Requiring Data Encryption

By default, Microsoft SQL Server Analysis Services only responds to encrypted client requests, and only sends an encrypted data stream back to the client. Although encryption does require additional processor resources and can affect overall query performance, the additional security that encryption provides generally outweighs these performance considerations.

When you are deciding what level of encryption to use, consider how users will access Analysis Services data. If business users use Internet Information Services (IIS) to access Analysis Services data over the Internet, data encryption should be required to increase the security of the data stream. However, if all access to Analysis Services is over a secure intranet configuration, you can disable encryption of the data stream, and thereby increase overall performance of the instance of Analysis Services.

Note

When using IIS to access Analysis Services data using an HTTP or HTTPs connection, Analysis Services can take advantage of Extended Protection provided by IIS. For more information about how to configure IIS to use Extended Protection, see Configure Extended Protection in IIS 7.5.

Modifying Encryption Settings

To modify the default encryption settings at the server level, change the following Analysis Services configuration properties in SQL Server Management Studio. To access these properties, right-click the instance of Analysis Services, click Properties, and then locate the appropriate properties on the Security page.

  • Security \ AdministrativeDataProtection \ RequiredProtectionLevel

    The default setting of 1 requires that all administrative data be encrypted. A setting of 0 allows for clear text, and a setting of 2 allows for clear text with signatures (which is weaker than encryption).

  • Security \ DataProtection \ RequiredProtectionLevel

    The default setting of 1 requires that all data be encrypted. A setting of 0 allows for clear text, and a setting of 2 allows for clear text with signatures (which is weaker than encryption).