_button

Using security socket layer (SSL) on DMS Endpoints

25 May,2023 by Rambler

Part of setting up an AWS Database Migration Service (DMS) Migration Task includes createing Endpoints . The Endpoints  are broken down into two types:    Source  & Target. 

One of the Endpoint configuration  options is to enable Secure Socket Layer as part of the connection configuration . This option is available for Source & Targe connections. 

The SSL options are : 

none   "The connection is not encrypted. This option is not secure, but requires less overhead"

require  "The connection is encrypted using SSL (TLS) but no CA verification is made. This option is more secure, and requires more overhead"

verify-ca  "The connection is encrypted. This option is more secure, and requires more overhead. This option verifies the server certificate"

verify-full "The connection is encrypted. This option is more secure, and requires more overhead. This option verifies the server certificate and verifies that the server hostname matches the hostname attribute for the certificate"

 

Making a decision on which option to choose could depend on a number of factors including : organisation policy , data classification 

For example purposes , if we wanted to create an Encrypted connection to a source SQL Server , we'd need to first complete some preparatory steps on SQL Server. Read the Microsoft documentation for information how to  Configure SQL Server Database Engine for encrypting connections 

 

If encryption is required from the SQL Server , and the Endpoint is configured  as None then a message similar to the below will appear:

Test Endpoint failed: Application-Status: 1020912, Application-Message: Cannot connect to ODBC provider Network error has occurred, Application-Detailed-Message: RetCode: SQL_ERROR SqlState: 08001 NativeError: 101 Message: [unixODBC]FATAL: no pg_hba.conf entry for host "10.137.222.168", user "xxxxxxxxxx", database "xxxxxxxx", no encryption

Reconfiguring to require  , will force an encrypyted connection .    To check if the connection is using the encryption_connection , one of the ways is to check sys.dm_exec_connections , for the encryption enabled connection  the value should be TRUE

 

SELECT session_id,connect_time,encrypt_option FROM sys.dm_exec_connections 

 


Author: Rambler (http://www.dba-ninja.com)


Share:

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment on Using security socket layer (SSL) on DMS Endpoints


dba-ninja.com