Enhanced SQL Server Security with Cross Realm kerberos and NTLM authentication from Linux

Enhanced SQL Server Security with Cross Realm kerberos and NTLM authentication from Linux

October 02, 2014 0 Comments

Over the past several months, I have been engaged in more security related connectivity projects than the previous several years combined. I’m still trying to figure out what’s driving this between data moving to clouds, corporate compliance, or government regulations across NIST, FISMA, STIGs, FIPS 140-2, etc.

Top 3 security features for SQL Server shops

Let’s break things down into an amazing security toolset you can use for SQL Server data connectivity, as well as other data sources.

1. NTLM Windows Authentication from Unix/Linuxsecure_architecture

I have been seeing this requirement a lot which is primarily driven by corporate compliance since Microsoft strongly discourages use of SQL Server authentication with a database and password. Therefore, databases supporting only NTLM Windows authentication become isolated from Unix/Linux environments where key business systems are running. You can learn more about our exclusive authentication from Unix/Linux to SQL Server via JDBC.

Yes, we do support NTLM Windows Authentication from Unix/Linux with ODBC as well.

2. Cross Domain Kerberos Authentication

Maybe your organization has selected Kerberos instead of NTLM authentication for cross platform support. However, what happens when you’re trying to authentication with SQL Server running in a different domain? DataDirect has introduced support for Cross realm or domain Kerberos authentication by introducing a new property, ServicePrincipalName, to specify the target domain.

The value of this option is used along with the hostname and port specified to create the security context for kerberos: "MSSQLSvc/" + serverName + ":" + portNumber + "@" + servicePrincipalName

I see this commonly when organizations acquire or integrate new business units into existing application infrastructure; or with organization wide data virtualization strategies using Composite Software, Denodo, or Informatica.

3. Secure ODBC/JDBC connectivity over HTTPS to database hosted in a cloud

This requirement is driven by the movement of applications to the cloud, and sometimes sprinkled with a little compliance/regulation. DataDirect Cloud offers secure ODBC/JDBC connectivity over HTTPS to SQL Server databases that reside behind a firewall or cloud. Check out my previous article and Prezi on this topic, and I'm planning to host a related session at PRGS14 next month.

More data, more problems

And solutions

1. Download 15 day trial of the DataDirect Connect ODBC and JDBC SQL Server drivers to securely connect to your SQL Server databases.  Or sign up for a trial on www.datadirectcloud.com for ODBC/JDBC over https.

2. Or call 1-800-876-3101 to learn more.

Sumit Sakar

Sumit Sarkar

Sumit Sarkar is a Chief Data Evangelist at Progress, with over 10 years experience working in the data connectivity field. The world's leading consultant on open data standards connectivity with cloud data, Sumit's interests include performance tuning of the data access layer for which he has developed a patent pending technology for its analysis; business intelligence and data warehousing for SaaS platforms; and data connectivity for aPaaS environments, with a focus on standards such as ODBC, JDBC, ADO.NET and ODATA. He is an IBM Certified Consultant for IBM Cognos Business Intelligence and TDWI member. He has presented sessions on data connectivity at various conferences including Dreamforce, Oracle OpenWorld, Strata Hadoop, MongoDB World and SAP Analytics and Business Objects Conference, among many others. 

Comments are disabled in preview mode.
Latest Stories in
Your Inbox
More From Progress
The New Mobile Development Landscape
Download Whitepaper
IDC Spotlight Sitefinity Thumbnail
Choosing the Right Digital Experience Platform to Improve Business Outcomes
Download Whitepaper
The Fastest Way to Build Mobile Apps With Cloud Data
Watch Webinar