Enhanced SQL Server Security with Cross Realm kerberos and NTLM authentication from Linux

Enhanced SQL Server Security with Cross Realm kerberos and NTLM authentication from Linux

October 02, 2014 0 Comments

Over the past several months, I have been engaged in more security related connectivity projects than the previous several years combined. I’m still trying to figure out what’s driving this between data moving to clouds, corporate compliance, or government regulations across NIST, FISMA, STIGs, FIPS 140-2, etc.

Top 3 security features for SQL Server shops

Let’s break things down into an amazing security toolset you can use for SQL Server data connectivity, as well as other data sources.

1. NTLM Windows Authentication from Unix/Linuxsecure_architecture

I have been seeing this requirement a lot which is primarily driven by corporate compliance since Microsoft strongly discourages use of SQL Server authentication with a database and password. Therefore, databases supporting only NTLM Windows authentication become isolated from Unix/Linux environments where key business systems are running. You can learn more about our exclusive authentication from Unix/Linux to SQL Server via JDBC.

Yes, we do support NTLM Windows Authentication from Unix/Linux with ODBC as well.

2. Cross Domain Kerberos Authentication

Maybe your organization has selected Kerberos instead of NTLM authentication for cross platform support. However, what happens when you’re trying to authentication with SQL Server running in a different domain? DataDirect has introduced support for Cross realm or domain Kerberos authentication by introducing a new property, ServicePrincipalName, to specify the target domain.

The value of this option is used along with the hostname and port specified to create the security context for kerberos: "MSSQLSvc/" + serverName + ":" + portNumber + "@" + servicePrincipalName

I see this commonly when organizations acquire or integrate new business units into existing application infrastructure; or with organization wide data virtualization strategies using Composite Software, Denodo, or Informatica.

3. Secure ODBC/JDBC connectivity over HTTPS to database hosted in a cloud

This requirement is driven by the movement of applications to the cloud, and sometimes sprinkled with a little compliance/regulation. DataDirect Cloud offers secure ODBC/JDBC connectivity over HTTPS to SQL Server databases that reside behind a firewall or cloud. Check out my previous article and Prezi on this topic, and I'm planning to host a related session at PRGS14 next month.

More data, more problems

And solutions

1. Download 15 day trial of the SQL Server ODBC Driver or SQL Server JDBC Driver to securely connect to your SQL Server databases.  Or sign up for a trial on www.datadirectcloud.com for ODBC/JDBC over https.

2. Or call 1-800-876-3101 to learn more.

Sumit Sakar

Sumit Sarkar

Technology researcher, thought leader and speaker working to enable enterprises to rapidly adopt new technologies that are adaptive, connected and cognitive. Sumit has been working in the data access infrastructure field for over 10 years servicing web/mobile developers, data engineers and data scientists. His primary areas of focus include cross platform app development, serverless architectures, and hybrid enterprise data management that supports open standards such as ODBC, JDBC, ADO.NET, GraphQL, OData/REST. He has presented dozens of technology sessions at conferences such as Dreamforce, Oracle OpenWorld, Strata Hadoop World, API World, Microstrategy World, MongoDB World, etc.

Comments are disabled in preview mode.
Latest Stories
in Your Inbox

Subscribe to get all the news, info and tutorials you need to build better business apps and sites

More From Progress
2020 Progress Data Connectivity Report
2020 Progress Data Connectivity Report
Read More
Getting Ahead of the Hybrid Data Curve
Read More
Five Reasons Why Developers Love Sitefinity Marketplace
Read More