4.4. Special Connection Options
For every database you may define SSL Settings or additional JDBC-parameters to support your environment. We have listed some sample settings which are commonly used.
4.4.1. SQL Server
A complete list of connection parameters available for SQL Server and Azure SQL Database can be found in the Microsoft documentation
Configure Encryption in Transit
Use the SSL-Button switch encryption for your connection to SQL Server on or off. If "off" your SQL Server encryption settings need to be set to either "none" or "not required". If "on" your need to import the certificate used for SQL Server encryption setting first and then select this certificate within the database setting. Make sure that the hostname specified in the nodes-section of Speedgain for Databases is given exactly as specified in the certificate you added. Alternatively, if you can make sure that the servers certificate can be trusted, you may add the jdbc-property "trustServerCertificate=true".
|
Note
|
SQL Server 2016 and older are using an older unsecure certificate for encrypting the login package. Speedgain for Databases does not accept an unsecure certificate and therefore will not connet to older SQL Servers with the default self-signed certificate. To work around this you can either issue a new self-signed certificate or generate a certificate from your CA. For a complete description on how to configure the new certificate and how to install it on your SQL Server see the Microsoft documentation. If you only want to encrypt the login package you may set the flag “Force Encryption” to “False” at the SQL Server. In that case you do not need to activate SSL in Speedgain for Databases for the database configuration. The login package will always be encrypted regardless of this SSL-setting. |
4.4.2. Azure SQL Database
A complete list of connection parameters available for SQL Server and Azure SQL Database can be found in the Microsoft documentation
Configure Encryption in Transit
In compliance with Microsoft recommendations the encryption to Azure SQL Databases is on by default. The certificate used is signed by a public root authority. Therefore, if Speedgain for Databases has an internet connection you do not need to add a certificate to the Speedgain for Databases configuration.
AzureAD Authentication
| JDBC-Property |
authentication |
| Possible Values |
ActiveDirectoryPassword | ActiveDirectoryManagedIdentity |
| Azure SQL Database |
Speedgain for Databases supports the following authentication methods: "SQL Server", "Azure AD Service Principal", and "Custom". If you choose custom you need to configure the JDBC-property "authentication" to one of the above mentioned authentication types. |
ActiveDirectoryPassword
Requires a user without MFA-Configuration. You can specify UPN and Password as the Login.
ActiveDirectoryManagedIdentity
If you configure Speedgain for Databases as an Azure Application (e.g. Azure Kubernetes Applikation) you may be able to configure a Service Principal which is used to access your Azure SQL Database. In that case the login is ignored. When using a user definied managed identity the msiClientId-Property needs to be set to the client id of the user defined managed identity as another custom jdbc-parameter.
Refer to the Microsoft documentation for instructions on how to configure Managed Identities or Service Principals in Azure.