There are times when you want to (sometime even have to) encrypt TCP communication between different servers or between client and server. These requirements are mostly associated with regulatory compliance such as SOx, HIPPA etc... Other times, they might be required because the data transmitted falls under high security classification for organizations.
A similar case happened with me, when I was required to ensure that TCP communication between excel client and SSAS 2012 is encrypted. White this article applies for server to server communication as well, in my case I was more concerned about client-server communication.
SQL Server support security and encryption mechanism whoever SSAS doesn't support any encryption methodology by itself. However this lacunae is covered by Windows operating system. Depending upon the authentication method selected (NTLM/Kerberos) through SSPI (Security Support Provider Interface), the encryption is handled by operating system.
To ensure that it is encrypted, I tried capturing traffic from client to SSAS through Wireshark. To do so, start wireshark on client and capture live traffic. Once you have connected SSAS through excel client; select client-SSAS conversion. Simply right click on any one item in captured traffic and select conversation filter. Either select IP or TCP as filter.
Once you have all the conversation, click on any item and select Follow TCP Stream. If the data in the stream you see, is indecipherable, then its encrypted. Hence proved.
Reference:
A similar case happened with me, when I was required to ensure that TCP communication between excel client and SSAS 2012 is encrypted. White this article applies for server to server communication as well, in my case I was more concerned about client-server communication.
SQL Server support security and encryption mechanism whoever SSAS doesn't support any encryption methodology by itself. However this lacunae is covered by Windows operating system. Depending upon the authentication method selected (NTLM/Kerberos) through SSPI (Security Support Provider Interface), the encryption is handled by operating system.
To ensure that it is encrypted, I tried capturing traffic from client to SSAS through Wireshark. To do so, start wireshark on client and capture live traffic. Once you have connected SSAS through excel client; select client-SSAS conversion. Simply right click on any one item in captured traffic and select conversation filter. Either select IP or TCP as filter.
Once you have all the conversation, click on any item and select Follow TCP Stream. If the data in the stream you see, is indecipherable, then its encrypted. Hence proved.
Reference:
No comments:
Post a Comment